diff --git a/.fixtures.yml b/.fixtures.yml
@@ -2,10 +2,10 @@ fixtures:
   repositories:
     stdlib:
       repo: 'git://github.com/puppetlabs/puppetlabs-stdlib.git'
-      ref: '3.2.0'
+      ref: '4.6.0'
     common:
       repo: 'git://github.com/ghoneycutt/puppet-module-common.git'
-      ref: 'v1.0.2'
+      ref: 'v1.3.0'
     firewall:
       repo: 'git://github.com/puppetlabs/puppetlabs-firewall.git'
       ref: '0.2.1'

diff --git a/.gitignore b/.gitignore
@@ -26,6 +26,6 @@ doc/
 
 # Puppet
 coverage/
+spec/fixtures/manifests/*
 spec/fixtures/modules/*
 Gemfile.lock
-spec/fixtures/
diff --git a/.travis.yml b/.travis.yml
@@ -13,9 +13,15 @@ env:
     - PUPPET_GEM_VERSION="~> 3.2.0"
     - PUPPET_GEM_VERSION="~> 3.3.0"
     - PUPPET_GEM_VERSION="~> 3.4.0"
-    - PUPPET_GEM_VERSION="~> 3.5.1"
+    - PUPPET_GEM_VERSION="~> 3.5.0"
     - PUPPET_GEM_VERSION="~> 3.6.0"
     - PUPPET_GEM_VERSION="~> 3.7.0"
+    - PUPPET_GEM_VERSION="~> 3.8.0"
+    - PUPPET_GEM_VERSION="~> 3" PARSER="future"
+    - PUPPET_GEM_VERSION="~> 4.0.0"
+    - PUPPET_GEM_VERSION="~> 4.1.0"
+    - PUPPET_GEM_VERSION="~> 4.2.0"
+    - PUPPET_GEM_VERSION="~> 4"
 
 sudo: false
 
@@ -34,6 +40,14 @@ matrix:
       env: PUPPET_GEM_VERSION="~> 3.3.0"
     - rvm: 2.1.0
       env: PUPPET_GEM_VERSION="~> 3.4.0"
+    - rvm: 1.8.7
+      env: PUPPET_GEM_VERSION="~> 4.0.0"
+    - rvm: 1.8.7
+      env: PUPPET_GEM_VERSION="~> 4.1.0"
+    - rvm: 1.8.7
+      env: PUPPET_GEM_VERSION="~> 4.2.0"
+    - rvm: 1.8.7
+      env: PUPPET_GEM_VERSION="~> 4"
 
 notifications:
   email: false
diff --git a/Gemfile b/Gemfile
@@ -10,7 +10,7 @@ gem 'metadata-json-lint'
 gem 'puppetlabs_spec_helper', '>= 0.1.0'
 gem 'puppet-lint', '>= 1.0.0'
 gem 'facter', '>= 1.7.0'
-gem 'rspec-puppet', '~>1.0'
+gem 'rspec-puppet', '~> 2.0'
 
 # rspec must be v2 for ruby 1.8.7
 if RUBY_VERSION >= '1.8.7' and RUBY_VERSION < '1.9'

diff --git a/README.md b/README.md
@@ -8,7 +8,9 @@ The module uses exported resources to manage ssh keys and removes ssh keys that
 
 # Compatability
 
-This module has been tested to work on the following systems with Puppet v3 and Ruby versions 1.8.7, 1.9.3, 2.0.0 and 2.1.0.
+This module has been tested to work on the following systems with Puppet
+versions v3, v3 with future parser and v4 with  Ruby versions 1.8.7 (Puppet v3
+only), 1.9.3, 2.0.0 and 2.1.0.
 
  * Debian 7
  * EL 5
@@ -280,7 +282,6 @@ Path to sftp file transfer subsystem in sshd_config.
 
 - *Default*: 'USE_DEFAULTS'
 
-
 sshd_password_authentication
 -----------------------------
 PasswordAuthentication in sshd_config. Specifies whether password authentication is allowed.
@@ -492,10 +493,22 @@ Boolean to enable AcceptEnv options for specifying environment variables. Defaul
 
 sshd_hostbasedauthentication
 -------------------------
-HostbasedAuthentication: Enables/disables Hostbased authentication. Valid values are 'yes' and 'no'.
+String for HostbasedAuthentication option in sshd_config. Valid values are 'yes' and 'no'. Specifies whether rhosts or /etc/hosts.equiv authentication together with successful public key client host authentication is allowed (host-based authentication). This option is similar to RhostsRSAAuthentication and applies to protocol version 2 only.
+
+- *Default*: 'no'
+
+sshd_ignoreuserknownhosts
+-------------------------
+String for IgnoreUserKnownHosts option in sshd_config. Valid values are 'yes' and 'no'. Specifies whether sshd(8) should ignore the user's ~/.ssh/known_hosts during RhostsRSAAuthentication or HostbasedAuthentication.
 
 - *Default*: 'no'
 
+sshd_ignorerhosts
+-------------------------
+String for IgnoreRhosts option in sshd_config. Valid values are 'yes' and 'no'. Specifies that .rhosts and .shosts files will not be used in RhostsRSAAuthentication or HostbasedAuthentication though /etc/hosts.equiv and /etc/ssh/shosts.equiv are still used.
+
+- *Default*: 'yes'
+
 purge_keys
 ----------
 Remove keys not managed by puppet.

diff --git a/manifests/init.pp b/manifests/init.pp
@@ -75,6 +75,8 @@
   $sshd_config_hostkey                 = 'USE_DEFAULTS',
   $sshd_listen_address                 = undef,
   $sshd_hostbasedauthentication        = 'no',
+  $sshd_ignoreuserknownhosts           = 'no',
+  $sshd_ignorerhosts                   = 'yes',
   $service_ensure                      = 'running',
   $service_name                        = 'USE_DEFAULTS',
   $service_enable                      = true,
@@ -259,12 +261,20 @@
     $sshd_config_xauth_location_real = $sshd_config_xauth_location
   }
 
+  if $sshd_config_xauth_location_real != undef {
+    validate_absolute_path($sshd_config_xauth_location_real)
+  }
+
   if $ssh_package_source == 'USE_DEFAULTS' {
     $ssh_package_source_real = $default_ssh_package_source
   } else {
     $ssh_package_source_real = $ssh_package_source
   }
 
+  if $ssh_package_source_real != undef {
+    validate_absolute_path($ssh_package_source_real)
+  }
+
   if $ssh_package_adminfile == 'USE_DEFAULTS' {
     $ssh_package_adminfile_real = $default_ssh_package_adminfile
   } else {
@@ -323,7 +333,7 @@
   if $ssh_sendenv == 'USE_DEFAULTS' {
     $ssh_sendenv_real = $default_ssh_sendenv
   } else {
-    case type($ssh_sendenv) {
+    case type3x($ssh_sendenv) {
       'string': {
         validate_re($ssh_sendenv, '^(true|false)$', "ssh::ssh_sendenv may be either 'true' or 'false' and is set to <${ssh_sendenv}>.")
         $ssh_sendenv_real = str2bool($ssh_sendenv)
@@ -340,7 +350,7 @@
   if $sshd_acceptenv == 'USE_DEFAULTS' {
     $sshd_acceptenv_real = $default_sshd_acceptenv
   } else {
-    case type($sshd_acceptenv) {
+    case type3x($sshd_acceptenv) {
       'string': {
         validate_re($sshd_acceptenv, '^(true|false)$', "ssh::sshd_acceptenv may be either 'true' or 'false' and is set to <${sshd_acceptenv}>.")
         $sshd_acceptenv_real = str2bool($sshd_acceptenv)
@@ -369,7 +379,7 @@
   if $service_hasstatus == 'USE_DEFAULTS' {
     $service_hasstatus_real = $default_service_hasstatus
   } else {
-    case type($service_hasstatus) {
+    case type3x($service_hasstatus) {
       'string': {
         validate_re($service_hasstatus, '^(true|false)$', "ssh::service_hasstatus must be 'true' or 'false' and is set to <${service_hasstatus}>.")
         $service_hasstatus_real = str2bool($service_hasstatus)
@@ -485,7 +495,11 @@
 
   validate_re($sshd_hostbasedauthentication, '^(yes|no)$', "ssh::sshd_hostbasedauthentication may be either 'yes' or 'no' and is set to <${sshd_hostbasedauthentication}>.")
 
-  case type($hiera_merge) {
+  validate_re($sshd_ignoreuserknownhosts, '^(yes|no)$', "ssh::sshd_ignoreuserknownhosts may be either 'yes' or 'no' and is set to <${sshd_ignoreuserknownhosts}>.")
+
+  validate_re($sshd_ignorerhosts, '^(yes|no)$', "ssh::sshd_ignorerhosts may be either 'yes' or 'no' and is set to <${sshd_ignorerhosts}>.")
+
+  case type3x($hiera_merge) {
     'string': {
       validate_re($hiera_merge, '^(true|false)$', "ssh::hiera_merge may be either 'true' or 'false' and is set to <${hiera_merge}>.")
       $hiera_merge_real = str2bool($hiera_merge)
@@ -498,14 +512,21 @@
     }
   }
 
-  if type($ssh_key_import) == 'string' {
-    $ssh_key_import_real = str2bool($ssh_key_import)
-  } else {
-    $ssh_key_import_real = $ssh_key_import
+  case type3x($ssh_key_import) {
+    'string': {
+      validate_re($ssh_key_import, '^(true|false)$', "ssh::ssh_key_import may be either 'true' or 'false' and is set to <${ssh_key_import}>.")
+      $ssh_key_import_real = str2bool($ssh_key_import)
+    }
+    'boolean': {
+      $ssh_key_import_real = $ssh_key_import
+    }
+    default: {
+      fail('ssh::ssh_key_import type must be true or false.')
+    }
   }
   validate_bool($ssh_key_import_real)
 
-  case type($ssh_config_sendenv_xmodifiers) {
+  case type3x($ssh_config_sendenv_xmodifiers) {
     'string': {
       $ssh_config_sendenv_xmodifiers_real = str2bool($ssh_config_sendenv_xmodifiers)
     }
@@ -544,28 +565,28 @@
   validate_re($ssh_config_global_known_hosts_mode, '^[0-7]{4}$',
     "ssh::ssh_config_global_known_hosts_mode must be a valid 4 digit mode in octal notation. Detected value is <${ssh_config_global_known_hosts_mode}>.")
 
-  if type($purge_keys) == 'string' {
+  if type3x($purge_keys) == 'string' {
     $purge_keys_real = str2bool($purge_keys)
   } else {
     $purge_keys_real = $purge_keys
   }
   validate_bool($purge_keys_real)
 
-  if type($service_enable) == 'string' {
+  if type3x($service_enable) == 'string' {
     $service_enable_real = str2bool($service_enable)
   } else {
     $service_enable_real = $service_enable
   }
   validate_bool($service_enable_real)
 
-  if type($service_hasrestart) == 'string' {
+  if type3x($service_hasrestart) == 'string' {
     $service_hasrestart_real = str2bool($service_hasrestart)
   } else {
     $service_hasrestart_real = $service_hasrestart
   }
   validate_bool($service_hasrestart_real)
 
-  if type($manage_root_ssh_config) == 'string' {
+  if type3x($manage_root_ssh_config) == 'string' {
     $manage_root_ssh_config_real = str2bool($manage_root_ssh_config)
   } else {
     $manage_root_ssh_config_real = $manage_root_ssh_config

diff --git a/metadata.json b/metadata.json
@@ -1,6 +1,6 @@
 {
   "name": "ghoneycutt-ssh",
-  "version": "3.28.0",
+  "version": "3.29.0",
   "author": "ghoneycutt",
   "summary": "Manages SSH",
   "license": "Apache-2.0",
@@ -10,11 +10,11 @@
   "requirements": [
     {
       "name": "pe",
-      "version_requirement": ">= 3.2.0 < 4.0.0"
+      "version_requirement": ">= 3.2.0 < 5.0.0"
     },
     {
       "name": "puppet",
-      "version_requirement": "3.x"
+      "version_requirement": ">= 3.0.0 < 5.0.0"
     }
   ],
   "operatingsystem_support": [
@@ -79,8 +79,8 @@
   ],
   "description": "Manage SSH",
   "dependencies": [
-    {"name":"puppetlabs/stdlib","version_requirement":">= 3.2.0 < 5.0.0"},
-    {"name":"ghoneycutt/common","version_requirement":">= 1.0.2 < 2.0.0"},
+    {"name":"puppetlabs/stdlib","version_requirement":">= 4.6.0 < 6.0.0"},
+    {"name":"ghoneycutt/common","version_requirement":">= 1.3.0 < 2.0.0"},
     {"name":"puppetlabs/firewall","version_requirement":">= 0.2.1 < 2.0.0"}
   ]
 }