Rename configuration variables for PAM, GSSAPI, and Kerberos support.

jbronn · jbronn · commit 9bee179b02f2 · 2018-06-15T11:45:55.000-05:00
diff --git a/README.md b/README.md
@@ -36,10 +36,10 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_allow_tcp_forwarding` | false | false to disable TCP Forwarding. Set to true to allow TCP Forwarding.|
 |`ssh_gateway_ports` | `false` | `false` to disable binding forwarded ports to non-loopback addresses. Set to `true` to force binding on wildcard address. Set to `clientspecified` to allow the client to specify which address to bind to.|
 |`ssh_allow_agent_forwarding` | false | false to disable Agent Forwarding. Set to true to allow Agent Forwarding.|
-|`ssh_pam` | true | true if SSH has PAM support.|
+|`ssh_pam_support` | true | true if SSH has PAM support.|
 |`ssh_use_pam` | false | false to disable pam authentication.|
-|`ssh_gssapi` | true | true if SSH has GSSAPI support.|
-|`ssh_kerberos` | true | true if SSH has Kerberos support.|
+|`ssh_gssapi_support` | true | true if SSH has GSSAPI support.|
+|`ssh_kerberos_support` | true | true if SSH has Kerberos support.|
 |`ssh_deny_users` | '' | if specified, login is disallowed for user names that match one of the patterns.|
 |`ssh_allow_users` | '' | if specified, login is allowed only for user names that match one of the patterns.|
 |`ssh_deny_groups` | '' | if specified, login is disallowed for users whose primary group or supplementary group list matches one of the patterns.|
diff --git a/defaults/main.yml b/defaults/main.yml
@@ -74,7 +74,7 @@ ssh_gateway_ports: false                # sshd
 ssh_allow_agent_forwarding: false       # sshd
 
 # true if SSH has PAM support
-ssh_pam: true
+ssh_pam_support: true
 
 # false to disable pam authentication.
 ssh_use_pam: false      # sshd
@@ -86,10 +86,10 @@ ssh_google_auth: false # sshd
 ssh_pam_device: false # sshd
 
 # true if SSH support GSSAPI
-ssh_gssapi: true
+ssh_gssapi_support: true
 
 # true if SSH support Kerberos
-ssh_kerberos: true
+ssh_kerberos_support: true
 
 # if specified, login is disallowed for user names that match one of the patterns.
 ssh_deny_users: ''      # sshd
diff --git a/templates/opensshd.conf.j2 b/templates/opensshd.conf.j2
@@ -93,7 +93,7 @@ IgnoreUserKnownHosts yes
 HostbasedAuthentication no
 
 # Enable PAM to enforce system wide rules
-{% if ssh_pam -%}
+{% if ssh_pam_support -%}
 UsePAM {{ 'yes' if (ssh_use_pam|bool) else 'no' }}
 {% endif %}
 {% if ssh_google_auth %}
@@ -111,15 +111,15 @@ PasswordAuthentication {{ 'yes' if (ssh_server_password_login|bool) else 'no' }}
 PermitEmptyPasswords no
 ChallengeResponseAuthentication {{ 'yes' if (ssh_challengeresponseauthentication|bool) else 'no' }}
 
-{% if ssh_kerberos -%}
+{% if ssh_kerberos_support -%}
 # Only enable Kerberos authentication if it is configured.
 KerberosAuthentication no
 KerberosOrLocalPasswd no
 KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 {% endif %}
 
-{% if ssh_gssapi -%}
+{% if ssh_gssapi_support -%}
 # Only enable GSSAPI authentication if it is configured.
 GSSAPIAuthentication no
 GSSAPICleanupCredentials yes
diff --git a/vars/OpenBSD.yml b/vars/OpenBSD.yml
@@ -2,7 +2,7 @@ sshd_service_name: sshd
 ssh_owner: root
 ssh_group: wheel
 
-ssh_gssapi: false
-ssh_kerberos: false
-ssh_pam: false
+ssh_gssapi_support: false
+ssh_kerberos_support: false
+ssh_pam_support: false
 sshd_moduli: '/etc/moduli'
