From fa69bfc1eb6deadd6b05d839f4ad1c2c86107931 Mon Sep 17 00:00:00 2001
From: Brendan Shephard <bshephar@redhat.com>
Date: Fri, 4 Mar 2022 01:56:30 +1100
Subject: [PATCH] Disable GSSAPIAuthentication by default

Having GSSAPIAuthentication enabled by default
can cause issues during the deployment process
if the user is unable to authenticate with kerberos.

This change moves the default for GSSAPIAuthentication
to no instead of yes.

Resolves: rhbz#2059855
Change-Id: Ic579380c9c72917daa01493c259bc969b7291fe9
---
 deployment/sshd/sshd-baremetal-ansible.yaml | 2 +-
 deployment/sshd/sshd-baremetal-puppet.yaml  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/deployment/sshd/sshd-baremetal-ansible.yaml b/deployment/sshd/sshd-baremetal-ansible.yaml
index dee9c78278..8504aeae10 100644
--- a/deployment/sshd/sshd-baremetal-ansible.yaml
+++ b/deployment/sshd/sshd-baremetal-ansible.yaml
@@ -44,7 +44,7 @@ parameters:
       SyslogFacility: 'AUTHPRIV'
       AuthorizedKeysFile: '.ssh/authorized_keys'
       ChallengeResponseAuthentication: 'no'
-      GSSAPIAuthentication: 'yes'
+      GSSAPIAuthentication: 'no'
       GSSAPICleanupCredentials: 'no'
       UsePAM: 'yes'
       UseDNS: 'no'
diff --git a/deployment/sshd/sshd-baremetal-puppet.yaml b/deployment/sshd/sshd-baremetal-puppet.yaml
index 13cdcb87f7..bda7df3bb7 100644
--- a/deployment/sshd/sshd-baremetal-puppet.yaml
+++ b/deployment/sshd/sshd-baremetal-puppet.yaml
@@ -44,7 +44,7 @@ parameters:
       SyslogFacility: 'AUTHPRIV'
       AuthorizedKeysFile: '.ssh/authorized_keys'
       ChallengeResponseAuthentication: 'no'
-      GSSAPIAuthentication: 'yes'
+      GSSAPIAuthentication: 'no'
       GSSAPICleanupCredentials: 'no'
       UsePAM: 'yes'
       UseDNS: 'no'