Resource Type: macauthorization

NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700

macauthorization

Description

Manage the Mac OS X authorization database. See the Apple developer site for more information.

Note that authorization store directives with hyphens in their names have been renamed to use underscores, as Puppet does not react well to hyphens in identifiers.

Autorequires: If Puppet is managing the /etc/authorization file, each macauthorization resource will autorequire it.

Attributes

macauthorization { 'resource title':
  name              => # (namevar) The name of the right or rule to be managed...
  ensure            => # The basic property that the resource should be...
  allow_root        => # Corresponds to `allow-root` in the authorization 
  auth_class        => # Corresponds to `class` in the authorization...
  auth_type         => # Type --- this can be a `right` or a `rule`. The...
  authenticate_user => # Corresponds to `authenticate-user` in the...
  comment           => # The `comment` attribute for authorization...
  group             => # A group which the user must authenticate as a...
  k_of_n            => # How large a subset of rule mechanisms must...
  mechanisms        => # An array of suitable...
  provider          => # The specific backend to use for this...
  rule              => # The rule(s) that this right refers...
  session_owner     => # Whether the session owner automatically matches...
  shared            => # Whether the Security Server should mark the...
  timeout           => # The number of seconds in which the credential...
  tries             => # The number of tries...
  # ...plus any applicable metaparameters.
}

name

(Namevar: If omitted, this attribute’s value defaults to the resource’s title.)

The name of the right or rule to be managed. Corresponds to key in Authorization Services. The key is the name of a rule. A key uses the same naming conventions as a right. The Security Server uses a rule’s key to match the rule with a right. Wildcard keys end with a ‘.’. The generic rule has an empty key value. Any rights that do not match a specific rule use the generic rule.

(↑ Back to macauthorization attributes)

ensure

(Property: This attribute represents concrete state on the target system.)

The basic property that the resource should be in.

Default: present

Allowed values:

  • present
  • absent

(↑ Back to macauthorization attributes)

allow_root

(Property: This attribute represents concrete state on the target system.)

Corresponds to allow-root in the authorization store. Specifies whether a right should be allowed automatically if the requesting process is running with uid == 0. AuthorizationServices defaults this attribute to false if not specified.

Allowed values:

  • true
  • false

(↑ Back to macauthorization attributes)

auth_class

(Property: This attribute represents concrete state on the target system.)

Corresponds to class in the authorization store; renamed due to ‘class’ being a reserved word in Puppet.

Allowed values:

  • user
  • evaluate-mechanisms
  • allow
  • deny
  • rule

(↑ Back to macauthorization attributes)

auth_type

(Property: This attribute represents concrete state on the target system.)

Type — this can be a right or a rule. The comment type has not yet been implemented.

Allowed values:

  • right
  • rule

(↑ Back to macauthorization attributes)

authenticate_user

(Property: This attribute represents concrete state on the target system.)

Corresponds to authenticate-user in the authorization store.

Allowed values:

  • true
  • false

(↑ Back to macauthorization attributes)

comment

(Property: This attribute represents concrete state on the target system.)

The comment attribute for authorization resources.

(↑ Back to macauthorization attributes)

group

(Property: This attribute represents concrete state on the target system.)

A group which the user must authenticate as a member of. This must be a single group.

(↑ Back to macauthorization attributes)

k_of_n

(Property: This attribute represents concrete state on the target system.)

How large a subset of rule mechanisms must succeed for successful authentication. If there are ‘n’ mechanisms, then ‘k’ (the integer value of this parameter) mechanisms must succeed. The most common setting for this parameter is 1. If k-of-n is not set, then every mechanism — that is, ‘n-of-n’ — must succeed.

(↑ Back to macauthorization attributes)

mechanisms

(Property: This attribute represents concrete state on the target system.)

An array of suitable mechanisms.

(↑ Back to macauthorization attributes)

provider

The specific backend to use for this macauthorization resource. You will seldom need to specify this — Puppet will usually discover the appropriate provider for your platform.

Available providers are:

(↑ Back to macauthorization attributes)

rule

(Property: This attribute represents concrete state on the target system.)

The rule(s) that this right refers to.

(↑ Back to macauthorization attributes)

session_owner

(Property: This attribute represents concrete state on the target system.)

Whether the session owner automatically matches this rule or right. Corresponds to session-owner in the authorization store.

Allowed values:

  • true
  • false

(↑ Back to macauthorization attributes)

shared

(Property: This attribute represents concrete state on the target system.)

Whether the Security Server should mark the credentials used to gain this right as shared. The Security Server may use any shared credentials to authorize this right. For maximum security, set sharing to false so credentials stored by the Security Server for one application may not be used by another application.

Allowed values:

  • true
  • false

(↑ Back to macauthorization attributes)

timeout

(Property: This attribute represents concrete state on the target system.)

The number of seconds in which the credential used by this rule will expire. For maximum security where the user must authenticate every time, set the timeout to 0. For minimum security, remove the timeout attribute so the user authenticates only once per session.

(↑ Back to macauthorization attributes)

tries

(Property: This attribute represents concrete state on the target system.)

The number of tries allowed.

(↑ Back to macauthorization attributes)

Providers

macauthorization

Manage Mac OS X authorization database rules and rights.

  • Required binaries: /usr/bin/security
  • Confined to: operatingsystem == darwin, feature == cfpropertylist
  • Default for: ["operatingsystem", "darwin"] ==

NOTE: This page was generated from the Puppet source code on 2018-08-28 06:48:02 -0700