updated README for new default parameter value, GSSAPICleanupCredentials should always equal yes

Author: szEvEz

README.md

@@ -32,7 +32,7 @@ Warning: This role disables root-login on the target server! Please make sure yo
 |`ssh_allow_agent_forwarding` | false | false to disable Agent Forwarding. Set to true to allow Agent Forwarding.|
 |`ssh_pam_support` | true | true if SSH has PAM support.|
 |`ssh_use_pam` | false | false to disable pam authentication.|
-|`ssh_gssapi_support` | true | true if SSH has GSSAPI support.|
+|`ssh_gssapi_support` | false | true if SSH has GSSAPI support.|
 |`ssh_kerberos_support` | true | true if SSH has Kerberos support.|
 |`ssh_deny_users` | '' | if specified, login is disallowed for user names that match one of the patterns.|
 |`ssh_allow_users` | '' | if specified, login is allowed only for user names that match one of the patterns.|

templates/opensshd.conf.j2

@@ -119,11 +119,9 @@ KerberosTicketCleanup yes
 #KerberosGetAFSToken no
 {% endif %}
 
-{% if ssh_gssapi_support -%}
 # Only enable GSSAPI authentication if it is configured.
-GSSAPIAuthentication yes
+GSSAPIAuthentication {{ 'yes' if ssh_gssapi_support else 'no' }}
 GSSAPICleanupCredentials yes
-{% endif %}
 
 # In case you don't use PAM (`UsePAM no`), you can alternatively restrict users and groups here. For key-based authentication this is not necessary, since all keys must be explicitely enabled.
 {% if ssh_deny_users -%}