Browse Source

Added Google Authenticator 2FA logins

Justin Plock 10 years ago
parent
commit
84c9febec7
No account linked to committer's email address
3 changed files with 29 additions and 0 deletions
  1. 25
    0
      roles/common/tasks/google_auth.yml
  2. 1
    0
      roles/common/tasks/main.yml
  3. 3
    0
      vars/defaults.yml

+ 25
- 0
roles/common/tasks/google_auth.yml View File

1
+---
2
+# Defines tasks applicable for Google Authenticator
3
+
4
+- name: Ensure required packages are installed
5
+  apt: pkg={{ item }} state=present
6
+  with_items:
7
+    - libqrencode3
8
+    - libpam-dev
9
+    #- libpam-google-authenticator    wasn't available in wheezy
10
+
11
+- name: Download Google authenticator pam module
12
+  get_url: url=https://google-authenticator.googlecode.com/files/libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2 dest=/root/libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2
13
+
14
+- name: Extract Google authenticator
15
+  command: tar xjf libpam-google-authenticator-{{ google_auth_version }}-source.tar.bz2 chdir=/root creates=/root/libpam-google-authenticator-{{ google_auth_version }}
16
+
17
+- name: Install Google authenticator
18
+  command: make install chdir=/root/libpam-google-authenticator-{{ google_auth_version }} creates=/usr/local/bin/google-authenticator
19
+
20
+- name: Update sshd config to enable challenge responses
21
+  lineinfile: dest=/etc/ssh/sshd_config regexp=^ChallengeResponseAuthentication line="ChallengeResponseAuthentication yes" state=present
22
+  notify: restart ssh
23
+
24
+- name: Add Google authenticator to PAM
25
+  lineinfile: dest=/etc/pam.d/sshd line="auth required pam_google_authenticator.so" insertbefore=BOF state=present

+ 1
- 0
roles/common/tasks/main.yml View File

48
   notify: restart apache
48
   notify: restart apache
49
 
49
 
50
 - include: encfs.yml tags=encfs
50
 - include: encfs.yml tags=encfs
51
+- include: google_auth.yml tags=google_auth
51
 - include: users.yml tags=users
52
 - include: users.yml tags=users
52
 - include: ssl.yml tags=ssl
53
 - include: ssl.yml tags=ssl
53
 - include: ufw.yml tags=ufw
54
 - include: ufw.yml tags=ufw

+ 3
- 0
vars/defaults.yml View File

27
   # - 2.north-america.pool.ntp.org
27
   # - 2.north-america.pool.ntp.org
28
   # - 3.north-america.pool.ntp.org
28
   # - 3.north-america.pool.ntp.org
29
 
29
 
30
+# google authenticator
31
+google_auth_version: 1.0
32
+
30
 # database
33
 # database
31
 db_admin_username: 'postgres'
34
 db_admin_username: 'postgres'
32
 # db_admin_password: (required)
35
 # db_admin_password: (required)

Loading…
Cancel
Save