Master remote ACLs
diff --git a/salt/files/_acl.conf b/salt/files/_acl.conf
index c9b2eb6..b3244bc 100644
--- a/salt/files/_acl.conf
+++ b/salt/files/_acl.conf
@@ -1,4 +1,15 @@
+{%- from "salt/map.jinja" import master with context %}
-peer:
- .*:
- - x509.sign_remote_certificate
\ No newline at end of file
+{%- if master.user is defined %}
+
+external_auth:
+ pam:
+ {%- for user_name, user in master.user.iteritems() %}
+ {{ user_name }}: {{ user.permissions|yaml }}
+ {%- endfor %}
+
+{%- endif %}
+
+{#-
+ vim: syntax=jinja
+-#}
diff --git a/salt/files/master.conf b/salt/files/master.conf
index 47f563f..481aeca 100644
--- a/salt/files/master.conf
+++ b/salt/files/master.conf
@@ -64,15 +64,6 @@
{%- endif %}
-{%- if master.user is defined %}
-
-client_acl:
- {%- for user_name, user in master.user.iteritems() %}
- {{ user_name }}: {{ user.permissions|yaml }}
- {%- endfor %}
-
-{%- endif %}
-
{%- for handler in pillar.salt.minion.get("handlers", []) %}
{%- if handler.engine == "udp"%}
diff --git a/salt/master/service.sls b/salt/master/service.sls
index 29e59b4..cba4f2c 100644
--- a/salt/master/service.sls
+++ b/salt/master/service.sls
@@ -30,6 +30,16 @@
{%- if master.peer is defined %}
+/etc/salt/master.d/_acl.conf:
+ file.managed:
+ - source: salt://salt/files/_acl.conf
+ - user: root
+ - template: jinja
+ - require:
+ - {{ master.install_state }}
+ - watch_in:
+ - service: salt_master_service
+
/etc/salt/master.d/_peer.conf:
file.managed:
- source: salt://salt/files/_peer.conf
@@ -40,6 +50,7 @@
- watch_in:
- service: salt_master_service
+
{%- endif %}
salt_master_service: