sssd: allow ssh login via key

author: Jonas Gunz <himself@jonasgunz.de> 2023-03-11 14:44:08 +0100
committer: Jonas Gunz <himself@jonasgunz.de> 2023-03-11 14:44:08 +0100
commit: 18cdc71f9a55fa50fdb16cfeca5dfd8741375519 (patch)
tree: 467d7a3c1cf71d84fd5fc900f298ee85b6cc37c1 /roles/sssd/tasks/main.yml
parent: 5d9ad9fcbdb1868a73642889abd5d47d8ec4a135 (diff)
download: ansible_collection-18cdc71f9a55fa50fdb16cfeca5dfd8741375519.tar.gz
1 files changed, 9 insertions, 0 deletions
diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index a7f2b5e..e24cdfd 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -35,3 +35,12 @@
     line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022'
     insertafter: '^session optional pam_sss\.so'
   become: yes
+
+- name: Configure SSH Key login via LDAP
+  copy:
+    src: sshd_sss_authorized_keys.conf
+    dest: /etc/ssh/sshd_config.d/sss_authorized_keys.conf
+  become: yes
+  when: sssd_ldap.sshd_keys_from_sss | default(false)
+  notify:
+    - Restart sshd
author	Jonas Gunz <himself@jonasgunz.de>	2023-03-11 14:44:08 +0100
committer	Jonas Gunz <himself@jonasgunz.de>	2023-03-11 14:44:08 +0100
commit	18cdc71f9a55fa50fdb16cfeca5dfd8741375519 (patch)
tree	467d7a3c1cf71d84fd5fc900f298ee85b6cc37c1 /roles/sssd/tasks/main.yml
parent	5d9ad9fcbdb1868a73642889abd5d47d8ec4a135 (diff)
download	ansible_collection-18cdc71f9a55fa50fdb16cfeca5dfd8741375519.tar.gz