Open EmptyByte opened 2 weeks ago
The role to setup ipasmartcard_client does not handle the installation and configuration of PAM SSH agent
ipasmartcard_client
Refer to: Setting up the PAM module for sudo
- name: Ensure PAM SSH agent is installed (dnf) ansible.builtin.dnf: name: pam_ssh_agent_auth state: present when: ansible_facts['pkg_mgr'] | lower == 'dnf' - name: Ensure PAM SSH agent is installed (yum) ansible.builtin.yum: name: pam_ssh_agent_auth state: present when: ansible_facts['pkg_mgr'] | lower == 'yum' - name: Add the authorized_keys_command to /etc/pam.d/sudo ansible.builtin.lineinfile: path: /etc/pam.d/sudo regexp: '^auth\s+sufficient\s+pam_ssh_agent_auth\.so\s+authorized_keys_command=/usr/bin/sss_ssh_authorizedkeys$' insertafter: '^#%PAM-1.0$' line: 'auth sufficient pam_ssh_agent_auth.so authorized_keys_command=/usr/bin/sss_ssh_authorizedkeys' backup: true - name: Create sudoers drop-in file for SSH agent forwarding ansible.builtin.copy: dest: /etc/sudoers.d/ssh_agent_forward content: | # This file is managed by Ansible Defaults env_keep += "SSH_AUTH_SOCK" owner: root group: root mode: '0440' validate: '/usr/sbin/visudo -csf %s'
The role to setup
ipasmartcard_client
does not handle the installation and configuration of PAM SSH agentRefer to: Setting up the PAM module for sudo