From 33d8503d9cc41a70d1a92325f72848fcaf369be0 Mon Sep 17 00:00:00 2001 From: Jonathan Gazeley Date: Mon, 13 Mar 2017 12:09:15 +0000 Subject: [PATCH] Provide facility to enable/disable EAP types --- manifests/module/eap.pp | 4 ++++ templates/eap.erb | 11 +++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/manifests/module/eap.pp b/manifests/module/eap.pp index ed3545f7..1946bc9d 100644 --- a/manifests/module/eap.pp +++ b/manifests/module/eap.pp @@ -67,6 +67,10 @@ Optional[Freeradius::Boolean] $peap_require_client_cert = undef, Optional[Freeradius::Boolean] $mschapv2_send_error = undef, Optional[String] $mschapv2_identity = undef, + Boolean $eap_md5 = true, + Boolean $eap_leap = true, + Boolean $eap_gtc = true, + Boolean $eap_peap = true, ) { freeradius::module{$name: diff --git a/templates/eap.erb b/templates/eap.erb index a86c051d..4262ad5f 100644 --- a/templates/eap.erb +++ b/templates/eap.erb @@ -65,6 +65,7 @@ eap { # Supported EAP-types +<%- if @eap_md5 -%> # # We do NOT recommend using EAP-MD5 authentication # for wireless connections. It is insecure, and does @@ -72,6 +73,7 @@ eap { # md5 { } +<%- end -%> # # EAP-pwd -- secure password-based authentication @@ -108,6 +110,7 @@ eap { } <%- end -%> +<%- if @eap_leap -%> # Cisco LEAP # # We do not recommend using LEAP in new deployments. See: @@ -122,7 +125,9 @@ eap { # leap { } +<%- end -%> +<%- if @eap_gtc -%> # Generic Token Card. # # Currently, this is only permitted inside of EAP-TTLS, @@ -156,6 +161,7 @@ eap { # auth_type = <%= @gtc_auth_type %> } +<%- end -%> ## Common TLS configuration for TLS-based EAP types # @@ -755,7 +761,7 @@ eap { <%- end -%> } - +<%- if @eap_peap -%> ## EAP-PEAP # @@ -891,7 +897,8 @@ eap { <%- if @peap_require_client_cert -%> require_client_cert = <%= @peap_require_client_cert %> <%- end -%> - } +} +<%- end -%> # # This takes no configuration.