Check yubico challenge is configured correctly
This commit is contained in:
parent
54de52ad51
commit
1efb5696d6
@ -50,5 +50,5 @@ pip3 install awscli
|
||||
pip3 install pipenv
|
||||
```
|
||||
|
||||
### If Yubico is installed, run this :
|
||||
`sudo ansible-playbook ~/Code/dotfiles/mac_playbook.yaml`
|
||||
### If Yubico is installed, run this :
|
||||
`sudo ansible-playbook ~/Code/dotfiles/macsecure_playbook.yaml`
|
||||
|
@ -3,7 +3,29 @@
|
||||
connection: local
|
||||
become_method: sudo
|
||||
become: yes
|
||||
|
||||
tasks:
|
||||
- name: Check yubikey binaries are installed
|
||||
stat:
|
||||
path: "{{ item }}"
|
||||
with_items:
|
||||
- /usr/local/bin/ykpamcfg
|
||||
- "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman"
|
||||
|
||||
- name: Check Yubico is recognized
|
||||
shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'"
|
||||
register: yubicoChallenge
|
||||
failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''"
|
||||
|
||||
- name: Get current user
|
||||
become: false
|
||||
local_action: command whoami
|
||||
register: username_on_host
|
||||
|
||||
- name: Check yubico challenge exists
|
||||
stat:
|
||||
path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}"
|
||||
|
||||
- name: Ensure yubikey is needed for authentication at login screen
|
||||
lineinfile:
|
||||
path: "{{ item }}"
|
Loading…
Reference in New Issue
Block a user