From 3978dd30e50ac94a8728e0b1f4e691e7a93a1d2f Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 16 Oct 2022 16:28:15 +0200 Subject: login: 2fa: T874: fix PAM string generation on multiple package installations Commit da535ef5 ("login: 2fa: T874: fix Google authenticator issues") used different strings for grep and sed resulting in the same line beeing added on every installation of the package. This is only disturbing during development not during ISO build. --- debian/vyos-1x.postinst | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst index 031e91595..959e1d486 100644 --- a/debian/vyos-1x.postinst +++ b/debian/vyos-1x.postinst @@ -21,13 +21,13 @@ if ! grep -q '^openvpn' /etc/passwd; then adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn fi -# Add 2FA support for SSH -sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/sshd" || \ -sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/sshd - -# Add 2FA support for local authentication -sudo grep -qF -- "auth required pam_google_authenticator.so nullok" "/etc/pam.d/login" || \ -sudo sed -i '/^@include common-auth/a # Check OTP 2FA, if configured for the user\nauth required pam_google_authenticator.so nullok' /etc/pam.d/login +# Enable 2FA/MFA support for SSH and local logins +for file in /etc/pam.d/sshd /etc/pam.d/login +do + PAM_CONFIG="auth required pam_google_authenticator.so nullok" + grep -qF -- "$PAM_CONFIG" $file || \ + sed -i '/^@include common-auth/a \\n# Check 2FA/MFA authentication token if enabled (per user)\n$PAM_CONFIG' $file +done # Add RADIUS operator user for RADIUS authenticated users to map to if ! grep -q '^radius_user' /etc/passwd; then -- cgit v1.2.3