From 51554a734c481dad6bdc6515c5683a4a18f903b9 Mon Sep 17 00:00:00 2001
From: Stonewall Jackson <stonewall@sacredheartsc.com>
Date: Mon, 20 Feb 2023 12:52:08 -0500
Subject: ssh: add docs

---
 roles/ssh/README.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 roles/ssh/README.md

(limited to 'roles/ssh/README.md')

diff --git a/roles/ssh/README.md b/roles/ssh/README.md
new file mode 100644
index 0000000..1975b0b
--- /dev/null
+++ b/roles/ssh/README.md
@@ -0,0 +1,34 @@
+SSH
+===
+
+Description
+-----------
+
+The `ssh` role configures SSH clients to use GSSAPI authentication for hosts
+within the local FreeIPA domain.
+
+
+Variables
+---------
+
+This role **accepts** the following variables:
+
+Variable                | Default                    | Description
+------------------------|----------------------------|------------
+`ssh_canonical_domains` | `['{{ ansible_domain }}']` | Host domains to canonicalize for Kerberos/GSSAPI 
+
+
+Usage
+-----
+
+Example playbook:
+
+````yaml
+- name: configure kerberized ssh
+  hosts: all
+  roles:
+    - role: ssh
+      vars:
+        ssh_canonical_domains:
+          - ipa.example.com
+````
-- 
cgit