From 22fcd4707b1420b6bb90a727aba345aa889b6d57 Mon Sep 17 00:00:00 2001 From: Robert Kaussow Date: Wed, 9 Aug 2023 23:22:34 +0200 Subject: [PATCH] remove tfa settings --- defaults/main.yml | 27 --------------------------- templates/etc/pve/domains.cfg.j2 | 15 --------------- 2 files changed, 42 deletions(-) diff --git a/defaults/main.yml b/defaults/main.yml index cee6390..6e6e2ef 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -20,27 +20,9 @@ pve_disk_mount: [] pve_auth_pam_is_default: True pve_auth_pam_description: Linux PAM standard authentication -pve_auth_pam_tfa_oath_enabled: False -# pve_auth_pam_tfa_oath_timestep: 30 -# pve_auth_pam_tfa_oath_pwlength: 6 - -pve_auth_pam_tfa_yubico_enabled: False -# pve_auth_pam_tfa_yubico_api_id: 1a2b3c4d5e6f -# pve_auth_pam_tfa_yubico_api_key: 123456 -# pve_auth_pam_tfa_yubico_url: http://127.0.0.1:8080 - pve_auth_pve_is_default: False pve_auth_pve_description: Linux pve standard authentication -pve_auth_pve_tfa_oath_enabled: False -# pve_auth_pve_tfa_oath_timestep: 30 -# pve_auth_pve_tfa_oath_pwlength: 6 - -pve_auth_pve_tfa_yubico_enabled: False -# pve_auth_pve_tfa_yubico_api_id: 1a2b3c4d5e6f -# pve_auth_pve_tfa_yubico_api_key: 123456 -# pve_auth_pve_tfa_yubico_url: http://127.0.0.1:8080 - # Enable ldap auth against an external server pve_auth_ldap_enabled: False # pve_auth_ldap_is_default: False @@ -54,12 +36,3 @@ pve_auth_ldap_enabled: False # pve_auth_ldap_bind_password: my_secret (defaults to not set) # pve_auth_ldap_port: 389 # pve_auth_ldap_tls_enabled: False - -pve_auth_ldap_tfa_oath_enabled: False -pve_auth_ldap_tfa_oath_timestep: 30 -pve_auth_ldap_tfa_oath_pwlength: 6 - -pve_auth_ldap_tfa_yubico_enabled: False -# pve_auth_ldap_tfa_yubico_api_id: 1a2b3c4d5e6f -# pve_auth_ldap_tfa_yubico_api_key: 123456 -# pve_auth_ldap_tfa_yubico_url: http://127.0.0.1:8080 diff --git a/templates/etc/pve/domains.cfg.j2 b/templates/etc/pve/domains.cfg.j2 index b80242c..01227af 100644 --- a/templates/etc/pve/domains.cfg.j2 +++ b/templates/etc/pve/domains.cfg.j2 @@ -2,20 +2,10 @@ pam: pam comment {{ pve_auth_pam_description }} default {{ 1 if pve_auth_pam_is_default else 0 }} - {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled %} - tfa type=oath,step={{ pve_auth_pam_tfa_oath_timestep }},digits={{ pve_auth_pam_tfa_oath_pwlength }} - {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled %} - tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }} - {% endif %} pve: pve comment {{ pve_auth_pve_description }} default {{ 1 if pve_auth_pve_is_default else 0 }} - {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled %} - tfa type=oath,step={{ pve_auth_pve_tfa_oath_timestep }},digits={{ pve_auth_pve_tfa_oath_pwlength }} - {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled %} - tfa type=yubico,id={{ pve_auth_pve_tfa_yubico_api_id }},key={{ pve_auth_pve_tfa_yubico_api_key }},url={{ pve_auth_pve_tfa_yubico_url }} - {% endif %} {% if pve_auth_ldap_enabled %} ldap: {{ pve_auth_ldap_realm }} @@ -32,9 +22,4 @@ ldap: {{ pve_auth_ldap_realm }} default {{ 1 if pve_auth_ldap_is_default else 0 }} port {{ pve_auth_ldap_port }} secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }} - {% if pve_auth_ldap_tfa_oath_enabled and not pve_auth_ldap_tfa_yubico_enabled %} - tfa type=oath,step={{ pve_auth_ldap_tfa_oath_timestep }},digits={{ pve_auth_ldap_tfa_oath_pwlength }} - {% elif pve_auth_ldap_tfa_yubico_enabled and not pve_auth_ldap_tfa_oath_enabled %} - tfa type=yubico,id={{ pve_auth_ldap_tfa_yubico_api_id }},key={{ pve_auth_ldap_tfa_yubico_api_key }},url={{ pve_auth_ldap_tfa_yubico_url }} - {% endif %} {% endif %}