Check yubico challenge is configured correctly
This commit is contained in:
parent
54de52ad51
commit
1efb5696d6
@ -51,4 +51,4 @@ pip3 install pipenv
|
|||||||
```
|
```
|
||||||
|
|
||||||
### If Yubico is installed, run this :
|
### If Yubico is installed, run this :
|
||||||
`sudo ansible-playbook ~/Code/dotfiles/mac_playbook.yaml`
|
`sudo ansible-playbook ~/Code/dotfiles/macsecure_playbook.yaml`
|
||||||
|
@ -3,7 +3,29 @@
|
|||||||
connection: local
|
connection: local
|
||||||
become_method: sudo
|
become_method: sudo
|
||||||
become: yes
|
become: yes
|
||||||
|
|
||||||
tasks:
|
tasks:
|
||||||
|
- name: Check yubikey binaries are installed
|
||||||
|
stat:
|
||||||
|
path: "{{ item }}"
|
||||||
|
with_items:
|
||||||
|
- /usr/local/bin/ykpamcfg
|
||||||
|
- "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman"
|
||||||
|
|
||||||
|
- name: Check Yubico is recognized
|
||||||
|
shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'"
|
||||||
|
register: yubicoChallenge
|
||||||
|
failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''"
|
||||||
|
|
||||||
|
- name: Get current user
|
||||||
|
become: false
|
||||||
|
local_action: command whoami
|
||||||
|
register: username_on_host
|
||||||
|
|
||||||
|
- name: Check yubico challenge exists
|
||||||
|
stat:
|
||||||
|
path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}"
|
||||||
|
|
||||||
- name: Ensure yubikey is needed for authentication at login screen
|
- name: Ensure yubikey is needed for authentication at login screen
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: "{{ item }}"
|
path: "{{ item }}"
|
Loading…
Reference in New Issue
Block a user