---
# defaults file for ansible-yubikey
yubikey_add_system_group: true

yubikey_config_sshd: true
yubikey_sshd_pam: /etc/pam.d/yubico-sshd-auth
yubikey_sshd_and_pass: true

yubikey_sshd_disable_pass: true
yubikey_sshd_config_addition: |
  Match group yubikey
        AuthenticationMethods publickey,keyboard-interactive:pam

yubikey_config_login: false
yubikey_login_pam: /etc/pam.d/yubico-login-auth

yubikey_config_sudo: true
yubikey_sudo_pam: /etc/pam.d/yubico-sudo-auth
yubikey_sudo_and_pass: false
yubikey_sudo_chal_rsp: false

yubikey_config_polkit: true
yubikey_polkit_pam: /etc/pam.d/yubico-polkit-auth
yubikey_polkit_and_pass: false
yubikey_polkit_chal_rsp: false

yubikey_users: []
# example
#  - name: {{ ansible_user_id }}
#    authorized_yubikeys:
#      - ccccccfcjbff
#      - ccccccevhffu
#      - ccccccelhfrc
#      - ccccccevhfdf
#    challenges:
#      - id: 456789
#        challenge: "v2:01930:1930:2"