Resource Type: macauthorization
NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700
macauthorization
Description
Manage the Mac OS X authorization database. See the Apple developer site for more information.
Note that authorization store directives with hyphens in their names have been renamed to use underscores, as Puppet does not react well to hyphens in identifiers.
Autorequires: If Puppet is managing the /etc/authorization
file, each
macauthorization resource will autorequire it.
Attributes
macauthorization { 'resource title':
name => # (namevar) The name of the right or rule to be managed...
ensure => # The basic property that the resource should be...
allow_root => # Corresponds to `allow-root` in the authorization
auth_class => # Corresponds to `class` in the authorization...
auth_type => # Type --- this can be a `right` or a `rule`. The...
authenticate_user => # Corresponds to `authenticate-user` in the...
comment => # The `comment` attribute for authorization...
group => # A group which the user must authenticate as a...
k_of_n => # How large a subset of rule mechanisms must...
mechanisms => # An array of suitable...
provider => # The specific backend to use for this...
rule => # The rule(s) that this right refers...
session_owner => # Whether the session owner automatically matches...
shared => # Whether the Security Server should mark the...
timeout => # The number of seconds in which the credential...
tries => # The number of tries...
# ...plus any applicable metaparameters.
}
name
(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)
The name of the right or rule to be managed.
Corresponds to key
in Authorization Services. The key is the name
of a rule. A key uses the same naming conventions as a right. The
Security Server uses a rule’s key to match the rule with a right.
Wildcard keys end with a ‘.’. The generic rule has an empty key value.
Any rights that do not match a specific rule use the generic rule.
(↑ Back to macauthorization attributes)
ensure
(Property: This attribute represents concrete state on the target system.)
The basic property that the resource should be in.
Default: present
Allowed values:
present
absent
(↑ Back to macauthorization attributes)
allow_root
(Property: This attribute represents concrete state on the target system.)
Corresponds to allow-root
in the authorization store. Specifies
whether a right should be allowed automatically if the requesting process
is running with uid == 0
. AuthorizationServices defaults this attribute
to false if not specified.
Allowed values:
true
false
(↑ Back to macauthorization attributes)
auth_class
(Property: This attribute represents concrete state on the target system.)
Corresponds to class
in the authorization store; renamed due
to ‘class’ being a reserved word in Puppet.
Allowed values:
user
evaluate-mechanisms
allow
deny
rule
(↑ Back to macauthorization attributes)
auth_type
(Property: This attribute represents concrete state on the target system.)
Type — this can be a right
or a rule
. The comment
type has
not yet been implemented.
Allowed values:
right
rule
(↑ Back to macauthorization attributes)
authenticate_user
(Property: This attribute represents concrete state on the target system.)
Corresponds to authenticate-user
in the authorization store.
Allowed values:
true
false
(↑ Back to macauthorization attributes)
comment
(Property: This attribute represents concrete state on the target system.)
The comment
attribute for authorization resources.
(↑ Back to macauthorization attributes)
group
(Property: This attribute represents concrete state on the target system.)
A group which the user must authenticate as a member of. This must be a single group.
(↑ Back to macauthorization attributes)
k_of_n
(Property: This attribute represents concrete state on the target system.)
How large a subset of rule mechanisms must succeed for successful
authentication. If there are ‘n’ mechanisms, then ‘k’ (the integer value
of this parameter) mechanisms must succeed. The most common setting for
this parameter is 1
. If k-of-n
is not set, then every mechanism —
that is, ‘n-of-n’ — must succeed.
(↑ Back to macauthorization attributes)
mechanisms
(Property: This attribute represents concrete state on the target system.)
An array of suitable mechanisms.
(↑ Back to macauthorization attributes)
provider
The specific backend to use for this macauthorization
resource. You will seldom need to specify this — Puppet will usually
discover the appropriate provider for your platform.
Available providers are:
(↑ Back to macauthorization attributes)
rule
(Property: This attribute represents concrete state on the target system.)
The rule(s) that this right refers to.
(↑ Back to macauthorization attributes)
session_owner
(Property: This attribute represents concrete state on the target system.)
Whether the session owner automatically matches this rule or right.
Corresponds to session-owner
in the authorization store.
Allowed values:
true
false
(↑ Back to macauthorization attributes)
shared
(Property: This attribute represents concrete state on the target system.)
Whether the Security Server should mark the credentials used to gain this right as shared. The Security Server may use any shared credentials to authorize this right. For maximum security, set sharing to false so credentials stored by the Security Server for one application may not be used by another application.
Allowed values:
true
false
(↑ Back to macauthorization attributes)
timeout
(Property: This attribute represents concrete state on the target system.)
The number of seconds in which the credential used by this rule will expire. For maximum security where the user must authenticate every time, set the timeout to 0. For minimum security, remove the timeout attribute so the user authenticates only once per session.
(↑ Back to macauthorization attributes)
tries
(Property: This attribute represents concrete state on the target system.)
The number of tries allowed.
(↑ Back to macauthorization attributes)
Providers
macauthorization
Manage Mac OS X authorization database rules and rights.
- Required binaries:
/usr/bin/security
- Confined to:
operatingsystem == darwin
,feature == cfpropertylist
- Default for:
["operatingsystem", "darwin"] ==
NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700