diff options
author | Jonas Gunz <himself@jonasgunz.de> | 2023-03-11 14:44:08 +0100 |
---|---|---|
committer | Jonas Gunz <himself@jonasgunz.de> | 2023-03-11 14:44:08 +0100 |
commit | 18cdc71f9a55fa50fdb16cfeca5dfd8741375519 (patch) | |
tree | 467d7a3c1cf71d84fd5fc900f298ee85b6cc37c1 /roles | |
parent | 5d9ad9fcbdb1868a73642889abd5d47d8ec4a135 (diff) | |
download | ansible_collection-18cdc71f9a55fa50fdb16cfeca5dfd8741375519.tar.gz |
sssd: allow ssh login via key
Diffstat (limited to 'roles')
-rw-r--r-- | roles/sssd/defaults/main.yml | 1 | ||||
-rw-r--r-- | roles/sssd/files/sshd_sss_authorized_keys.conf | 5 | ||||
-rw-r--r-- | roles/sssd/handlers/main.yml | 5 | ||||
-rw-r--r-- | roles/sssd/tasks/main.yml | 9 |
4 files changed, 20 insertions, 0 deletions
diff --git a/roles/sssd/defaults/main.yml b/roles/sssd/defaults/main.yml index 381bb74..4544fb3 100644 --- a/roles/sssd/defaults/main.yml +++ b/roles/sssd/defaults/main.yml @@ -8,3 +8,4 @@ sssd_ldap: user_dn: 'ou=users,dc=example,dc=com' group_dn: 'ou=groups,dc=example,dc=com' access_filter: '&(objectClass=posixAccount)' + sshd_keys_from_sss: false diff --git a/roles/sssd/files/sshd_sss_authorized_keys.conf b/roles/sssd/files/sshd_sss_authorized_keys.conf new file mode 100644 index 0000000..e4f17bd --- /dev/null +++ b/roles/sssd/files/sshd_sss_authorized_keys.conf @@ -0,0 +1,5 @@ +# vi: ft=sshdconfig +# This file is managed by Ansible. Do NOT change. + +AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys +AuthorizedKeysCommandUser nobody diff --git a/roles/sssd/handlers/main.yml b/roles/sssd/handlers/main.yml index ac65088..add6945 100644 --- a/roles/sssd/handlers/main.yml +++ b/roles/sssd/handlers/main.yml @@ -4,3 +4,8 @@ name: sssd state: restarted become: yes +- name: Restart sshd + systemd: + name: sshd + state: restarted + become: yes diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml index a7f2b5e..e24cdfd 100644 --- a/roles/sssd/tasks/main.yml +++ b/roles/sssd/tasks/main.yml @@ -35,3 +35,12 @@ line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022' insertafter: '^session optional pam_sss\.so' become: yes + +- name: Configure SSH Key login via LDAP + copy: + src: sshd_sss_authorized_keys.conf + dest: /etc/ssh/sshd_config.d/sss_authorized_keys.conf + become: yes + when: sssd_ldap.sshd_keys_from_sss | default(false) + notify: + - Restart sshd |