12 files changed, 37 insertions, 18 deletions

diff --git a/templates/service/ssh/node.def b/templates/service/ssh/node.def
index fbb29687..dbe32a6f 100644
--- a/templates/service/ssh/node.def
+++ b/templates/service/ssh/node.def
@@ -1,17 +1,16 @@
 help: Enable/disable Secure SHell (SSH) protocol
-delete:expression: "sudo /usr/sbin/invoke-rc.d ssh stop && \
-         sudo sh -c \"echo 'SSHD_OPTS=' > /etc/default/ssh\" "
-end:expression: "if [ -z \"$VAR(port/@)\" ]; then exit 0; fi; \
-      sudo sh -c \
-        \"[ -f /etc/ssh/ssh_host_key ] \
-            || sudo ssh-keygen -t rsa1 -N '' -f /etc/ssh/ssh_host_key\"; \
-      case \"$VAR(protocol-version/@)\" in \
-        v2) VER=2;; \
-        v1) VER=1;; \
-        all) VER=\"1,2\";; \
-        *) VER=2;; \
-      esac; \
-      STR=\"SSHD_OPTS=\\\"-p $VAR(port/@) -o HostKey=/etc/ssh/ssh_host_key \
--o Protocol=${VER}\\\"\"; \
-      sudo sh -c \"echo '$STR' > /etc/default/ssh\"; \
-      sudo /usr/sbin/invoke-rc.d ssh restart"
+delete:sudo /usr/sbin/invoke-rc.d ssh stop 
+       sudo sh -c "echo 'SSHD_OPTS=' > /etc/default/ssh"
+end: if [ -z "$VAR(port/@)" ]; then exit 0; fi;
+     if [ ! -f /etc/ssh/ssh_host_key ]; then
+       sudo ssh-keygen -q -t rsa1 -N '' -f /etc/ssh/ssh_host_key
+     fi
+     case $VAR(protocol-version/@) in
+     v2) VER=2;;
+     v1) VER=1;;
+     all) VER="1,2";;
+      *) VER=2;;
+     esac;
+     STR="SSHD_OPTS=\"-p $VAR(port/@) -o Hostkey=/etc/ssh/ssh_host_key -o Protocol=${VER}\""
+     sudo sh -c "echo '$STR' > /etc/default/ssh"
+     sudo /usr/sbin/invoke-rc.d ssh restart
diff --git a/templates/service/ssh/protocol-version/node.def b/templates/service/ssh/protocol-version/node.def
index 051ea062..d025015b 100644
--- a/templates/service/ssh/protocol-version/node.def
+++ b/templates/service/ssh/protocol-version/node.def
@@ -1,3 +1,4 @@
 type:  txt 
+allowed: echo "v1 v2 all"
 default:  "v2"
 help: Set SSH version (default: v2)
diff --git a/templates/system/login/tacacs-plus/acct-all/node.def b/templates/system/login/tacacs-plus/acct-all/node.def
new file mode 100644
index 00000000..22522f17
--- /dev/null
+++ b/templates/system/login/tacacs-plus/acct-all/node.def
@@ -0,0 +1 @@
+help: Send TACACS+ accounting requests to all servers
diff --git a/templates/system/login/tacacs-plus/debug/node.def b/templates/system/login/tacacs-plus/debug/node.def
new file mode 100644
index 00000000..10aa10b1
--- /dev/null
+++ b/templates/system/login/tacacs-plus/debug/node.def
@@ -0,0 +1 @@
+help: Enable TACACS+ debugging 
diff --git a/templates/system/login/tacacs-plus/first-hit/node.def b/templates/system/login/tacacs-plus/first-hit/node.def
new file mode 100644
index 00000000..18f2fdf6
--- /dev/null
+++ b/templates/system/login/tacacs-plus/first-hit/node.def
@@ -0,0 +1 @@
+help: Set TACACS+ to try multiple servers if a negative auth is returned
diff --git a/templates/system/login/tacacs-plus/no-encrypt/node.def b/templates/system/login/tacacs-plus/no-encrypt/node.def
new file mode 100644
index 00000000..7aa90dfb
--- /dev/null
+++ b/templates/system/login/tacacs-plus/no-encrypt/node.def
@@ -0,0 +1 @@
+help: Set TACACS+ to not encrypt communications
diff --git a/templates/system/login/tacacs-plus/node.def b/templates/system/login/tacacs-plus/node.def
new file mode 100644
index 00000000..d8eab559
--- /dev/null
+++ b/templates/system/login/tacacs-plus/node.def
@@ -0,0 +1,3 @@
+help: Set TACACS+ server authentication
+commit:expression: $VAR(server) != "" && $VAR(secret) != ""
+                     ; "One server and a secret must be specified for TACACS+"
diff --git a/templates/system/login/tacacs-plus/protocol/node.def b/templates/system/login/tacacs-plus/protocol/node.def
new file mode 100644
index 00000000..6a5c739d
--- /dev/null
+++ b/templates/system/login/tacacs-plus/protocol/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set TACACS+ protocol for authentication and accounting
diff --git a/templates/system/login/tacacs-plus/secret/node.def b/templates/system/login/tacacs-plus/secret/node.def
new file mode 100644
index 00000000..0f673ae2
--- /dev/null
+++ b/templates/system/login/tacacs-plus/secret/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set TACACS+ secret
diff --git a/templates/system/login/tacacs-plus/server/node.def b/templates/system/login/tacacs-plus/server/node.def
new file mode 100644
index 00000000..dc1b1e94
--- /dev/null
+++ b/templates/system/login/tacacs-plus/server/node.def
@@ -0,0 +1,3 @@
+multi:
+type: ipv4
+help: Set TACACS+ server IP addresses
diff --git a/templates/system/login/tacacs-plus/service/node.def b/templates/system/login/tacacs-plus/service/node.def
new file mode 100644
index 00000000..10d1729b
--- /dev/null
+++ b/templates/system/login/tacacs-plus/service/node.def
@@ -0,0 +1,2 @@
+type: txt
+help: Set TACACS+ service for authentication and accounting
diff --git a/templates/system/ntp-server/node.def b/templates/system/ntp-server/node.def
index 485cf774..a063431f 100644
--- a/templates/system/ntp-server/node.def
+++ b/templates/system/ntp-server/node.def
@@ -2,9 +2,12 @@ multi:
 type: txt
 help: Set name or IP address of Network Time Protocol (NTP) server
 update:sudo sh -c \
-  "touch /etc/ntp.conf
-   if ! grep -q 'server.*$VAR(@)' /etc/ntp.conf; then
+  "if ! grep -q 'server.*$VAR(@)' /etc/ntp.conf; then
      echo \"server $VAR(@) iburst dynamic\" >> /etc/ntp.conf
+   fi
+   if [ $(pgrep -c ntpd) -eq 0 ]; then
+     /usr/sbin/invoke-rc.d ntp start
+   else
      /usr/sbin/invoke-rc.d ntp restart
    fi"
 delete:sudo sh -c \