1234567891011121314151617181920212223242526272829303132333435363738394041424344 |
- #
- # /etc/ppp/pap-secrets (Salt managed)
- #
- # This is a pap-secrets file to be used with the AUTO_PPP function of
- # mgetty. mgetty-0.99 is preconfigured to startup pppd with the login option
- # which will cause pppd to consult /etc/passwd (and /etc/shadow in turn)
- # after a user has passed this file. Don't be disturbed therefore by the fact
- # that this file defines logins with any password for users. /etc/passwd
- # (again, /etc/shadow, too) will catch passwd mismatches.
- #
- # This file should block ALL users that should not be able to do AUTO_PPP.
- # AUTO_PPP bypasses the usual login program so it's necessary to list all
- # system userids with regular passwords here.
- #
- # ATTENTION: The definitions here can allow users to login without a
- # password if you don't use the login option of pppd! The mgetty Debian
- # package already provides this option; make sure you don't change that.
- # INBOUND connections
- # Every regular user can use PPP and has to use passwords from /etc/passwd
- * hostname "" *
- # UserIDs that cannot use PPP at all. Check your /etc/passwd and add any
- # other accounts that should not be able to use pppd!
- guest hostname "*" -
- master hostname "*" -
- root hostname "*" -
- support hostname "*" -
- stats hostname "*" -
- # OUTBOUND connections
- # Here you should add your userid password to connect to your providers via
- # PAP. The * means that the password is to be used for ANY host you connect
- # to. Thus you do not have to worry about the foreign machine name. Just
- # replace password with your password.
- # If you have different providers with different passwords then you better
- # remove the following line.
- # * password
- {%- set user = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':pppoe:user', 'WRONG USER') %}
- {%- set pass = salt['pillar.get']('nodes:' ~ grains['id'] ~ ':pppoe:pass', 'NO PASS') %}
- "{{ user }}" * "{{ pass }}"
|