aboutsummaryrefslogtreecommitdiff
path: root/manifests/init.pp
diff options
context:
space:
mode:
Diffstat (limited to 'manifests/init.pp')
-rw-r--r--manifests/init.pp49
1 files changed, 48 insertions, 1 deletions
diff --git a/manifests/init.pp b/manifests/init.pp
index 4f82542..002b927 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -76,7 +76,36 @@
# sshd_password_authentication: If you want to enable password authentication or not
# Valid values: yes or no
# Default: no
-#
+#
+# sshd_kerberos_authentication: If you want the password that is provided by the user to be
+# validated through the Kerberos KDC. To use this option the
+# server needs a Kerberos servtab which allows the verification of
+# the KDC's identity.
+# Valid values: yes or no
+# Default: no
+#
+# sshd_kerberos_getafstoken: If AFS is active and user has a Kerberos 5 TGT, attempt to
+# acquire an AFS token before accessing the user's home directory.
+# Valid values: yes or no
+# Default: no
+#
+# sshd_kerberos_orlocalpasswd: If password authentication through Kerberos fails, then the password
+# will be validated via any additional local mechanism.
+# Valid values: yes or no
+# Default: yes
+#
+# sshd_kerberos_ticketcleanup: Destroy the user's ticket cache file on logout?
+# Valid values: yes or no
+# Default: yes
+#
+# sshd_gssapi_authentication: Authenticate users based on GSSAPI?
+# Valid values: yes or no
+# Default: no
+#
+# sshd_gssapi_cleanupcredentials: Destroy user's credential cache on logout?
+# Valid values: yes or no
+# Default: yes
+#
# sshd_challenge_response_authentication: If you want to enable ChallengeResponseAuthentication or not
# When disabled, s/key passowords are disabled
# Valid values: yes or no
@@ -160,6 +189,24 @@ class sshd {
case $sshd_password_authentication {
'': { $sshd_password_authentication = 'no' }
}
+ case $sshd_kerberos_authentication {
+ '': { $sshd_kerberos_authentication = 'no' }
+ }
+ case $sshd_kerberos_getafstoken {
+ '': { $sshd_kerberos_getafstoken = 'no' }
+ }
+ case $sshd_kerberos_orlocalpasswd {
+ '': { $sshd_kerberos_orlocalpasswd = 'yes' }
+ }
+ case $sshd_kerberos_ticketcleanup {
+ '': { $sshd_kerberos_ticketcleanup = 'yes' }
+ }
+ case $sshd_gssapi_authentication {
+ '': { $sshd_gssapi_authentication = 'no' }
+ }
+ case $sshd_gssapi_cleanupcredentials {
+ '': { $sshd_gssapi_cleanupcredentials = 'yes' }
+ }
case $sshd_tcp_forwarding {
'': { $sshd_tcp_forwarding = 'no' }
}