diff options
| author | Halfwalker <deano-gitea@areyes.com> | 2024-12-21 18:41:43 -0700 |
|---|---|---|
| committer | Nicholas Johnson <mail@nicholasjohnson.ch> | 2025-01-29 00:00:00 +0000 |
| commit | 40489e5b26bc741b15bbea5cf2ee634880d40384393bdc319d23c482b89a62c8 (patch) | |
| tree | 3701e54b660fc89eded5541aab18cc94506d75cbc489ad17a3b9c4d06f3f2761 /defaults/main.yml | |
| parent | 9cdb5bbeaf8412b8931beb206431eb897fcfc6b40e02dd763d2d4068382550b5 (diff) | |
| download | ansible-role-google-authenticator-40489e5b26bc741b15bbea5cf2ee634880d40384393bdc319d23c482b89a62c8.tar.gz ansible-role-google-authenticator-40489e5b26bc741b15bbea5cf2ee634880d40384393bdc319d23c482b89a62c8.zip | |
Add option for nullok on google_authenticator.so in /etc/pam.d/sshd
Diffstat (limited to 'defaults/main.yml')
| -rw-r--r-- | defaults/main.yml | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/defaults/main.yml b/defaults/main.yml index cf8b7e9..964d155 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -3,6 +3,11 @@ # User can be overridden by a vault variable or from hosts file entry or ansible cmdline username: "{{ vault_username | default(ansible_user_id) }}" +# Set the nullok parameter for pam_google_authenticator.so in /etc/pam.d/sshd +# When set, this allows password logins if no ~/.google_authenticator exists +# If not set, then can NOT login until ~/.google_authenticator is created +google_auth_nullok: false + # Use google authenticator config from vault if it's there # 1st line secret can be 16 or 26 chars # NOTE: Be sure to use char encoding for spaces |