ExternalMirrors
/
users-formula
mirror of https://github.com/saltstack-formulas/users-formula
Watch 1
Star 0
Fork 1
Code Issues 0 Releases 13 Wiki Activity
Saltstack Official Users Formula
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
354 Commits
3 Branches
Tree: 1726e0f0f1
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '1726e0f0f1'
${ noResults }
users-formula/users/googleauth.sls

34 lines
1.2KB
Raw Blame History 

  1. # vim: sts=2 ts=2 sw=2 et ai

  2. {%- from "users/map.jinja" import users with context %}

  3. 

  4. {%- if not grains['os_family'] in ['RedHat', 'Suse'] %}

  5. users_googleauth-package:

  6.   pkg.installed:

  7.     - name: {{ users.googleauth_package }}

  8.     - require:

  9.       - file: {{ users.googleauth_dir }} 

  10. 

  11. users_{{ users.googleauth_dir }}:

  12.   file.directory:

  13.     - name: {{ users.googleauth_dir }}

  14.     - user: root

  15.     - group: {{ users.root_group }}

  16.     - mode: 600

  17. 

  18. {%-   for name, user in pillar.get('users', {}).items() if user.absent is not defined or not user.absent %}

  19. {%-     if 'google_auth' in user %}

  20. {%-       for svc in user['google_auth'] %}

  21. {%-         if user.get('google_2fa', True) %}

  22. users_googleauth-pam-{{ svc }}-{{ name }}:

  23.   file.replace:

  24.     - name: /etc/pam.d/{{ svc }}

  25.     - pattern: "^@include common-auth"

  26.     - repl: "auth       [success=done new_authtok_reqd=done default=die]   pam_google_authenticator.so user=root secret={{ users.googleauth_dir }}/${USER}_{{ svc }} echo_verification_code\n@include common-auth"

  27.     - unless: grep pam_google_authenticator.so /etc/pam.d/{{ svc }}

  28.     - backup: .bak

  29. {%-         endif %}

  30. {%-       endfor %}

  31. {%-     endif %}

  32. {%-   endfor %}

  33. {%- endif %}