first cut of everything we need for 2fa client side
This commit is contained in:
parent
db4eeaacc2
commit
2b3a8d2448
8 changed files with 132 additions and 0 deletions
25
tasks/2fa_client.yml
Normal file
25
tasks/2fa_client.yml
Normal file
|
|
@ -0,0 +1,25 @@
|
|||
---
|
||||
- name: install pam_url
|
||||
yum: name=pam_url state=installed
|
||||
|
||||
- name: /etc/pki/tls/private/totpcgi.pem
|
||||
copy: src=$puppet_private/2fa-certs/keys/${inventory_hostname}.pem dest=/etc/pki/tls/private/totpcgi.pem mode=0400
|
||||
|
||||
- name: /etc/pki/tls/private/totpcgi-ca.cert
|
||||
copy: src=$puppet_private/2fa-certs/keys/ca.crt dest=/etc/pki/tls/private/totpcgi-ca.cert mode=0400
|
||||
|
||||
- name: /etc/pam_url.conf - split for staging/phx2/everyone else
|
||||
copy: src=$item dest=/etc/pam_url.conf mode=0644
|
||||
with_first_found:
|
||||
- $files/2fa/pam_url.conf.${inventory_hostname}
|
||||
- $files/2fa/pam_url.conf.${ansible_domain}
|
||||
- $files/2fa/pam_url.conf
|
||||
|
||||
- name: /etc/pam.d/sudo
|
||||
copy: src=$item dest=/etc/pam.d/sudo mode=0644
|
||||
with_first_found:
|
||||
- $files/2fa/sudo.pam.${inventory_hostname}
|
||||
- $files/2fa/sudo.pam.${ansible_domain}
|
||||
- $files/2fa/sudo.pam
|
||||
|
||||
|
||||
Loading…
Add table
Add a link
Reference in a new issue