diff options
author | Christian Breunig <christian@breunig.cc> | 2023-12-08 18:34:53 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-12-08 18:34:53 +0100 |
commit | f44cf2923bf12360e5665cb8d7391557241fba96 (patch) | |
tree | bc6650c325c1eee90ee5f47bf7101818a8531b28 /src/conf_mode | |
parent | 7f081cadd0855ebc1104919329c11c98de1445f1 (diff) | |
parent | 14b107442ebf1f4f44bad485c585d4b9cfd97384 (diff) | |
download | vyos-1x-f44cf2923bf12360e5665cb8d7391557241fba96.tar.gz vyos-1x-f44cf2923bf12360e5665cb8d7391557241fba96.zip |
Merge pull request #2593 from vyos/mergify/bp/sagitta/pr-2584
login: T4943: use pam-auth-update to enable/disable Google authenticator (backport #2584)
Diffstat (limited to 'src/conf_mode')
-rwxr-xr-x | src/conf_mode/system-login.py | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 87a269499..cd85a5066 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -306,6 +306,7 @@ def generate(login): def apply(login): + enable_otp = False if 'user' in login: for user, user_config in login['user'].items(): # make new user using vyatta shell and make home directory (-m), @@ -350,6 +351,7 @@ def apply(login): # Generate 2FA/MFA One-Time-Pad configuration if dict_search('authentication.otp.key', user_config): + enable_otp = True render(f'{home_dir}/.google_authenticator', 'login/pam_otp_ga.conf.j2', user_config, permission=0o400, user=user, group='users') else: @@ -398,6 +400,11 @@ def apply(login): pam_profile = 'tacplus-optional' cmd(f'pam-auth-update --enable {pam_profile}') + # Enable/disable Google authenticator + cmd('pam-auth-update --disable mfa-google-authenticator') + if enable_otp: + cmd(f'pam-auth-update --enable mfa-google-authenticator') + return None |