From abcd1356155b597decf3f432b85907657239630e Mon Sep 17 00:00:00 2001
From: Robert Kaussow <mail@geeklabor.de>
Date: Wed, 14 Nov 2018 22:03:59 +0100
Subject: [PATCH] pam, pve auth cant be disabled

---
 defaults/main.yml                | 4 ----
 templates/etc/pve/domains.cfg.j2 | 6 +-----
 2 files changed, 1 insertion(+), 9 deletions(-)

diff --git a/defaults/main.yml b/defaults/main.yml
index b50516d..6c24de7 100644
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -20,8 +20,6 @@ pve_nginx_tls_enabled: True
 pve_nginx_tls_cert_file: mycert.pem
 pve_nginx_tls_key_file: mykey.pem
 
-# Enables pam authication
-pve_auth_pam_enabled: True
 pve_auth_pam_is_default: True
 pve_auth_pam_realm: pam
 pve_auth_pam_description: Linux PAM standard authentication
@@ -35,8 +33,6 @@ pve_auth_pam_tfa_yubico_enabled: False
 # pve_auth_pam_tfa_yubico_api_key: 123456
 # pve_auth_pam_tfa_yubico_url: http://127.0.0.1:8080
 
-# Enables proxmox internal auth service
-pve_auth_pve_enabled: True
 pve_auth_pve_is_default: False
 pve_auth_pve_realm: pve
 pve_auth_pve_description: Linux pve standard authentication
diff --git a/templates/etc/pve/domains.cfg.j2 b/templates/etc/pve/domains.cfg.j2
index 5e03f7b..3f10ee7 100644
--- a/templates/etc/pve/domains.cfg.j2
+++ b/templates/etc/pve/domains.cfg.j2
@@ -1,5 +1,4 @@
 #jinja2:lstrip_blocks: True
-{% if pve_auth_pam_enabled %}
 pam: {{ pve_auth_pam_realm }}
     comment {{ pve_auth_pam_description }}
     default {{ 1 if pve_auth_pam_is_default else 0 }}
@@ -8,9 +7,7 @@ pam: {{ pve_auth_pam_realm }}
     {% elif pve_auth_pam_tfa_yubico_enabled and not pve_auth_pam_tfa_oath_enabled %}
     tfa type=yubico,id={{ pve_auth_pam_tfa_yubico_api_id }},key={{ pve_auth_pam_tfa_yubico_api_key }},url={{ pve_auth_pam_tfa_yubico_url }}
     {% endif %}
-{% endif %}
 
-{% if pve_auth_pve_enabled %}
 pve: {{ pve_auth_pve_realm }}
     comment {{ pve_auth_pve_description }}
     default {{ 1 if pve_auth_pve_is_default else 0 }}
@@ -19,9 +16,8 @@ pve: {{ pve_auth_pve_realm }}
     {% elif pve_auth_pve_tfa_yubico_enabled and not pve_auth_pve_tfa_oath_enabled %}
     tfa type=yubico,id={{ pve_auth_pve_tfa_yubico_api_id }},key={{ pve_auth_pve_tfa_yubico_api_key }},url={{ pve_auth_pve_tfa_yubico_url }}
     {% endif %}
-{% endif %}
-
 {% if pve_auth_ldap_enabled %}
+
 ldap: {{ pve_auth_ldap_realm }}
     comment {{ pve_auth_ldap_description }}
     base_dn {{ pve_auth_ldap_base_dn }}