{"id":16635730,"url":"https://github.com/voxpupuli/puppet-googleauthenticator","last_synced_at":"2025-12-11T21:27:27.123Z","repository":{"id":3053230,"uuid":"4074915","full_name":"voxpupuli/puppet-googleauthenticator","owner":"voxpupuli","description":"Google-authenticator module for Puppet","archived":false,"fork":false,"pushed_at":"2024-09-17T07:36:18.000Z","size":283,"stargazers_count":13,"open_issues_count":6,"forks_count":19,"subscribers_count":41,"default_branch":"master","last_synced_at":"2024-10-29T14:22:35.862Z","etag":null,"topics":["hacktoberfest","puppet"],"latest_commit_sha":null,"homepage":"https://forge.puppet.com/puppet/googleauthenticator","language":"Puppet","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/voxpupuli.png","metadata":{"files":{"readme":"README.md","changelog":"CHANGELOG.md","contributing":".github/CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"open_collective":"vox-pupuli","github":"voxpupuli"}},"created_at":"2012-04-19T12:32:41.000Z","updated_at":"2024-09-17T07:36:21.000Z","dependencies_parsed_at":"2023-07-06T19:33:50.758Z","dependency_job_id":"3089b929-a406-4904-b42b-a99f13130ce9","html_url":"https://github.com/voxpupuli/puppet-googleauthenticator","commit_stats":{"total_commits":220,"total_committers":22,"mean_commits":10.0,"dds":0.6727272727272727,"last_synced_commit":"ad788d3bc7f906a24471b2ad21feb3daf73868cf"},"previous_names":["camptocamp/puppet-googleauthenticator"],"tags_count":26,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-googleauthenticator","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-googleauthenticator/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-googleauthenticator/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/voxpupuli%2Fpuppet-googleauthenticator/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/voxpupuli","download_url":"https://codeload.github.com/voxpupuli/puppet-googleauthenticator/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":244983873,"owners_count":20542542,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacktoberfest","puppet"],"created_at":"2024-10-12T06:04:32.511Z","updated_at":"2025-12-11T21:27:27.076Z","avatar_url":"https://github.com/voxpupuli.png","language":"Puppet","funding_links":["https://opencollective.com/vox-pupuli","https://github.com/sponsors/voxpupuli"],"categories":[],"sub_categories":[],"readme":"puppet-googleauthenticator\n===========================\n\n[![Puppet Forge Version](http://img.shields.io/puppetforge/v/voxpupuli/googleauthenticator.svg)](https://forge.puppetlabs.com/puppet/googleauthenticator)\n[![Puppet Forge Downloads](http://img.shields.io/puppetforge/dt/voxpupuli/googleauthenticator.svg)](https://forge.puppetlabs.com/puppet/googleauthenticator)\n[![Build Status](https://img.shields.io/travis/voxpupuli/puppet-googleauthenticator/master.svg)](https://travis-ci.org/voxpupuli/puppet-googleauthenticator)\n[![Gemnasium](https://img.shields.io/gemnasium/voxpupuli/puppet-googleauthenticator.svg)](https://gemnasium.com/voxpupuli/puppet-googleauthenticator)\n[![Donated by Camptocamp](https://img.shields.io/badge/donated%20by-camptocamp-fb7047.svg)](#transfer-notice)\n\nGoogle-authenticator module for Puppet.\n\nThis module allows to easily deploy google-authenticator two-step authentication for users using the PAM google-authenticator module.\n\n\nRequirements\n------------\n\n* Service['ssh'] must be managed for the node.\n\nSimple example\n--------------\n\n    # Setup PAM\n    # Only root uses tokens locally, all users need one through SSH\n    # Note that key authentication with SSH never requires a token\n    googleauthenticator::pam {\n      'login': mode =\u003e 'root-only';\n      'su':    mode =\u003e 'root-only';\n      'sshd':  mode =\u003e 'all-users';\n    }\n\n    # Add 2 step verification for a user\n    googleauthenticator::user {'root':\n      secret_key =\u003e 'C6SSDFBBH6P76EDM',\n      scratch_codes =\u003e ['78905638', '14036415', '77983530', '22071921', '19861182'],\n    }\n\n\nAdding PAM modes\n----------------\n\nIn order to use the module, you have to setup each PAM module using googleauthenticator::pam. Two values are currently available by default for the mode:\n\n* all-users: All users will be prompted for a token for this PAM module;\n* root-only: Only root will be prompted for a token for this PAM module;\n* systemwide-users: Google-authenticator files are store in /etc/google-authenticator/${user}/google_authenticator files instead of the home of each user. Use googleauthenticator::user::systemwide to manage the user files. This is useful for users with encrypted home directories.\n\nIn the first and third cases, users who have not configured google-authenticator on their account will not be able to authenticate using the given module.\n\nYou can setup new modes by adding googleauthenticator::pam::mode definitions, for example:\n\n    googleauthenticator::pam::mode {\n      'sysadmin':\n        # Only ask for a token if users are in the sysadmin group\n        condition =\u003e 'user ingroup sysadmin';\n\n      'optional-users':\n        # Users with a UID above 1000 don't need a token\n        succeed_if =\u003e 'uid \u003e 1000',\n        # It's ok to not have a ~/.google_authenticator file\n        nullok     =\u003e true;\n    }\n\n    googleauthenticator::pam::mode {['joe','foo']:\n      mode =\u003e 'sysadmin',\n    }\n\nNote\n----\n\nBecause the PAM module for Google-authenticator currently uses only one file for both configuration and living data (see [ticket #167](http://code.google.com/p/google-authenticator/issues/detail?id=167)), scratch codes that are used get redeployed every time, and current values stored in the ~/.google_authenticator file (such as timestamps for rate limit) get overridden. The cleanest way to handle this would be for the PAM module to use two different files for configuration and living data, but this is currently not possible.\n\n\n\nTransfer Notice\n---------------\n\nThis plugin was originally authored by [Camptocamp](http://www.camptocamp.com).\nThe maintainer preferred that Puppet Community take ownership of the module for future improvement and maintenance.\nExisting pull requests and issues were transferred over, please fork and continue to contribute here instead of Camptocamp.\n\nPreviously: https://github.com/camptocamp/puppet-googleauthenticator\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-googleauthenticator","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fvoxpupuli%2Fpuppet-googleauthenticator","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fvoxpupuli%2Fpuppet-googleauthenticator/lists"}