How can i prevent a session to be openned without a ticket ? I do not want a password based authentication.
Is it possible? On 3/12/07, Ryan Corder <[EMAIL PROTECTED]> wrote:
On Mon, 2007-03-12 at 15:11 -0300, Gustavo Rios wrote: > But when i try to log on the same server but by means of its ip > address, i am requested to provide a password, like in: > > $ ssh -l grios 10.0.0.1 > [EMAIL PROTECTED]'s password: > Last login: Mon Mar 12 15:04:19 2007 from 10.0.0.250 > Could not chdir to home directory /home/grios: No such file or directory > $ Kerberos is fairly dependent on two things: name resolution and time synchronization. In the case of names, you probably have a host/my.server.com principle in your Kerberos realm, but there isn't one for host/1.2.3.4, thus Kerberos won't work since SSH is trying to request a ticket for a hostname that doesn't exist in the realm. > GSSAPIAuthentication yes > KerberosAuthentication no > KerberosGetAFSToken no > KerberosOrLocalPasswd no > KerberosTicketCleanup yes ChallengeResponseAuthentication, HostbasedAuthentication, PasswordAuthentication, and PubkeyAuthentication can all be set to 'no' to turn them off. However, I would suggest that you leave at least one alterntive authentication method on in case your Kerberos ever gets hosed or the time on your machine(s) get out of sync. later. ryanc -- Ryan Corder <[EMAIL PROTECTED]> Systems Engineer, NovaSys Health LLC. 501-219-4444 ext. 646
