From 3f5714f6c3663d33b7edb51258fb2377d057a86a Mon Sep 17 00:00:00 2001 From: Jenkins Server Date: Mon, 13 Apr 2026 14:55:14 +0200 Subject: [PATCH] Recommit for updates in build 22 --- .../confdroid_ssh_3A_3Aparams.html | 314 +++++++++++++++--- 1 file changed, 268 insertions(+), 46 deletions(-) diff --git a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html index e238d72..5feebb8 100644 --- a/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html +++ b/doc/puppet_classes/confdroid_ssh_3A_3Aparams.html @@ -574,6 +574,204 @@ —

setting for sshd_config. Default is ‘no’, which is a recommended security setting together with password authentication, but can be set to ‘yes’ if keyboard-interactive authentication should be allowed. (not recommended)

+
+ + + +
  • + + ssh_kerberos_authentication + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. Kerberos authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to ‘yes’ if desired.

    +
    + +
    • + +
  • + + ssh_kerberos_or_local_passwd + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to allow local password authentication as a fallback if Kerberos authentication fails, but can be set to ‘no’ if you want to only allow Kerberos authentication.

    +
    + +
    • + +
  • + + ssh_kerberos_ticket_cleanup + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable ticket cleanup, but can be set to ‘no’ if you want to disable it.

    +
    + +
    • + +
  • + + ssh_kerberos_get_afstoken + + + (String) + + + (defaults to: 'no') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable AFS token retrieval, but can be set to ‘no’ if you want to disable it.

    +
    + +
    • + +
  • + + ssh_kerberos_use_kuserok + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if Kerberos authentication is enabled, and should be set to ‘yes’ if you want to enable userok with Kerberos, but can be set to ‘no’ if you want to disable it.

    +
    + +
    • + +
  • + + ssh_use_kerberos + + + (Boolean) + + + (defaults to: false) + + + — +
    +

    whether to use Kerberos authentication. If true, the relevant Kerberos settings will be included in the sshd_config, otherwise they will be ignored.

    +
    + +
    • + +
  • + + ssh_use_gssapi + + + (Boolean) + + + (defaults to: false) + + + — +
    +

    whether to use GSSAPI authentication. If true, GSSAPI authentication will be enabled in sshd_config, otherwise it will be disabled. GSSAPI authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to true if desired.

    +
    + +
    • + +
  • + + ssh_gssapi_authentication + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS authentication, but can be set to ‘no’ if you want to disable it.

    +
    + +
    • + +
  • + + ssh_gssapi_cleanup_credentials + + + (String) + + + (defaults to: 'yes') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS credential cleanup, but can be set to ‘no’ if you want to disable it.

    +
    + +
    • + +
  • + + ssh_gssapi_key_exchange + + + (String) + + + (defaults to: 'no') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSS key exchange.

    +
    + +
    • + +
  • + + ssh_gssapi_enablek5users + + + (String) + + + (defaults to: 'no') + + + — +
    +

    setting for sshd_config. Default is ‘no’. This setting is only relevant if GSSAPI authentication is enabled, and should be set to ‘yes’ if you want to enable GSSAPI for k5users.

    • @@ -589,49 +787,6 @@ 
     
 
-50
-51
-52
-53
-54
-55
-56
-57
-58
-59
-60
-61
-62
-63
-64
-65
-66
-67
-68
-69
-70
-71
-72
-73
-74
-75
-76
-77
-78
-79
-80
-81
-82
-83
-84
-85
-86
-87
-88
-89
-90
-91
-92
 93
 94
 95
@@ -642,10 +797,65 @@
 100
 101
 102
-103
    +103 +104 +105 +106 +107 +108 +109 +110 +111 +112 +113 +114 +115 +116 +117 +118 +119 +120 +121 +122 +123 +124 +125 +126 +127 +128 +129 +130 +131 +132 +133 +134 +135 +136 +137 +138 +139 +140 +141 +142 +143 +144 +145 +146 +147 +148 +149 +150 +151 +152 +153 +154 +155 +156 +157 +158 - 
    # File 'manifests/params.pp', line 50
+        
    # File 'manifests/params.pp', line 93
 
 class confdroid_ssh::params (
 
@@ -678,7 +888,19 @@ class confdroid_ssh::params (
   String  $ssh_log_level                    = 'INFO',
   String  $ssh_password_authentication      = 'no',
   String  $ssh_permit_empty_passwords       = 'no',
-  String  $ssh_kbd_interactive_auth         = 'no'
+  String  $ssh_kbd_interactive_auth         = 'no',
+  Boolean $ssh_use_kerberos                 = false,
+  String  $ssh_kerberos_authentication      = 'yes',
+  String  $ssh_kerberos_or_local_passwd     = 'yes',
+  String  $ssh_kerberos_ticket_cleanup      = 'yes',
+  String  $ssh_kerberos_get_afstoken        = 'no',
+  String  $ssh_kerberos_use_kuserok         = 'yes',
+  Boolean $ssh_use_gssapi                   = false,
+  String  $ssh_gssapi_authentication         = 'yes',
+  String  $ssh_gssapi_cleanup_credentials    = 'yes',
+  String  $ssh_gssapi_key_exchange           = 'no',
+  String  $ssh_gssapi_enablek5users          = 'no',
+
 
 ) {
 # default facts