confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Recommit for updates in build 22

Browse Source
This commit is contained in:
Jenkins Server
2026-04-13 14:55:14 +02:00
parent 58596bf8b3
commit 3f5714f6c3
1 changed files with 268 additions and 46 deletions
Download Patch File Download Diff File Expand all files Collapse all files

314
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -574,6 +574,204 @@
— —
<div class='inline'> <div class='inline'>
<p>setting for sshd_config. Default is no, which is a recommended security setting together with password authentication, but can be set to yes if keyboard-interactive authentication should be allowed. (not recommended)</p> <p>setting for sshd_config. Default is no, which is a recommended security setting together with password authentication, but can be set to yes if keyboard-interactive authentication should be allowed. (not recommended)</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. Kerberos authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to yes if desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_or_local_passwd</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to allow local password authentication as a fallback if Kerberos authentication fails, but can be set to no if you want to only allow Kerberos authentication.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_ticket_cleanup</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable ticket cleanup, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_get_afstoken</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable AFS token retrieval, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_kerberos_use_kuserok</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if Kerberos authentication is enabled, and should be set to yes if you want to enable userok with Kerberos, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_kerberos</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use Kerberos authentication. If true, the relevant Kerberos settings will be included in the sshd_config, otherwise they will be ignored.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_gssapi</span>
<span class='type'>(<tt>Boolean</tt>)</span>
<em class="default">(defaults to: <tt>false</tt>)</em>
&mdash;
<div class='inline'>
<p>whether to use GSSAPI authentication. If true, GSSAPI authentication will be enabled in sshd_config, otherwise it will be disabled. GSSAPI authentication is not commonly used and requires a lot of other settings, so it is disabled by default, but can be set to true if desired.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_authentication</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS authentication, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_cleanup_credentials</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;yes&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS credential cleanup, but can be set to no if you want to disable it.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_key_exchange</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSS key exchange.</p>
</div>
</li>
<li>
<span class='name'>ssh_gssapi_enablek5users</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSSAPI for k5users.</p>
</div> </div>
</li> </li>
@@ -589,49 +787,6 @@
<pre class="lines"> <pre class="lines">
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93 93
94 94
95 95
@@ -642,10 +797,65 @@
100 100
101 101
102 102
103</pre> 103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158</pre>
</td> </td>
<td> <td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 50</span> <pre class="code"><span class="info file"># File 'manifests/params.pp', line 93</span>
class confdroid_ssh::params ( class confdroid_ssh::params (
@@ -678,7 +888,19 @@ class confdroid_ssh::params (
String $ssh_log_level = &#39;INFO&#39;, String $ssh_log_level = &#39;INFO&#39;,
String $ssh_password_authentication = &#39;no&#39;, String $ssh_password_authentication = &#39;no&#39;,
String $ssh_permit_empty_passwords = &#39;no&#39;, String $ssh_permit_empty_passwords = &#39;no&#39;,
String $ssh_kbd_interactive_auth = &#39;no&#39; String $ssh_kbd_interactive_auth = &#39;no&#39;,
Boolean $ssh_use_kerberos = false,
String $ssh_kerberos_authentication = &#39;yes&#39;,
String $ssh_kerberos_or_local_passwd = &#39;yes&#39;,
String $ssh_kerberos_ticket_cleanup = &#39;yes&#39;,
String $ssh_kerberos_get_afstoken = &#39;no&#39;,
String $ssh_kerberos_use_kuserok = &#39;yes&#39;,
Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = &#39;yes&#39;,
String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;,
String $ssh_gssapi_key_exchange = &#39;no&#39;,
String $ssh_gssapi_enablek5users = &#39;no&#39;,
) { ) {
# default facts # default facts