diff options
| author | Micah Anderson <micah@riseup.net> | 2010-12-14 13:22:43 -0500 |
|---|---|---|
| committer | Micah Anderson <micah@riseup.net> | 2010-12-14 13:22:43 -0500 |
| commit | 72e24df3b6abbd28dccc8d3fb9a240a62220cdfe (patch) | |
| tree | f527c7a0f91f60d875dd7186692b3cd40d480032 /manifests/init.pp | |
| parent | 6b660a56a76d9f17137b13979895cf0c460ab6ef (diff) | |
add Debian Squeeze sshd template. Enabled kerberos and gssapi options, using the defaults when not specified
Diffstat (limited to 'manifests/init.pp')
| -rw-r--r-- | manifests/init.pp | 49 |
1 files changed, 48 insertions, 1 deletions
diff --git a/manifests/init.pp b/manifests/init.pp index 4f82542..002b927 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -76,7 +76,36 @@ # sshd_password_authentication: If you want to enable password authentication or not # Valid values: yes or no # Default: no -# +# +# sshd_kerberos_authentication: If you want the password that is provided by the user to be +# validated through the Kerberos KDC. To use this option the +# server needs a Kerberos servtab which allows the verification of +# the KDC's identity. +# Valid values: yes or no +# Default: no +# +# sshd_kerberos_getafstoken: If AFS is active and user has a Kerberos 5 TGT, attempt to +# acquire an AFS token before accessing the user's home directory. +# Valid values: yes or no +# Default: no +# +# sshd_kerberos_orlocalpasswd: If password authentication through Kerberos fails, then the password +# will be validated via any additional local mechanism. +# Valid values: yes or no +# Default: yes +# +# sshd_kerberos_ticketcleanup: Destroy the user's ticket cache file on logout? +# Valid values: yes or no +# Default: yes +# +# sshd_gssapi_authentication: Authenticate users based on GSSAPI? +# Valid values: yes or no +# Default: no +# +# sshd_gssapi_cleanupcredentials: Destroy user's credential cache on logout? +# Valid values: yes or no +# Default: yes +# # sshd_challenge_response_authentication: If you want to enable ChallengeResponseAuthentication or not # When disabled, s/key passowords are disabled # Valid values: yes or no @@ -160,6 +189,24 @@ class sshd { case $sshd_password_authentication { '': { $sshd_password_authentication = 'no' } } + case $sshd_kerberos_authentication { + '': { $sshd_kerberos_authentication = 'no' } + } + case $sshd_kerberos_getafstoken { + '': { $sshd_kerberos_getafstoken = 'no' } + } + case $sshd_kerberos_orlocalpasswd { + '': { $sshd_kerberos_orlocalpasswd = 'yes' } + } + case $sshd_kerberos_ticketcleanup { + '': { $sshd_kerberos_ticketcleanup = 'yes' } + } + case $sshd_gssapi_authentication { + '': { $sshd_gssapi_authentication = 'no' } + } + case $sshd_gssapi_cleanupcredentials { + '': { $sshd_gssapi_cleanupcredentials = 'yes' } + } case $sshd_tcp_forwarding { '': { $sshd_tcp_forwarding = 'no' } } |