Defined Type: bsdauth::yubikey::user

Defined in:
manifests/yubikey/user.pp

Overview

Managing a Yubikey device for login purposes.

Examples:

Declaring a Yubikey device for a user

include ::bsdauth
include ::bsdauth::yubikey
::bsdauth::yubikey { 'user':
  key => 'deadbeefcafebabec0ffee0123456789',
  uid => 'cafedeadbeef',
}

Parameters:

  • key (Pattern[/^[0-9a-f]{32}$/])

    The key from the given Yubikey.

  • uid (Pattern[/^[0-9a-f]{12}$/])

    The uid from the given Yubikey.

  • user (String) (defaults to: $title)

    The username the owns the Yubikey.

See Also:

Since:

  • 2.0.0



18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
 
# File 'manifests/yubikey/user.pp', line 18

define bsdauth::yubikey::user (
  Pattern[/^[0-9a-f]{32}$/] $key,
  Pattern[/^[0-9a-f]{12}$/] $uid,
  String                    $user = $title,
) {

  if ! defined(Class['::bsdauth::yubikey']) {
    fail('You must include the bsdauth::yubikey base class before using any bsdauth::yubikey defined resources')
  }

  $directory = $::bsdauth::yubikey::directory

  file { "${directory}/${user}.uid":
    ensure  => file,
    owner   => 0,
    group   => 'auth',
    mode    => '0440',
    content => "${uid}\n",
  }

  file { "${directory}/${user}.key":
    ensure  => file,
    owner   => 0,
    group   => 'auth',
    mode    => '0440',
    content => "${key}\n",
  }

  file { "${directory}/${user}.ctr":
    ensure  => file,
    owner   => 0,
    group   => 'auth',
    mode    => '0440',
    content => "0\n",
    replace => false,
  }
}