Thank you! pam access may well be the right direction to go for us.
I'm still sort of boggled that nobody seems to be using puppet for /etc/passwd. That always seemed to us to be the *first* thing we'd want to get under centralized control. I understand that centralized control reduces the need for direct logins, but I'd think people would still need dba's on db machines and devs on dev machines and such On Mon, Jul 14, 2014 at 2:52 AM, Stefan Dietrich <stefan.dietr...@desy.de> wrote: > On So, 2014-07-13 at 16:01 -0400, Betsy Schwartz wrote: > > We're running primarily RHEL6, and Puppet Enterprise 3.2 > > > > In our non-puppetized world, we make heavy use of netgroups (stored in > > ldap, entered in /etc/passwd) to control access to servers. > > Would pam_access work for your use case? > Instead of adding the netgroups to passwd, you configure this > in /etc/security/access.conf. > There are also some modules on Puppet Forge, which allow management of > this file. > > Btw. Augeas can not parse /etc/passwd, if you add the +@netgroup lines. > > Regards, > Stefan > > -- > You received this message because you are subscribed to the Google Groups > "Puppet Users" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to puppet-users+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/puppet-users/1405320731.4976.8.camel%40clarkdale.desy.de > . > For more options, visit https://groups.google.com/d/optout. > -- You received this message because you are subscribed to the Google Groups "Puppet Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to puppet-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/puppet-users/CAAVLHR2zcB1yAGUT6NK6N6xJv8e_TfwHrB78V7hfCF1TOatEXw%40mail.gmail.com. For more options, visit https://groups.google.com/d/optout.
