Sysadmins have the (reasonable?) expectation of installing more than
one ssh key.

Relevant bits from my current config follows:

class rl_users {
        define ssh_user($uid, $gid, $password, $akey, $ensure=present) {
                user{ $name :
                        ensure   => $ensure, managehome => true,
                        uid      => $uid,    gid        => $gid,
                        password => $password,
                        groups   => ['wheel'],
                        require  => Group[$name],
                }
                group { $name :
                        ensure => $ensure,
                        gid    => $gid,
                }
                ssh_authorized_key { "${name}-akey":
                        ensure  => $ensure,
                        key     => $akey,
                        type    => 'ssh-rsa',
                        user    => $name,
                        require => User[$name],
                }
}

@ssh_user { 'foo':
                uid=> 2004 , gid => 2004,
                password => '$6$foo',
                akey => 'AAAAB3xyz/VFwxhtYhw==',
        }

# how can we support user bar?
@ssh_user { 'bar':
                uid=> 2005 , gid => 2005,
                password => '$6$bar',
                akey => [ 'AAAAB3xyz/VFwxhtYhw==',
                               ''AAAABzzzzz==' ]
        }

Right now I have a fugly kludge in place to support a second "akey0" slot.



m
--
 martin.langh...@gmail.com
 -  ask interesting questions
 - don't get distracted with shiny stuff  - working code first
 ~ http://docs.moodle.org/en/User:Martin_Langhoff

-- 
You received this message because you are subscribed to the Google Groups 
"Puppet Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to puppet-users+unsubscr...@googlegroups.com.
To post to this group, send email to puppet-users@googlegroups.com.
Visit this group at http://groups.google.com/group/puppet-users?hl=en.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to