Commit e94099c9 authored by Adam Lewenberg's avatar Adam Lewenberg

release/005.003

parent 8c51110d
release/005.003 (2016-12-16)
[ssh] Add "@" to a few more variables on sshd_config.erb. [adamhl]
release/005.002 (2016-12-13)
[ssh] Change the class "ssh::pam" to "base::ssh::pam". This should
......
......@@ -34,7 +34,7 @@ Protocol 2
# Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key
<% if ed25519 then -%>
<% if @ed25519 then -%>
# Also support Ed25519 host keys.
HostKey /etc/ssh/ssh_host_ed25519_key
......@@ -60,7 +60,7 @@ HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes
PasswordAuthentication <%= password ? 'yes' : 'no' %>
PasswordAuthentication <%= @password ? 'yes' : 'no' %>
UsePAM yes
PermitEmptyPasswords no
......@@ -68,14 +68,14 @@ PermitEmptyPasswords no
# to add GSSAPIStoreCredentialsOnRekey yes.
GSSAPIAuthentication yes
GSSAPICleanupCredentials yes
<% if (@osfamily != 'RedHat') or (lsbmajdistrelease.to_i() >= 6) then -%>
<% if (@osfamily != 'RedHat') or (@lsbmajdistrelease.to_i() >= 6) then -%>
GSSAPIKeyExchange yes
GSSAPIStrictAcceptorCheck no
<% end -%>
<% if (@operatingsystem == 'Debian') and (@lsbdistcodename != 'lenny') then -%>
GSSAPIStoreCredentialsOnRekey yes
<% end -%>
<% if (@osfamily == 'RedHat') and (lsbmajdistrelease.to_i() >= 6) then -%>
<% if (@osfamily == 'RedHat') and (@lsbmajdistrelease.to_i() >= 6) then -%>
GSSAPIStoreCredentialsOnRekey yes
<% end -%>
<% if (@operatingsystem == 'Ubuntu') then -%>
......@@ -84,7 +84,7 @@ GSSAPIStoreCredentialsOnRekey yes
<% if (@pam_duo) then -%>
# Require both (GSS-API|PASSWORD) and PAM.
AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if password then %> password,keyboard-interactive:pam<% end %>
AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if @password then %> password,keyboard-interactive:pam<% end %>
KerberosAuthentication yes
<% end -%>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment