diff options
| author | goodNETnick <pknet@ya.ru> | 2022-09-22 02:03:04 -0400 |
|---|---|---|
| committer | goodNETnick <pknet@ya.ru> | 2022-10-11 19:56:45 -0400 |
| commit | 765f84386b6e94984ff79db2eab36d51f759159b (patch) | |
| tree | ce2ce9dca40ddda4ca4639b89308f317e67e59d1 /src/conf_mode/system-login.py | |
| parent | 31138f43f4a5714077adbbd22ff774b2d4ce37f8 (diff) | |
| download | vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.tar.gz vyos-1x-765f84386b6e94984ff79db2eab36d51f759159b.zip | |
system login: T874: add 2FA support for local and ssh authentication
Diffstat (limited to 'src/conf_mode/system-login.py')
| -rwxr-xr-x | src/conf_mode/system-login.py | 15 |
1 files changed, 14 insertions, 1 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index 3dcbc995c..fc2723ece 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -245,7 +245,20 @@ def apply(login): user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), user=user, group='users') - + #OTP 2FA key file generation + if dict_search('authentication.otp.key', user_config): + user_config['authentication']['otp']['key'] = user_config['authentication']['otp']['key'].upper() + user_config['authentication']['otp']['rate_limit'] = login['authentication']['otp']['rate_limit'] + user_config['authentication']['otp']['rate_time'] = login['authentication']['otp']['rate_time'] + user_config['authentication']['otp']['window_size'] = login['authentication']['otp']['window_size'] + render(f'{home_dir}/.google_authenticator', 'login/pam_otp_ga.conf.j2', + user_config, permission=0o600, + formater=lambda _: _.replace(""", '"'), + user=user, group='users') + #OTP 2FA key file deletion + elif os.path.exists(f'{home_dir}/.google_authenticator'): + os.remove(f'{home_dir}/.google_authenticator') + except Exception as e: raise ConfigError(f'Adding user "{user}" raised exception: "{e}"') |