community / community.general / 6.6.8 / module / ipa_otptoken Manage FreeIPA OTPs | "added in version" 2.5.0 of community.general" Authors: justchris1 (@justchris1)community.general.ipa_otptoken (6.6.8) — module
Install with ansible-galaxy collection install community.general:==6.6.8
collections: - name: community.general version: 6.6.8
Add, modify, and delete One Time Passwords in IPA.
- name: Create a totp for pinky, allowing the IPA server to generate using defaults community.general.ipa_otptoken: uniqueid: Token123 otptype: totp owner: pinky ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
- name: Create a 8 digit hotp for pinky with sha256 with specified validity times community.general.ipa_otptoken: uniqueid: Token123 enabled: true otptype: hotp digits: 8 secretkey: UMKSIER00zT2T2tWMUlTRmNlekRCbFQvWFBVZUh2dElHWGR6T3VUR3IzK2xjaFk9 algorithm: sha256 notbefore: 20180121182123 notafter: 20220121182123 owner: pinky ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
- name: Update Token123 to indicate a vendor, model, serial number (info only), and description community.general.ipa_otptoken: uniqueid: Token123 vendor: Acme model: acme101 serial: SerialNumber1 description: Acme OTP device ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
- name: Disable Token123 community.general.ipa_otptoken: uniqueid: Token123 enabled: false ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
- name: Rename Token123 to TokenABC and enable it community.general.ipa_otptoken: uniqueid: Token123 newuniqueid: TokenABC enabled: true ipa_host: ipa.example.com ipa_user: admin ipa_pass: topsecret
model: description: Token model (informational only). type: str owner: description: Assigned user of the token. type: str state: choices: - present - absent default: present description: State to ensure. type: str digits: choices: - 6 - 8 description: - Number of digits each token code will have. - B(Note:) Cannot be modified after OTP is created. type: int offset: description: - TOTP token / IPA server time difference. - B(Note:) Cannot be modified after OTP is created. type: int serial: description: Token serial (informational only). type: str vendor: description: Token vendor name (informational only). type: str counter: description: - Initial counter for the HOTP token. - B(Note:) Cannot be modified after OTP is created. type: int enabled: default: true description: Mark the token as enabled (default C(true)). type: bool otptype: choices: - totp - hotp description: - Type of OTP. - B(Note:) Cannot be modified after OTP is created. type: str interval: description: - Length of TOTP token code validity in seconds. - B(Note:) Cannot be modified after OTP is created. type: int ipa_host: default: ipa.example.com description: - IP or hostname of IPA server. - If the value is not specified in the task, the value of environment variable C(IPA_HOST) will be used instead. - If both the environment variable C(IPA_HOST) and the value are not specified in the task, then DNS will be used to try to discover the FreeIPA server. - The relevant entry needed in FreeIPA is the 'ipa-ca' entry. - If neither the DNS entry, nor the environment C(IPA_HOST), nor the value are available in the task, then the default value will be used. - Environment variable fallback mechanism is added in Ansible 2.5. type: str ipa_pass: description: - Password of administrative user. - If the value is not specified in the task, the value of environment variable C(IPA_PASS) will be used instead. - Note that if the 'urllib_gssapi' library is available, it is possible to use GSSAPI to authenticate to FreeIPA. - If the environment variable C(KRB5CCNAME) is available, the module will use this kerberos credentials cache to authenticate to the FreeIPA server. - If the environment variable C(KRB5_CLIENT_KTNAME) is available, and C(KRB5CCNAME) is not; the module will use this kerberos keytab to authenticate. - If GSSAPI is not available, the usage of 'ipa_pass' is required. - Environment variable fallback mechanism is added in Ansible 2.5. type: str ipa_port: default: 443 description: - Port of FreeIPA / IPA server. - If the value is not specified in the task, the value of environment variable C(IPA_PORT) will be used instead. - If both the environment variable C(IPA_PORT) and the value are not specified in the task, then default value is set. - Environment variable fallback mechanism is added in Ansible 2.5. type: int ipa_prot: choices: - http - https default: https description: - Protocol used by IPA server. - If the value is not specified in the task, the value of environment variable C(IPA_PROT) will be used instead. - If both the environment variable C(IPA_PROT) and the value are not specified in the task, then default value is set. - Environment variable fallback mechanism is added in Ansible 2.5. type: str ipa_user: default: admin description: - Administrative account used on IPA server. - If the value is not specified in the task, the value of environment variable C(IPA_USER) will be used instead. - If both the environment variable C(IPA_USER) and the value are not specified in the task, then default value is set. - Environment variable fallback mechanism is added in Ansible 2.5. type: str notafter: description: - Last date/time the token can be used. - In the format C(YYYYMMddHHmmss). - For example, C(20200121182022) will allow the token to be used until 21 January 2020 at 18:20:22. type: str uniqueid: aliases: - name description: Unique ID of the token in IPA. required: true type: str algorithm: choices: - sha1 - sha256 - sha384 - sha512 description: - Token hash algorithm. - B(Note:) Cannot be modified after OTP is created. type: str notbefore: description: - First date/time the token can be used. - In the format C(YYYYMMddHHmmss). - For example, C(20180121182022) will allow the token to be used starting on 21 January 2018 at 18:20:22. type: str secretkey: description: - Token secret (Base64). - If OTP is created and this is not specified, a random secret will be generated by IPA. - B(Note:) Cannot be modified after OTP is created. type: str description: description: Description of the token (informational only). type: str ipa_timeout: default: 10 description: - Specifies idle timeout (in seconds) for the connection. - For bulk operations, you may want to increase this in order to avoid timeout from IPA server. - If the value is not specified in the task, the value of environment variable C(IPA_TIMEOUT) will be used instead. - If both the environment variable C(IPA_TIMEOUT) and the value are not specified in the task, then default value is set. type: int newuniqueid: description: If specified, the unique id specified will be changed to this. type: str validate_certs: default: true description: - This only applies if C(ipa_prot) is I(https). - If set to C(false), the SSL certificates will not be validated. - This should only set to C(false) used on personally controlled sites using self-signed certificates. type: bool
otptoken: description: OTP Token as returned by IPA API returned: always type: dict