diff options
Diffstat (limited to 'src/conf_mode/system-login.py')
| -rwxr-xr-x | src/conf_mode/system-login.py | 24 |
1 files changed, 10 insertions, 14 deletions
diff --git a/src/conf_mode/system-login.py b/src/conf_mode/system-login.py index bd9cc3b89..e26b81e3d 100755 --- a/src/conf_mode/system-login.py +++ b/src/conf_mode/system-login.py @@ -253,23 +253,19 @@ def apply(login): user_config, permission=0o600, formater=lambda _: _.replace(""", '"'), user=user, group='users') - #OTP 2FA key file generation - if dict_search('authentication.otp.key', user_config): - user_config['authentication']['otp']['key'] = user_config['authentication']['otp']['key'].upper() - user_config['authentication']['otp']['rate_limit'] = login['authentication']['otp']['rate_limit'] - user_config['authentication']['otp']['rate_time'] = login['authentication']['otp']['rate_time'] - user_config['authentication']['otp']['window_size'] = login['authentication']['otp']['window_size'] - render(f'{home_dir}/.google_authenticator', 'login/pam_otp_ga.conf.j2', - user_config, permission=0o600, - formater=lambda _: _.replace(""", '"'), - user=user, group='users') - #OTP 2FA key file deletion - elif os.path.exists(f'{home_dir}/.google_authenticator'): - os.remove(f'{home_dir}/.google_authenticator') - + except Exception as e: raise ConfigError(f'Adding user "{user}" raised exception: "{e}"') + # Generate 2FA/MFA One-Time-Pad configuration + if dict_search('authentication.otp.key', user_config): + render(f'{home_dir}/.google_authenticator', 'login/pam_otp_ga.conf.j2', + user_config, permission=0o400, user=user, group='users') + else: + # delete configuration as it's not enabled for the user + if os.path.exists(f'{home_dir}/.google_authenticator'): + os.remove(f'{home_dir}/.google_authenticator') + if 'rm_users' in login: for user in login['rm_users']: try: |