thomas
/
sovereign
Volgen 1
Ster 0
Vork 0
Code Kwesties 0 Pull-aanvragen 0 Publicaties 0 Wiki Activiteit
Geen omschrijving
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
294 Commits
1 Branch
Tree: 84c9febec7
Branches Labels
${ item.name }
Maak branch ${ searchTerm }
van '84c9febec7'
${ noResults }
sovereign/roles/common/tasks/google_auth.yml

google_auth.yml 1.2KB
Geschiedenis Ruw

12345678910111213141516171819202122232425 
  1. ---

  2. # Defines tasks applicable for Google Authenticator

  3. 

  4. - name: Ensure required packages are installed

  5.   apt: pkg={{ item }} state=present

  6.   with_items:

  7.     - libqrencode3

  8.     - libpam-dev

  9.     #- libpam-google-authenticator    wasn't available in wheezy

  10. 

  11. - name: Download Google authenticator pam module

  12.   get_url: url=https://google-authenticator.googlecode.com/files/libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2 dest=/root/libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2

  13. 

  14. - name: Extract Google authenticator

  15.   command: tar xjf libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2 chdir=/root creates=/root/libpam-google-authenticator-{{ google_auth_version }}

  16. 

  17. - name: Install Google authenticator

  18.   command: make install chdir=/root/libpam-google-authenticator-{{ google_auth_version }} creates=/usr/local/bin/google-authenticator

  19. 

  20. - name: Update sshd config to enable challenge responses

  21.   lineinfile: dest=/etc/ssh/sshd_config regexp=^ChallengeResponseAuthentication line="ChallengeResponseAuthentication yes" state=present

  22.   notify: restart ssh

  23. 

  24. - name: Add Google authenticator to PAM

  25.   lineinfile: dest=/etc/pam.d/sshd line="auth required pam_google_authenticator.so" insertbefore=BOF state=present