Pains-Perdus/ansible
3
1
Fork 0
Code Issues Pull requests 1 Releases Wiki Activity

add base for totp

Browse source
This commit is contained in:
Jean-Marie Mineau 2021-04-15 16:24:51 +02:00
parent af2f7d191a
commit b6e22ff91d
2 changed files with 24 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
roles/base_totp/tasks/main.yml Normal file
View file

@ -0,0 +1,22 @@
---
- name: Install the PAM lib
apt:
name:
- libpam-oath
state: latest
update_cache: true
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Add the totp secret for users
lineinfile:
path: /etc/users.oath
regexp: "{{ item.name }}"
line: "HOTP/T60/6 {{ item.name }} - {{item.totp}}"
create: true
group: root
owner: root
mode: '600'
loop: "{{ uservault_users }}"
no_log: true

2
roles/ssh_totp/tasks/main.yml
View file

@ -10,11 +10,13 @@ dependencies:
insertbefore: BOF insertbefore: BOF
- name: Set ChallengeResponseAuthentication in sshd conf - name: Set ChallengeResponseAuthentication in sshd conf
lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^#?ChallengeResponseAuthentication' regexp: '^#?ChallengeResponseAuthentication'
line: 'ChallengeResponseAuthentication yes' line: 'ChallengeResponseAuthentication yes'
- name: Set UsePAM in sshd conf - name: Set UsePAM in sshd conf
lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^#?UsePAM' regexp: '^#?UsePAM'
line: 'UsePAM yes' line: 'UsePAM yes'