Commit e94099c9 authored by Adam Lewenberg's avatar Adam Lewenberg
Browse files

release/005.003

parent 8c51110d
release/005.003 (2016-12-16)
[ssh] Add "@" to a few more variables on sshd_config.erb. [adamhl]
release/005.002 (2016-12-13) release/005.002 (2016-12-13)
[ssh] Change the class "ssh::pam" to "base::ssh::pam". This should [ssh] Change the class "ssh::pam" to "base::ssh::pam". This should
......
...@@ -34,7 +34,7 @@ Protocol 2 ...@@ -34,7 +34,7 @@ Protocol 2
# Only support RSA keys, not DSA keys. # Only support RSA keys, not DSA keys.
HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_rsa_key
<% if ed25519 then -%> <% if @ed25519 then -%>
# Also support Ed25519 host keys. # Also support Ed25519 host keys.
HostKey /etc/ssh/ssh_host_ed25519_key HostKey /etc/ssh/ssh_host_ed25519_key
...@@ -60,7 +60,7 @@ HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %> ...@@ -60,7 +60,7 @@ HostbasedAuthentication <%= @hostbased ? 'yes' : 'no' %>
# Allow password authentication via PAM, but not empty passwords. # Allow password authentication via PAM, but not empty passwords.
ChallengeResponseAuthentication yes ChallengeResponseAuthentication yes
PasswordAuthentication <%= password ? 'yes' : 'no' %> PasswordAuthentication <%= @password ? 'yes' : 'no' %>
UsePAM yes UsePAM yes
PermitEmptyPasswords no PermitEmptyPasswords no
...@@ -68,14 +68,14 @@ PermitEmptyPasswords no ...@@ -68,14 +68,14 @@ PermitEmptyPasswords no
# to add GSSAPIStoreCredentialsOnRekey yes. # to add GSSAPIStoreCredentialsOnRekey yes.
GSSAPIAuthentication yes GSSAPIAuthentication yes
GSSAPICleanupCredentials yes GSSAPICleanupCredentials yes
<% if (@osfamily != 'RedHat') or (lsbmajdistrelease.to_i() >= 6) then -%> <% if (@osfamily != 'RedHat') or (@lsbmajdistrelease.to_i() >= 6) then -%>
GSSAPIKeyExchange yes GSSAPIKeyExchange yes
GSSAPIStrictAcceptorCheck no GSSAPIStrictAcceptorCheck no
<% end -%> <% end -%>
<% if (@operatingsystem == 'Debian') and (@lsbdistcodename != 'lenny') then -%> <% if (@operatingsystem == 'Debian') and (@lsbdistcodename != 'lenny') then -%>
GSSAPIStoreCredentialsOnRekey yes GSSAPIStoreCredentialsOnRekey yes
<% end -%> <% end -%>
<% if (@osfamily == 'RedHat') and (lsbmajdistrelease.to_i() >= 6) then -%> <% if (@osfamily == 'RedHat') and (@lsbmajdistrelease.to_i() >= 6) then -%>
GSSAPIStoreCredentialsOnRekey yes GSSAPIStoreCredentialsOnRekey yes
<% end -%> <% end -%>
<% if (@operatingsystem == 'Ubuntu') then -%> <% if (@operatingsystem == 'Ubuntu') then -%>
...@@ -84,7 +84,7 @@ GSSAPIStoreCredentialsOnRekey yes ...@@ -84,7 +84,7 @@ GSSAPIStoreCredentialsOnRekey yes
<% if (@pam_duo) then -%> <% if (@pam_duo) then -%>
# Require both (GSS-API|PASSWORD) and PAM. # Require both (GSS-API|PASSWORD) and PAM.
AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if password then %> password,keyboard-interactive:pam<% end %> AuthenticationMethods gssapi-with-mic,keyboard-interactive:pam<% if @password then %> password,keyboard-interactive:pam<% end %>
KerberosAuthentication yes KerberosAuthentication yes
<% end -%> <% end -%>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment