Merge pull request #127 from ghoneycutt/add_param_for_kerberosauthentication
Add parameter for KerberosAuthentication option to sshd
This commit is contained in:
Garrett Honeycutt
commit
1e96a8b2af
@ -61,6 +61,7 @@ class ssh (
|
|||||||
$sshd_banner_mode = '0644',
|
$sshd_banner_mode = '0644',
|
||||||
$sshd_config_xauth_location = 'USE_DEFAULTS',
|
$sshd_config_xauth_location = 'USE_DEFAULTS',
|
||||||
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
|
$sshd_config_subsystem_sftp = 'USE_DEFAULTS',
|
||||||
|
$sshd_kerberos_authentication = undef,
|
||||||
$sshd_password_authentication = 'yes',
|
$sshd_password_authentication = 'yes',
|
||||||
$sshd_allow_tcp_forwarding = 'yes',
|
$sshd_allow_tcp_forwarding = 'yes',
|
||||||
$sshd_x11_forwarding = 'yes',
|
$sshd_x11_forwarding = 'yes',
|
||||||
@ -414,6 +415,9 @@ class ssh (
|
|||||||
validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.")
|
validate_re($ssh_config_hash_known_hosts_real, '^(yes|no)$', "ssh::ssh_config_hash_known_hosts may be either 'yes' or 'no' and is set to <${ssh_config_hash_known_hosts_real}>.")
|
||||||
}
|
}
|
||||||
validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
|
validate_re($sshd_config_port, '^\d+$', "ssh::sshd_config_port must be a valid number and is set to <${sshd_config_port}>.")
|
||||||
|
if $sshd_kerberos_authentication != undef {
|
||||||
|
validate_re($sshd_kerberos_authentication, '^(yes|no)$', "ssh::sshd_kerberos_authentication may be either 'yes' or 'no' and is set to <${sshd_kerberos_authentication}>.")
|
||||||
|
}
|
||||||
validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
|
validate_re($sshd_password_authentication, '^(yes|no)$', "ssh::sshd_password_authentication may be either 'yes' or 'no' and is set to <${sshd_password_authentication}>.")
|
||||||
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
|
validate_re($sshd_allow_tcp_forwarding, '^(yes|no)$', "ssh::sshd_allow_tcp_forwarding may be either 'yes' or 'no' and is set to <${sshd_allow_tcp_forwarding}>.")
|
||||||
validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
|
validate_re($sshd_x11_forwarding, '^(yes|no)$', "ssh::sshd_x11_forwarding may be either 'yes' or 'no' and is set to <${sshd_x11_forwarding}>.")
|
||||||
|
|||||||
@ -1002,6 +1002,7 @@ describe 'ssh' do
|
|||||||
:sshd_banner_content => 'textinbanner',
|
:sshd_banner_content => 'textinbanner',
|
||||||
:sshd_config_xauth_location => '/opt/ssh/bin/xauth',
|
:sshd_config_xauth_location => '/opt/ssh/bin/xauth',
|
||||||
:sshd_config_subsystem_sftp => '/opt/ssh/bin/sftp',
|
:sshd_config_subsystem_sftp => '/opt/ssh/bin/sftp',
|
||||||
|
:sshd_kerberos_authentication => 'no',
|
||||||
:sshd_password_authentication => 'no',
|
:sshd_password_authentication => 'no',
|
||||||
:sshd_allow_tcp_forwarding => 'no',
|
:sshd_allow_tcp_forwarding => 'no',
|
||||||
:sshd_x11_forwarding => 'no',
|
:sshd_x11_forwarding => 'no',
|
||||||
@ -1068,6 +1069,7 @@ describe 'ssh' do
|
|||||||
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) }
|
it { should contain_file('sshd_config').with_content(/^XAuthLocation \/opt\/ssh\/bin\/xauth$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/opt\/ssh\/bin\/sftp$/) }
|
it { should contain_file('sshd_config').with_content(/^Subsystem sftp \/opt\/ssh\/bin\/sftp$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^PasswordAuthentication no$/) }
|
it { should contain_file('sshd_config').with_content(/^PasswordAuthentication no$/) }
|
||||||
|
it { should contain_file('sshd_config').with_content(/^KerberosAuthentication no$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding no$/) }
|
it { should contain_file('sshd_config').with_content(/^AllowTcpForwarding no$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^X11Forwarding no$/) }
|
it { should contain_file('sshd_config').with_content(/^X11Forwarding no$/) }
|
||||||
it { should contain_file('sshd_config').with_content(/^UsePAM no$/) }
|
it { should contain_file('sshd_config').with_content(/^UsePAM no$/) }
|
||||||
@ -1307,6 +1309,41 @@ describe 'ssh' do
|
|||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'with sshd_kerberos_authentication' do
|
||||||
|
['yes','no'].each do |value|
|
||||||
|
context "set to #{value}" do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
let (:params) {{ 'sshd_kerberos_authentication' => value }}
|
||||||
|
|
||||||
|
it { should contain_file('sshd_config').with_content(/^KerberosAuthentication #{value}$/) }
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'set to invalid value on valid osfamily' do
|
||||||
|
let :facts do
|
||||||
|
{
|
||||||
|
:fqdn => 'monkey.example.com',
|
||||||
|
:osfamily => 'RedHat',
|
||||||
|
:sshrsakey => 'AAAAB3NzaC1yc2EAAAABIwAAAQEArGElx46pD6NNnlxVaTbp0ZJMgBKCmbTCT3RaeCk0ZUJtQ8wkcwTtqIXmmiuFsynUT0DFSd8UIodnBOPqitimmooAVAiAi30TtJVzADfPScMiUnBJKZajIBkEMkwUcqsfh630jyBvLPE/kyQcxbEeGtbu1DG3monkeymanOBW1AKc5o+cJLXcInLnbowMG7NXzujT3BRYn/9s5vtT1V9cuZJs4XLRXQ50NluxJI7sVfRPVvQI9EMbTS4AFBXUej3yfgaLSV+nPZC/lmJ2gR4t/tKvMFF9m16f8IcZKK7o0rK7v81G/tREbOT5YhcKLK+0wBfR6RsmHzwy4EddZloyLQ=='
|
||||||
|
}
|
||||||
|
end
|
||||||
|
let :params do
|
||||||
|
{ :sshd_kerberos_authentication => 'invalid' }
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'should fail' do
|
||||||
|
expect {
|
||||||
|
should contain_class('ssh')
|
||||||
|
}.to raise_error(Puppet::Error,/ssh::sshd_kerberos_authentication may be either \'yes\' or \'no\' and is set to <invalid>\./)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
context 'when ssh_config_template has a nonstandard value' do
|
context 'when ssh_config_template has a nonstandard value' do
|
||||||
context 'and that value is not valid' do
|
context 'and that value is not valid' do
|
||||||
|
|||||||
@ -104,7 +104,10 @@ PAMAuthenticationViaKBDInt <%= @sshd_pamauthenticationviakbdint_real %>
|
|||||||
ChallengeResponseAuthentication <%= @sshd_config_challenge_resp_auth %>
|
ChallengeResponseAuthentication <%= @sshd_config_challenge_resp_auth %>
|
||||||
|
|
||||||
# Kerberos options
|
# Kerberos options
|
||||||
|
<% if @sshd_kerberos_authentication != nil -%>
|
||||||
#KerberosAuthentication no
|
#KerberosAuthentication no
|
||||||
|
KerberosAuthentication <%= @sshd_kerberos_authentication %>
|
||||||
|
<% end -%>
|
||||||
#KerberosOrLocalPasswd yes
|
#KerberosOrLocalPasswd yes
|
||||||
#KerberosTicketCleanup yes
|
#KerberosTicketCleanup yes
|
||||||
#KerberosGetAFSToken no
|
#KerberosGetAFSToken no
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user