From 620f2aa9099525d59395c463311456e1a4479e29 Mon Sep 17 00:00:00 2001 From: Morgan Wattiez Date: Sat, 22 Jun 2019 18:12:13 +0200 Subject: [PATCH] Enable Yubikey --- .gitignore | 1 + dot_scripts/ansible/mac_playbook.yaml | 12 ++++++++++++ 2 files changed, 13 insertions(+) create mode 100644 .gitignore create mode 100644 dot_scripts/ansible/mac_playbook.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..a8b42eb --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +*.retry diff --git a/dot_scripts/ansible/mac_playbook.yaml b/dot_scripts/ansible/mac_playbook.yaml new file mode 100644 index 0000000..62f6e92 --- /dev/null +++ b/dot_scripts/ansible/mac_playbook.yaml @@ -0,0 +1,12 @@ +--- +- hosts: localhost + connection: local + become_method: sudo + become: yes + tasks: + - name: Ensure yubikey is needed for authentication + lineinfile: + path: /etc/pam.d/authorization + regexp: '^auth.*pam_yubico.so.*' + line: "auth required /usr/local/lib/security/pam_yubico.so mode=challenge-response" + insertbefore: "^account required pam_opendirectory.so"