Merge branch 'main' into molecule_workflow

adfinis · Jan 6, 2025 · 0dfd362 · 0dfd362
2 parents 3e40136 + b774c60
commit 0dfd362
Show file tree

Hide file tree

Showing 5 changed files with 18 additions and 11 deletions.
diff --git a/.github/workflows/delete_galaxy_role.yml b/.github/workflows/delete_galaxy_role.yml
@@ -0,0 +1,11 @@
+---
+name: Delete role from Ansible Galaxy
+
+# configure manual trigger
+on:
+  workflow_dispatch:
+
+jobs:
+  delete:
+    uses: adfinis/github-workflows-bareos/.github/workflows/[email protected]
+    secrets: inherit
diff --git a/.github/workflows/galaxy.yml b/.github/workflows/galaxy.yml
@@ -7,5 +7,5 @@ on:
 
 jobs:
   release:
-    uses: adfinis/github-workflows-bareos/.github/workflows/ansible-role.yaml@v0.1.1
+    uses: adfinis/github-workflows-bareos/.github/workflows/ansible-galaxy-role-release.yaml@v0.5.0
     secrets: inherit
diff --git a/meta/argument_specs.yml b/meta/argument_specs.yml
@@ -180,7 +180,8 @@ argument_specs:
         choices:
           - "ldap"
           - "unix"
-        description: "Decide if Unix or LDAP socket should be used for PAM authentication"
+          - "sss"
+        description: "Decide if Unix, SSS or LDAP socket should be used for PAM authentication"
       bareos_dir_pam_auth_profile:
         type: "str"
         default: "webui-admin"

diff --git a/tasks/pam_auth.yml b/tasks/pam_auth.yml
@@ -43,14 +43,6 @@
     - bareos_dir_pam_auth_method == "unix"
     - ansible_facts.os_family == "RedHat"
 
-- name: pam_auth | Download pam_exec_add_bareos_user.py from bareos Github
-  ansible.builtin.get_url:
-    url: https://github.com/bareos/bareos/blob/master/contrib/misc/bareos_pam_integration/pam_exec_add_bareos_user.py
-    dest: "/usr/local/bin/pam_exec_add_bareos_user.py"
-    owner: bareos
-    group: bareos
-    mode: "0744"
-
 - name: pam_auth | Create PAM specific Bareos Console
   ansible.builtin.template:
     src: console.conf.j2

diff --git a/templates/pam.d/bareos.j2 b/templates/pam.d/bareos.j2
@@ -5,5 +5,8 @@ account    requisite           pam_unix.so
 {% elif bareos_dir_pam_auth_method == "ldap" %}
 auth       required            pam_ldap.so
 account    requisite           pam_ldap.so
+{% elif bareos_dir_pam_auth_method == "sss" %}
+auth       optional            pam_unix.so
+auth       required            pam_sss.so   use_first_pass
+account    requisite           pam_sss.so
 {% endif %}
-account    [default=ignore]    pam_exec.so /usr/bin/python3 /usr/local/bin/pam_exec_add_bareos_user.py --name {{ bareos_dir_pam_auth_username | default('pam-adduser') }} --password {{ bareos_dir_pam_auth_password }} --profile {{ bareos_dir_pam_auth_profile | default("webui-admin") }}