diff --git a/manifests/ipmi.pp b/manifests/ipmi.pp
index 96a3ca3d77eb58760aaa54ff44cc08e4bc659eb4..b961fbfdf4f4300dbee2664e07c09bef2214f012 100644
--- a/manifests/ipmi.pp
+++ b/manifests/ipmi.pp
@@ -50,15 +50,7 @@ class base::ipmi (
           # For Debian 8+, the package brings in everything it needs by
           # default.  But, if we are re-enabling we need to recover a file that
           # we deleted.  We then have to trigger systemd to load modules.
-          if ($::puppetversion =~ /^3/) {
-            $operatingsystem    = $::operatingsystem
-            $lsdbmajdistrelease = $::lsdbmajdistrelease
-          } else {
-            $operatingsystem    = $facts['os']['name']
-            $lsdbmajdistrelease = Integer($facts['os']['release']['major'])
-          }
-
-          if (($operatingsystem == 'Debian') and ($lsdbmajdistrelease >= 8)) {
+          if (($::operatingsystem == 'Debian') and ($::lsdbmajdistrelease >= 8)) {
             exec { 'Re-create /usr/lib/modules-load.d/ipmievd.conf':
               command => '/usr/bin/apt-get install --reinstall ipmitool',
               creates => '/usr/lib/modules-load.d/ipmievd.conf',
diff --git a/manifests/pam/debian.pp b/manifests/pam/debian.pp
index 9266e8ca8703bfcedaccd6c12099d21a2ffae7a0..7d96a8abf64870aa6bfd7236fe4dc1d2e236132d 100644
--- a/manifests/pam/debian.pp
+++ b/manifests/pam/debian.pp
@@ -6,14 +6,8 @@ class base::pam::debian {
   package { 'libpam-krb5': ensure => present }
   package { 'libpam-afs-session': ensure => present }
 
-  if ($::puppetversion =~ /^3/) {
-    $lsdbmajdistrelease = $::lsdbmajdistrelease
-  } else {
-    $lsdbmajdistrelease = Integer($facts['os']['release']['major'])
-  }
-
   # Starting with Debian jessie, pam-auth-update manages the common PAM files.
-  if ($lsdbmajdistrelease < 8) {
+  if ($::lsdbmajdistrelease < 8) {
     file {
       '/etc/pam.d/common-auth':
         source  => 'puppet:///modules/base/pam/etc/pam.d/common-auth',
diff --git a/templates/ssh/sshd_config.erb b/templates/ssh/sshd_config.erb
index a0fcf0593c19c41035c96a693136cc8cac427a43..3e52640c148433ec8ef676c18311f5b93c3ffec7 100644
--- a/templates/ssh/sshd_config.erb
+++ b/templates/ssh/sshd_config.erb
@@ -136,8 +136,8 @@ MaxSessions <%= @max_sessions %>
 # we have to configure the authentications for root separately.
 <%-
   gssapi_only      = ['root', 'root.*', '*.root', 'admin.*', '*.admin']
-  gssapi_only      = admin_users + @extra_gssapi_only_users
-  gssapi_only_list = admin_users.join(',')
+  gssapi_only      = gssapi_only + @extra_gssapi_only_users
+  gssapi_only_list = gssapi_only.join(',')
 -%>
 Match User <%= gssapi_only_list %>
   AuthenticationMethods gssapi-with-mic