confdroid/confdroid_ssh
1
0
Fork 0
Code Issues Projects Wiki Activity

Compare commits

base: confdroid:ea7725607188210810a98d4f14fbbfdba077d61b
Branches Tags
confdroid:master
confdroid:1.0.1-04.2026 confdroid:1.0.0-04.2026
..
compare: confdroid:761f071573e1e418e5edc0411583fb009c5f5a23
Branches Tags
confdroid:master
confdroid:1.0.1-04.2026 confdroid:1.0.0-04.2026

5 Commits
ea77256071 ... 761f071573

Author SHA1 Message Date
Jenkins
761f071573 Merge branch 'jenkins-build-23' into 'master' 
Auto-merge for build 23

See merge request puppet/confdroid_ssh!23
 2026-04-13 15:53:13 +02:00
Jenkins Server
a648676a51 Recommit for updates in build 23 2026-04-13 15:01:32 +02:00
Jenkins Server
77b664a6f0 Merge remote-tracking branch 'origin/master' into jenkins-build-23 2026-04-13 15:00:41 +02:00
12ww1160
c8139772a2 OP#575 add kerberos and gssapi sections am PAM 2026-04-13 15:00:24 +02:00
Jenkins
6a9563ae04 Merge branch 'jenkins-build-22' into 'master' 
Auto-merge for build 22

See merge request puppet/confdroid_ssh!22
 2026-04-13 12:55:20 +00:00
3 changed files with 43 additions and 18 deletions
Expand all files Collapse all files

44
doc/puppet_classes/confdroid_ssh_3A_3Aparams.html
View File

@@ -772,6 +772,24 @@
—
<div class='inline'>
<p>setting for sshd_config. Default is no. This setting is only relevant if GSSAPI authentication is enabled, and should be set to yes if you want to enable GSSAPI for k5users.</p>
</div>
</li>
<li>
<span class='name'>ssh_use_pam</span>
<span class='type'>(<tt>String</tt>)</span>
<em class="default">(defaults to: <tt>&#39;no&#39;</tt>)</em>
&mdash;
<div class='inline'>
<p>setting for sshd_config. Default is no. PAM is not commonly used for SSH authentication and can introduce security risks if not configured properly, so it is disabled by default. Thi setting is related to PasswordAuthentication and KbdInteractiveAuthentication, and should be set to yes only if you want to use PAM for authentication together with those settings.</p>
</div>
</li>
@@ -787,12 +805,6 @@
<pre class="lines">
93
94
95
96
97
98
99
100
101
@@ -852,10 +864,16 @@
155
156
157
158</pre>
158
159
160
161
162
163
164</pre>
</td>
<td>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 93</span>
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 99</span>
class confdroid_ssh::params (
@@ -896,11 +914,11 @@ class confdroid_ssh::params (
String $ssh_kerberos_get_afstoken = &#39;no&#39;,
String $ssh_kerberos_use_kuserok = &#39;yes&#39;,
Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = &#39;yes&#39;,
String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;,
String $ssh_gssapi_key_exchange = &#39;no&#39;,
String $ssh_gssapi_enablek5users = &#39;no&#39;,
String $ssh_gssapi_authentication = &#39;yes&#39;,
String $ssh_gssapi_cleanup_credentials = &#39;yes&#39;,
String $ssh_gssapi_key_exchange = &#39;no&#39;,
String $ssh_gssapi_enablek5users = &#39;no&#39;,
String $ssh_use_pam = &#39;no&#39;,
) {
# default facts

16
manifests/params.pp
View File

@@ -89,6 +89,12 @@
# @param [String] ssh_gssapi_enablek5users setting for sshd_config.
# Default is 'no'. This setting is only relevant if GSSAPI authentication is
# enabled, and should be set to 'yes' if you want to enable GSSAPI for k5users.
# @param [String] ssh_use_pam setting for sshd_config. Default is 'no'. PAM is not
# commonly used for SSH authentication and can introduce security risks if
# not configured properly, so it is disabled by default. Thi setting is
# related to PasswordAuthentication and KbdInteractiveAuthentication, and
# should be set to 'yes' only if you want to use PAM for authentication
# together with those settings.
##############################################################################
class confdroid_ssh::params (
@@ -129,11 +135,11 @@ class confdroid_ssh::params (
String $ssh_kerberos_get_afstoken = 'no',
String $ssh_kerberos_use_kuserok = 'yes',
Boolean $ssh_use_gssapi = false,
String $ssh_gssapi_authentication = 'yes',
String $ssh_gssapi_cleanup_credentials = 'yes',
String $ssh_gssapi_key_exchange = 'no',
String $ssh_gssapi_enablek5users = 'no',
String $ssh_gssapi_authentication = 'yes',
String $ssh_gssapi_cleanup_credentials = 'yes',
String $ssh_gssapi_key_exchange = 'no',
String $ssh_gssapi_enablek5users = 'no',
String $ssh_use_pam = 'no',
) {
# default facts

1
templates/sshd_custom_conf.erb
View File

@@ -31,6 +31,7 @@ AuthorizedKeysCommandUser <%= @ssh_authorized_keys_command_user %>
PasswordAuthentication <%= @ssh_password_authentication %>
PermitEmptyPasswords <%= @ssh_permit_empty_passwords %>
KbdInteractiveAuthentication <%= @ssh_kbd_interactive_auth %>
UsePAM <%= @ssh_use_pam %>
<% if @ssh_use_kerberos -%>
KerberosAuthentication <%= @ssh_kerberos_authentication %>