From c619b7ae4c90f1d2155af2b70fd9b27ee9ac01b5 Mon Sep 17 00:00:00 2001
From: Joerg Deckert <jdeckert@unitas-network.de>
Date: Sat, 11 Apr 2020 12:21:08 +0200
Subject: [PATCH] privacyidea: activate pam_ssh_agent_auth

---
 lamp/Makefile | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/lamp/Makefile b/lamp/Makefile
index 597e3fb..1f80856 100644
--- a/lamp/Makefile
+++ b/lamp/Makefile
@@ -21,7 +21,9 @@ postinstall: timesyncd.conf firstboot.start
 	cp firstboot.start $(CHROOT)/etc/local.d/firstboot.start
 	touch $(CHROOT)/firstboot
 	sed -i 's/# %wheel ALL=(ALL) ALL/%wheel ALL=(ALL) ALL/' $(CHROOT)/etc/sudoers
-	$(inroot) useradd -m -G users,wheel -s /bin/bash admin
+	sed -i 's#^auth.*$$#auth [success=2 default=ignore] pam_ssh_agent_auth.so file=~/.ssh/authorized_keys\nauth    include         system-auth#' $(CHROOT)/etc/pam.d/sudo
+	echo "Defaults   env_keep += SSH_AUTH_SOCK" > $(CHROOT)/etc/sudoers.d/ssh_auth_sock
+	$(inroot) useradd -m -G users,wheel -s /bin/bash --comment="virtual appliance admin" --uid 2000 admin
 	$(inroot) passwd -d admin; $(inroot) passwd -e admin
 	$(inroot) systemctl enable screen@adm.service