summaryrefslogtreecommitdiff
path: root/debian/vyos-1x.postinst
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2022-10-14 20:00:25 +0200
committerChristian Poessinger <christian@poessinger.com>2022-10-14 20:00:25 +0200
commitda535ef5697f6ce87a7f34ff185e4df239e6af63 (patch)
tree4e074588462835ee16384c75c01fbc1058e2e905 /debian/vyos-1x.postinst
parent427ea592ae8d92d29aca245683832b5bd75b643d (diff)
downloadvyos-1x-da535ef5697f6ce87a7f34ff185e4df239e6af63.tar.gz
vyos-1x-da535ef5697f6ce87a7f34ff185e4df239e6af63.zip
login: 2fa: T874: fix Google authenticator issues
Move default values of TOTP configuration from a global to a per user setting. This makes the entire code easier as no global configuration must be blended into the per user config dict. Also it should be possible to set the authentication window "multiple concurrent keys" individual per user. set system login user vyos authentication otp key 'gzkmajid7na2oltajs4kbuq7lq' set system login user vyos authentication plaintext-password 'vyos'
Diffstat (limited to 'debian/vyos-1x.postinst')
-rw-r--r--debian/vyos-1x.postinst4
1 files changed, 2 insertions, 2 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 9766c91b1..031e91595 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -23,11 +23,11 @@ fi
# Add 2FA support for SSH
sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/sshd" || \
-sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd
+sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd
# Add 2FA support for local authentication
sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/login" || \
-sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login
+sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login
# Add RADIUS operator user for RADIUS authenticated users to map to
if ! grep -q '^radius_user' /etc/passwd; then