1 files changed, 5 insertions, 0 deletions

diff --git a/defaults/main.yml b/defaults/main.yml
index cf8b7e9..964d155 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -3,6 +3,11 @@
 # User can be overridden by a vault variable or from hosts file entry or ansible cmdline
 username: "{{ vault_username | default(ansible_user_id) }}"
 
+# Set the nullok parameter for pam_google_authenticator.so in /etc/pam.d/sshd
+# When set, this allows password logins if no ~/.google_authenticator exists
+# If not set, then can NOT login until ~/.google_authenticator is created
+google_auth_nullok: false
+
 # Use google authenticator config from vault if it's there
 # 1st line secret can be 16 or 26 chars
 # NOTE: Be sure to use char encoding for spaces