diff options
| author | goodNETnick <pknet@ya.ru> | 2022-09-22 02:03:04 -0400 |
|---|---|---|
| committer | goodNETnick <pknet@ya.ru> | 2022-10-11 19:56:45 -0400 |
| commit | 765f84386b6e94984ff79db2eab36d51f759159b (patch) | |
| tree | ce2ce9dca40ddda4ca4639b89308f317e67e59d1 /debian/vyos-1x.postinst | |
| parent | 31138f43f4a5714077adbbd22ff774b2d4ce37f8 (diff) | |
| download | vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.tar.gz vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.zip | |
system login: T874: add 2FA support for local and ssh authentication
Diffstat (limited to 'debian/vyos-1x.postinst')
| -rw-r--r-- | debian/vyos-1x.postinst | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 6879b6e4f..dc64e7a42 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -21,6 +21,16 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi +# Add 2FA support for SSH +sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/sshd" || \ +sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd \ +/ + +# Add 2FA support for local authentication +sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/login" || \ +sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login \ +/ + # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then adduser --quiet --firstuid 1000 --disabled-login --ingroup vyattaop \ |