From 1efb5696d6a4beb4b1d5c0f7fbece76c2f26b2e1 Mon Sep 17 00:00:00 2001 From: Morgan Wattiez Date: Sun, 23 Jun 2019 15:11:50 +0200 Subject: [PATCH] Check yubico challenge is configured correctly --- README.md | 4 ++-- ..._playbook.yaml => macsecure_playbook.yaml} | 22 +++++++++++++++++++ 2 files changed, 24 insertions(+), 2 deletions(-) rename dot_scripts/ansible/{mac_playbook.yaml => macsecure_playbook.yaml} (52%) diff --git a/README.md b/README.md index e86ce10..9c14260 100644 --- a/README.md +++ b/README.md @@ -50,5 +50,5 @@ pip3 install awscli pip3 install pipenv ``` -### If Yubico is installed, run this : -`sudo ansible-playbook ~/Code/dotfiles/mac_playbook.yaml` +### If Yubico is installed, run this : +`sudo ansible-playbook ~/Code/dotfiles/macsecure_playbook.yaml` diff --git a/dot_scripts/ansible/mac_playbook.yaml b/dot_scripts/ansible/macsecure_playbook.yaml similarity index 52% rename from dot_scripts/ansible/mac_playbook.yaml rename to dot_scripts/ansible/macsecure_playbook.yaml index 54b32ad..0ab7d1a 100644 --- a/dot_scripts/ansible/mac_playbook.yaml +++ b/dot_scripts/ansible/macsecure_playbook.yaml @@ -3,7 +3,29 @@ connection: local become_method: sudo become: yes + tasks: + - name: Check yubikey binaries are installed + stat: + path: "{{ item }}" + with_items: + - /usr/local/bin/ykpamcfg + - "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman" + + - name: Check Yubico is recognized + shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'" + register: yubicoChallenge + failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''" + + - name: Get current user + become: false + local_action: command whoami + register: username_on_host + + - name: Check yubico challenge exists + stat: + path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}" + - name: Ensure yubikey is needed for authentication at login screen lineinfile: path: "{{ item }}"