On Dec 1, 2010, at 12:34 AM, Héctor Rivas Gándara wrote:
> Hello,
>
> To manage AIX users and groups a pair of new parameters should be
> defined, specially registry, SYSTEM, and auth1/auth2.
>
> auth1 (and auth2)
> Lists the primary methods for authenticating the user. The Value
> parameter is a comma-separated list of Method;Name pairs. The
> Method parameter is the name of the authentication method. The
> Name parameter is the user to authenticate. If you do not specify
> a Name parameter, the name of the invoking login program is used.
>
> SYSTEM
> Defines the system authentication mechanism for the user. The
> value may be an expression describing which authentication methods
> are to be used or it may be the keyword NONE.
>
> registry
> Defines the authentication registry where the user is
> administered. It is used to resolve a remotely administered user
> to the local administered domain. This situation may occur when
> network services unexpectedly fail or network databases are
> replicated locally. Example values are files or NIS or DCE.
>
> I understand that I should create a new feature and define the new
> parameters in lib\puppet\type\{user|group}.rb:
>
> feature :manages_aix_registry,
> "The provider can manage aix registry attributes"
>
> The same for other options that you can check here:
> http://publib.boulder.ibm.com/infocenter/aix/v6r1/index.jsp?topic=/com.ibm.aix.files/doc/aixfiles/user.htm
>
> Any suggestion about features and parameters names, or functionalities
> that the provider should have?
Based on the Solaris experience, we probably shouldn't store the system name in
the feature or parameter name - that basically makes it impossible that they
would be portable. It's unlikely these will end up being portable, but we
should at least leave it open.
> Also notice that AIX has "roles" as solaris has, but I think that it
> is not good to use a feature called ":manages_solaris_rbac". Can a
> parameter be associated to different features or should a new feature
> be created?
It sounds like we did a bad job of naming that feature in the first place - the
feature should probably be deprecated and a new, more general 'manages_roles'
feature created, or something similar.
--
SELF-EVIDENT, adj. Evident to one's self and to nobody else.
-- Ambrose Bierce
---------------------------------------------------------------------
Luke Kanies -|- http://puppetlabs.com -|- +1(615)594-8199
--
You received this message because you are subscribed to the Google Groups
"Puppet Developers" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
