community.general.ipa_otptoken module – Manage FreeIPA OTPs
Note
This module is part of the community.general collection (version 5.8.3).
You might already have this collection installed if you are using the ansible
package.
It is not included in ansible-core
.
To check whether it is installed, run ansible-galaxy collection list
.
To install it, use: ansible-galaxy collection install community.general
.
To use it in a playbook, specify: community.general.ipa_otptoken
.
New in community.general 2.5.0
Synopsis
Add, modify, and delete One Time Passwords in IPA.
Parameters
Parameter |
Comments |
---|---|
Token hash algorithm. Note: Cannot be modified after OTP is created. Choices:
|
|
Initial counter for the HOTP token. Note: Cannot be modified after OTP is created. |
|
Description of the token (informational only). |
|
Number of digits each token code will have. Note: Cannot be modified after OTP is created. Choices:
|
|
Mark the token as enabled (default Choices:
|
|
Length of TOTP token code validity in seconds. Note: Cannot be modified after OTP is created. |
|
IP or hostname of IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable The relevant entry needed in FreeIPA is the ‘ipa-ca’ entry. If neither the DNS entry, nor the environment Environment variable fallback mechanism is added in Ansible 2.5. Default: |
|
Password of administrative user. If the value is not specified in the task, the value of environment variable Note that if the ‘urllib_gssapi’ library is available, it is possible to use GSSAPI to authenticate to FreeIPA. If the environment variable If the environment variable If GSSAPI is not available, the usage of ‘ipa_pass’ is required. Environment variable fallback mechanism is added in Ansible 2.5. |
|
Port of FreeIPA / IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. Default: |
|
Protocol used by IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. Choices:
|
|
Specifies idle timeout (in seconds) for the connection. For bulk operations, you may want to increase this in order to avoid timeout from IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Default: |
|
Administrative account used on IPA server. If the value is not specified in the task, the value of environment variable If both the environment variable Environment variable fallback mechanism is added in Ansible 2.5. Default: |
|
Token model (informational only). |
|
If specified, the unique id specified will be changed to this. |
|
Last date/time the token can be used. In the format For example, |
|
First date/time the token can be used. In the format For example, |
|
TOTP token / IPA server time difference. Note: Cannot be modified after OTP is created. |
|
Type of OTP. Note: Cannot be modified after OTP is created. Choices:
|
|
Assigned user of the token. |
|
Token secret (Base64). If OTP is created and this is not specified, a random secret will be generated by IPA. Note: Cannot be modified after OTP is created. |
|
Token serial (informational only). |
|
State to ensure. Choices:
|
|
Unique ID of the token in IPA. |
|
This only applies if If set to This should only set to Choices:
|
|
Token vendor name (informational only). |
Examples
- name: Create a totp for pinky, allowing the IPA server to generate using defaults
community.general.ipa_otptoken:
uniqueid: Token123
otptype: totp
owner: pinky
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Create a 8 digit hotp for pinky with sha256 with specified validity times
community.general.ipa_otptoken:
uniqueid: Token123
enabled: true
otptype: hotp
digits: 8
secretkey: UMKSIER00zT2T2tWMUlTRmNlekRCbFQvWFBVZUh2dElHWGR6T3VUR3IzK2xjaFk9
algorithm: sha256
notbefore: 20180121182123
notafter: 20220121182123
owner: pinky
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Update Token123 to indicate a vendor, model, serial number (info only), and description
community.general.ipa_otptoken:
uniqueid: Token123
vendor: Acme
model: acme101
serial: SerialNumber1
description: Acme OTP device
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Disable Token123
community.general.ipa_otptoken:
uniqueid: Token123
enabled: false
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
- name: Rename Token123 to TokenABC and enable it
community.general.ipa_otptoken:
uniqueid: Token123
newuniqueid: TokenABC
enabled: true
ipa_host: ipa.example.com
ipa_user: admin
ipa_pass: topsecret
Return Values
Common return values are documented here, the following are the fields unique to this module:
Key |
Description |
---|---|
OTP Token as returned by IPA API Returned: always |
Collection links
Issue Tracker Repository (Sources) Submit a bug report Request a feature Communication