From 5783c7eff2f5655ac836bc2d9add98ec4890ab8a Mon Sep 17 00:00:00 2001
From: Erik Johnson <erikj@gwu.edu>
Date: Wed, 5 Jul 2017 15:41:53 -0400
Subject: [PATCH] Permitoverrides of the ChallengeResponseAuthentication server
 setting

---
 manifests/server.pp | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/manifests/server.pp b/manifests/server.pp
index 9b9aff9..8beec03 100644
--- a/manifests/server.pp
+++ b/manifests/server.pp
@@ -59,6 +59,7 @@
   $listen_to              = [],
   $host_key_files         = [],
   $client_alive_interval  = 600,
+  $challenge_response     = false,
   $client_alive_count     = 3,
   $allow_root_with_key    = false,
   $ipv6_enabled           = false,
@@ -94,6 +95,11 @@
     false => 'no'
   }
 
+  $challenge_response_on = $challenge_response ? {
+    true  => 'yes',
+    false => 'no'
+  }
+
   $agent_forwarding = $allow_agent_forwarding ? {
     true  => 'yes',
     false => 'no'
@@ -191,7 +197,7 @@
       'UsePAM'                          => $use_pam_option,
       'PasswordAuthentication'          => 'no',
       'PermitEmptyPasswords'            => 'no',
-      'ChallengeResponseAuthentication' => 'no',
+      'ChallengeResponseAuthentication' => $challenge_response_on,
 
       # Only enable Kerberos authentication if it is configured.
       'KerberosAuthentication'          => 'no',