From 5ffd4b654b121768765eeb1c0aa560e2dd005fd3 Mon Sep 17 00:00:00 2001
From: Marco Rodrigues <gothicx@gmail.com>
Date: Thu, 28 Apr 2016 13:31:11 +0200
Subject: [PATCH 1/3] MD5 not secure. Now it should be SHA512 by default

---
 manifests/init.pp | 10 ++--------
 1 file changed, 2 insertions(+), 8 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index c9a1fea..296328f 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -148,7 +148,7 @@
   $nis            = false,
   $nisdomain      = undef,
   $nisserver      = undef,
-  $passalgo       = 'md5',
+  $passalgo       = 'sha512',
   $shadow         = true,
   $krb5           = false,
   $krb5realm      = undef,
@@ -281,12 +281,6 @@
         $nisserver_val = "--nisserver=${nisserver}"
       }
 
-      # MD5
-      $md5_flg = $passalgo ? {
-        'md5'     => '--enablemd5',
-        default => '--disablemd5',
-      }
-
       # hash/crypt algorithm for new passwords
       if $passalgo {
         $passalgo_val = "--passalgo=${passalgo}"
@@ -482,7 +476,7 @@
 
       $extra_flags = "${preferdns_flg} ${forcelegacy_flg} ${pamaccess_flg}"
 
-      $pass_flags            = "${md5_flg} ${passalgo_val} ${shadow_flg}"
+      $pass_flags            = "${passalgo_val} ${shadow_flg}"
       $authconfig_flags      = "${ldap_flags} ${nis_flags} ${pass_flags} ${krb5_flags} ${winbind_flags} ${extra_flags} ${cache_flg} ${mkhomedir_flg} ${sssd_flg} ${sssdauth_flg} ${rfc2307bis_flg} ${locauthorize_flg} ${sysnetauth_flg} ${smartcard_flags}"
       $authconfig_update_cmd = "authconfig ${authconfig_flags} --updateall"
       $authconfig_test_cmd   = "authconfig ${authconfig_flags} --test"

From 127b0222f8fc96862c587689e6ada5d366dbcd98 Mon Sep 17 00:00:00 2001
From: Marco Rodrigues <gothicx@gmail.com>
Date: Thu, 28 Apr 2016 13:33:39 +0200
Subject: [PATCH 2/3] Adapt to the default password hash algo

---
 spec/classes/authconfig_spec.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/spec/classes/authconfig_spec.rb b/spec/classes/authconfig_spec.rb
index d5f723a..6c72976 100644
--- a/spec/classes/authconfig_spec.rb
+++ b/spec/classes/authconfig_spec.rb
@@ -15,7 +15,7 @@
       {
        'nis'      => false,
        'shadow'   => true,
-       'passalgo' => 'md5',
+       'passalgo' => 'sha512',
       }
     end
 

From 96a9c0e31e6377ddcdab3ea139eaa75c4f09f2f7 Mon Sep 17 00:00:00 2001
From: Marco Rodrigues <gothicx@gmail.com>
Date: Thu, 28 Apr 2016 14:01:41 +0200
Subject: [PATCH 3/3] Support more than one NIS server

Closes #41.
---
 manifests/init.pp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 296328f..79f826b 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -29,7 +29,7 @@
 #    NIS Domain
 #
 #  [*nisserver*]
-#    NIS Server
+#    NIS Server. Pass a string or an array.
 #
 #  [*shadow*]
 #    Enable shadow password
@@ -277,7 +277,10 @@
         $nisdomain_val = "--nisdomain=${nisdomain}"
       }
 
-      if $nisserver {
+      if (is_array($nisserver)) {
+        $niss_joined = join($nisserver, ',')
+        $nisserver_val = "--nisserver=${niss_joined}"
+      } else {
         $nisserver_val = "--nisserver=${nisserver}"
       }