diff options
| author | Christian Breunig <christian@breunig.cc> | 2023-12-07 21:30:57 +0100 |
|---|---|---|
| committer | Christian Breunig <christian@breunig.cc> | 2023-12-08 07:46:21 +0100 |
| commit | e134dc4171b051d0f98c7151ef32a347bc4f87e2 (patch) | |
| tree | a82d1acdfa6265bdbd419b519b4433851982862a /op-mode-definitions | |
| parent | 8d3e287d028d3fc92256cc86988c06ca5301c7c1 (diff) | |
| download | vyos-1x-e134dc4171b051d0f98c7151ef32a347bc4f87e2.tar.gz vyos-1x-e134dc4171b051d0f98c7151ef32a347bc4f87e2.zip | |
login: T4943: use pam-auth-update to enable/disable Google authenticator
The initial version always enabled Google authenticator (2FA/MFA) support by
hardcoding the PAM module for sshd and login.
This change only enables the PAM module on demand if any use has 2FA/MFA
configured. Enabling the module is done system wide via pam-auth-update by
using a predefined template.
Can be tested using:
set system login user vyos authentication plaintext-password vyos
set system login user vyos authentication otp key 'QY735IG5HDHBFHS5W7Y2A4EM274SMT3O'
See https://docs.vyos.io/en/latest/configuration/system/login.html for additional
details.
Diffstat (limited to 'op-mode-definitions')
| -rwxr-xr-x | op-mode-definitions/generate-system-login-user.xml.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/op-mode-definitions/generate-system-login-user.xml.in b/op-mode-definitions/generate-system-login-user.xml.in index 237a13610..868bbcd46 100755 --- a/op-mode-definitions/generate-system-login-user.xml.in +++ b/op-mode-definitions/generate-system-login-user.xml.in @@ -16,7 +16,7 @@ <properties>
<help>Username used for authentication</help>
<completionHelp>
- <list><username></list>
+ <path>system login user</path>
</completionHelp>
</properties>
<children>
|