aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--galaxy.yml2
-rw-r--r--roles/sssd/defaults/main.yml1
-rw-r--r--roles/sssd/files/sshd_sss_authorized_keys.conf5
-rw-r--r--roles/sssd/handlers/main.yml5
-rw-r--r--roles/sssd/tasks/main.yml9
5 files changed, 21 insertions, 1 deletions
diff --git a/galaxy.yml b/galaxy.yml
index 0c5c38b..92a5af0 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -1,6 +1,6 @@
namespace: kompetenzbolzen
name: stuff
-version: 0.17.1
+version: 0.17.2
readme: README.md
authors:
- Jonas Gunz <himself@jonasgunz.de>
diff --git a/roles/sssd/defaults/main.yml b/roles/sssd/defaults/main.yml
index 381bb74..4544fb3 100644
--- a/roles/sssd/defaults/main.yml
+++ b/roles/sssd/defaults/main.yml
@@ -8,3 +8,4 @@ sssd_ldap:
user_dn: 'ou=users,dc=example,dc=com'
group_dn: 'ou=groups,dc=example,dc=com'
access_filter: '&(objectClass=posixAccount)'
+ sshd_keys_from_sss: false
diff --git a/roles/sssd/files/sshd_sss_authorized_keys.conf b/roles/sssd/files/sshd_sss_authorized_keys.conf
new file mode 100644
index 0000000..e4f17bd
--- /dev/null
+++ b/roles/sssd/files/sshd_sss_authorized_keys.conf
@@ -0,0 +1,5 @@
+# vi: ft=sshdconfig
+# This file is managed by Ansible. Do NOT change.
+
+AuthorizedKeysCommand /usr/bin/sss_ssh_authorizedkeys
+AuthorizedKeysCommandUser nobody
diff --git a/roles/sssd/handlers/main.yml b/roles/sssd/handlers/main.yml
index ac65088..add6945 100644
--- a/roles/sssd/handlers/main.yml
+++ b/roles/sssd/handlers/main.yml
@@ -4,3 +4,8 @@
name: sssd
state: restarted
become: yes
+- name: Restart sshd
+ systemd:
+ name: sshd
+ state: restarted
+ become: yes
diff --git a/roles/sssd/tasks/main.yml b/roles/sssd/tasks/main.yml
index a7f2b5e..e24cdfd 100644
--- a/roles/sssd/tasks/main.yml
+++ b/roles/sssd/tasks/main.yml
@@ -35,3 +35,12 @@
line: 'session required pam_mkhomedir.so skel=/etc/skel/ umask=0022'
insertafter: '^session optional pam_sss\.so'
become: yes
+
+- name: Configure SSH Key login via LDAP
+ copy:
+ src: sshd_sss_authorized_keys.conf
+ dest: /etc/ssh/sshd_config.d/sss_authorized_keys.conf
+ become: yes
+ when: sssd_ldap.sshd_keys_from_sss | default(false)
+ notify:
+ - Restart sshd