remove tfa settings

defaults/main.yml

@@ -20,27 +20,9 @@ pve_disk_mount: []
 pve_auth_pam_is_default: True
 pve_auth_pam_description: Linux PAM standard authentication
 
-pve_auth_pam_tfa_oath_enabled: False
-# pve_auth_pam_tfa_oath_timestep: 30
-# pve_auth_pam_tfa_oath_pwlength: 6
-
-pve_auth_pam_tfa_yubico_enabled: False
-# pve_auth_pam_tfa_yubico_api_id: 1a2b3c4d5e6f
-# pve_auth_pam_tfa_yubico_api_key: 123456
-# pve_auth_pam_tfa_yubico_url: http://127.0.0.1:8080
-
 pve_auth_pve_is_default: False
 pve_auth_pve_description: Linux pve standard authentication
 
-pve_auth_pve_tfa_oath_enabled: False
-# pve_auth_pve_tfa_oath_timestep: 30
-# pve_auth_pve_tfa_oath_pwlength: 6
-
-pve_auth_pve_tfa_yubico_enabled: False
-# pve_auth_pve_tfa_yubico_api_id: 1a2b3c4d5e6f
-# pve_auth_pve_tfa_yubico_api_key: 123456
-# pve_auth_pve_tfa_yubico_url: http://127.0.0.1:8080
-
 # Enable ldap auth against an external server
 pve_auth_ldap_enabled: False
 # pve_auth_ldap_is_default: False
@@ -54,12 +36,3 @@ pve_auth_ldap_enabled: False
 # pve_auth_ldap_bind_password: my_secret (defaults to not set)
 # pve_auth_ldap_port: 389
 # pve_auth_ldap_tls_enabled: False
-
-pve_auth_ldap_tfa_oath_enabled: False
-pve_auth_ldap_tfa_oath_timestep: 30
-pve_auth_ldap_tfa_oath_pwlength: 6
-
-pve_auth_ldap_tfa_yubico_enabled: False
-# pve_auth_ldap_tfa_yubico_api_id: 1a2b3c4d5e6f
-# pve_auth_ldap_tfa_yubico_api_key: 123456
-# pve_auth_ldap_tfa_yubico_url: http://127.0.0.1:8080

templates/etc/pve/domains.cfg.j2

@@ -2,20 +2,10 @@
 pam: pam
     comment {{ pve_auth_pam_description }}
     default {{ 1 if pve_auth_pam_is_default else 0 }}
-    {% if pve_auth_pam_tfa_oath_enabled and not pve_auth_pam_tfa_yubico_enabled %}
-    tfa type=oath,step={{ pve_auth_pam_tfa_oath_timestep }},digits={{ pve_auth_pam_tfa_oath_pwlength }}
-    {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled %}
-    tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }}
-    {% endif %}
 
 pve: pve
     comment {{ pve_auth_pve_description }}
     default {{ 1 if pve_auth_pve_is_default else 0 }}
-    {% if pve_auth_pve_tfa_oath_enabled and not pve_auth_pve_tfa_yubico_enabled %}
-    tfa type=oath,step={{ pve_auth_pve_tfa_oath_timestep }},digits={{ pve_auth_pve_tfa_oath_pwlength }}
-    {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled %}
-    tfa type=yubico,id={{ pve_auth_pve_tfa_yubico_api_id }},key={{ pve_auth_pve_tfa_yubico_api_key }},url={{ pve_auth_pve_tfa_yubico_url }}
-    {% endif %}
 {% if pve_auth_ldap_enabled %}
 
 ldap: {{ pve_auth_ldap_realm }}
@@ -32,9 +22,4 @@ ldap: {{ pve_auth_ldap_realm }}
     default {{ 1 if pve_auth_ldap_is_default else 0 }}
     port {{ pve_auth_ldap_port }}
     secure {{ 1 if pve_auth_ldap_tls_enabled else 0 }}
-    {% if pve_auth_ldap_tfa_oath_enabled and not pve_auth_ldap_tfa_yubico_enabled %}
-    tfa type=oath,step={{ pve_auth_ldap_tfa_oath_timestep }},digits={{ pve_auth_ldap_tfa_oath_pwlength }}
-    {% elif pve_auth_ldap_tfa_yubico_enabled and not pve_auth_ldap_tfa_oath_enabled %}
-    tfa type=yubico,id={{ pve_auth_ldap_tfa_yubico_api_id }},key={{ pve_auth_ldap_tfa_yubico_api_key }},url={{ pve_auth_ldap_tfa_yubico_url }}
-    {% endif %}
 {% endif %}