From d5fc8e3301537b9eae1d283f8d3f5f2d23f5226d Mon Sep 17 00:00:00 2001
From: Kevin Fenzi <kevin@scrye.com>
Date: Mon, 7 Jul 2014 22:09:10 +0000
Subject: [PATCH] taskotron-stg01 is a special snowflake. ;)

---
 ....conf.taskotron-stg01.qa.fedoraproject.org | 27 +++++++++++++++++++
 1 file changed, 27 insertions(+)
 create mode 100644 files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org

diff --git a/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
new file mode 100644
index 0000000000..6dcf99cbad
--- /dev/null
+++ b/files/2fa/pam_url.conf.taskotron-stg01.qa.fedoraproject.org
@@ -0,0 +1,27 @@
+pam_url:
+{
+	settings:
+	{
+                {% if env == 'staging' %}
+		url = "https://fas-all.stg.phx2.fedoraproject.org:8443/";	# URI to fetch
+                {% elif datacenter == 'phx2' %}
+		url = "https://fas-all.phx2.fedoraproject.org:8443/";	# URI to fetch
+                {% else %}
+		url = "https://fas-all.vpn.fedoraproject.org:8443/";	# URI to fetch   
+                {% endif %}
+		returncode = "OK";				# The remote script/cgi should return a 200 http code and this string as its only results
+		userfield = "user";				# userfield name to send
+		passwdfield = "token";				# passwdfield name to send
+		extradata = "&do=login";			# extradata to send
+		prompt = "Password+Token: ";			# password prompt
+	};
+
+	ssl:
+	{
+		verify_peer = true;				# Should we verify SSL ?
+		verify_host = true;				# Should we verify the CN in the SSL cert?
+		client_cert = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side certificate
+		client_key  = "/etc/pki/tls/private/totpcgi.pem"; # file to use as client-side key (can be same file as above if a single cert)
+                ca_cert     = "/etc/pki/tls/private/totpcgi-ca.cert";
+	};
+};