2b46c6a7fb
Basically, we are now installing a small wrapper in /usr/local/bin which just echoes to stdout what should be in the authorized_keys file for that user. That content is generated by retrieving the ssh key from sssd via the command sss_ssh_authorizedkeys as well as the usual ssh way to restrict the action an user/key can do: command="...". In this case, we're setting a couple of environment variable that are needed later on for things to work properly as well as only allow the user to call the aclchecker.py script provided by pagure. Signed-off-by: Pierre-Yves Chibon <pingou@pingoured.fr> |
||
|---|---|---|
| .. | ||
| handlers | ||
| tasks | ||
| templates | ||
| README | ||
This role is the base setup for all our machines. If there's something that shouldn't be run on every single machine, it should be in another role.