|
@@ -34,12 +34,11 @@
|
34
|
34
|
insertbefore=BOF
|
35
|
35
|
state=present
|
36
|
36
|
|
37
|
|
-- name: Generate a timed-based, no reuse, rate-limited (3 logins per 30 seconds) with no concurrently valid codes for default user
|
38
|
|
- command: /usr/local/bin/google-authenticator -t -f -d --label="{{ main_user_name }}@{{ domain }}" --qr-mode=NONE -r 3 -R 30 -W --secret=/home/{{ main_user_name }}/.google_authenticator
|
|
37
|
+- name: Generate a timed-based, no reuse, rate-limited (3 logins per 30 seconds) with one concurrently valid code for default user
|
|
38
|
+ command: /usr/local/bin/google-authenticator -t -f -d --label="{{ main_user_name }}@{{ domain }}" --qr-mode=ANSI -r 3 -R 30 -w 1 --secret=/home/{{ main_user_name }}/.google_authenticator
|
39
|
39
|
creates=/home/{{ main_user_name }}/.google_authenticator
|
40
|
|
-
|
41
|
|
-- name: Fix permissions on generated file
|
42
|
|
- file: state=file path=/home/{{ main_user_name }}/.google_authenticator owner={{ main_user_name }} group={{ main_user_name }}
|
|
40
|
+ sudo: yes
|
|
41
|
+ sudo_user: "{{ main_user_name }}"
|
43
|
42
|
|
44
|
43
|
- name: Retrieve generated keys from server
|
45
|
44
|
fetch: src=/home/{{ main_user_name }}/.google_authenticator
|