54 lines
1.7 KiB
YAML
54 lines
1.7 KiB
YAML
|
---
|
||
|
|
||
|
- name: install libpam-csc
|
||
|
apt: name=libpam-csc state=latest
|
||
|
|
||
|
- name: install required aptitude packages
|
||
|
apt: name={{ item }} state=latest
|
||
|
with_items:
|
||
|
- krb5-user
|
||
|
- ldap-utils
|
||
|
- sssd
|
||
|
- sssd-tools
|
||
|
|
||
|
- name: install ubuntu sss pam and nss
|
||
|
apt: name={{ item }} state=latest
|
||
|
when: ansible_distribution == 'Ubuntu'
|
||
|
with_items:
|
||
|
- libnss-sss
|
||
|
- libpam-sss
|
||
|
|
||
|
- name: copy over configs
|
||
|
template: src={{ item.src }} dest={{ item.dest }}
|
||
|
with_items:
|
||
|
- { src: 'krb5.conf', dest: '/etc/krb5.conf' }
|
||
|
- { src: 'ldap.conf', dest: '/etc/ldap/ldap.conf' }
|
||
|
- { src: 'sssd.conf', dest: '/etc/sssd/sssd.conf' }
|
||
|
- { src: 'sshd_config', dest: '/etc/ssh/sshd_config' }
|
||
|
- { src: 'ssh_config', dest: '/etc/ssh/ssh_config' }
|
||
|
|
||
|
- name: configure PAM for syscom machine
|
||
|
when: syscom
|
||
|
blockinfile:
|
||
|
dest: /etc/pam.d/common-account
|
||
|
block: |
|
||
|
# make sure user is up to date, except system accounts and syscom
|
||
|
account [success=2 default=ignore] pam_succeed_if.so quiet uid < 10000
|
||
|
account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup syscom
|
||
|
account required pam_deny.so
|
||
|
|
||
|
- name: configure PAM for regular machine
|
||
|
when: not syscom
|
||
|
blockinfile:
|
||
|
dest: /etc/pam.d/common-account
|
||
|
block: |
|
||
|
# make sure user is up to date, except system accounts and syscom
|
||
|
account [success=2 default=ignore] pam_succeed_if.so quiet uid < 10000
|
||
|
account [success=1 default=ignore] pam_succeed_if.so quiet user ingroup syscom
|
||
|
account required pam_csc.so
|
||
|
|
||
|
- name: restart services
|
||
|
service: name={{ item }} state=restarted
|
||
|
with_items:
|
||
|
- sssd
|
||
|
- ssh
|