Check yubico challenge is configured correctly

This commit is contained in:
Morgan Wattiez 2019-06-23 15:11:50 +02:00
parent 54de52ad51
commit 1efb5696d6
2 changed files with 24 additions and 2 deletions

View File

@ -51,4 +51,4 @@ pip3 install pipenv
``` ```
### If Yubico is installed, run this : ### If Yubico is installed, run this :
`sudo ansible-playbook ~/Code/dotfiles/mac_playbook.yaml` `sudo ansible-playbook ~/Code/dotfiles/macsecure_playbook.yaml`

View File

@ -3,7 +3,29 @@
connection: local connection: local
become_method: sudo become_method: sudo
become: yes become: yes
tasks: tasks:
- name: Check yubikey binaries are installed
stat:
path: "{{ item }}"
with_items:
- /usr/local/bin/ykpamcfg
- "/Applications/YubiKey\ Manager.app/Contents/MacOS/ykman"
- name: Check Yubico is recognized
shell: "'/Applications/YubiKey Manager.app/Contents/MacOS/ykman' list | awk '{print $6}'"
register: yubicoChallenge
failed_when: "yubicoChallenge.rc != 0 or yubicoChallenge.stdout == ''"
- name: Get current user
become: false
local_action: command whoami
register: username_on_host
- name: Check yubico challenge exists
stat:
path: "/Users/{{ username_on_host.stdout }}/.yubico/challenge-{{ yubicoChallenge.stdout }}"
- name: Ensure yubikey is needed for authentication at login screen - name: Ensure yubikey is needed for authentication at login screen
lineinfile: lineinfile:
path: "{{ item }}" path: "{{ item }}"