I am imaging the following scenario: passwd user entry password is "*" user has not acquired a ticket user principal is setted in kerberos database sshd_options is setted: KerberosAuthentication No\nPasswordAuthentication yes
Now, if the user issue: $ ssh -l xxx hostname My gues is that the session will fail to authenticate, right? Thanks in advance. On 3/12/07, Gustavo Rios <[EMAIL PROTECTED]> wrote:
I don't want to disable GSSAPI. I want only one of two: 0) Autenticate via tickets (GSSAPI) 1) Authenticate via /etc/passwd. I don't want sshd perfoming password autenticating based on kerberos passwords. Ok? On 3/12/07, Darren Spruell <[EMAIL PROTECTED]> wrote: > On 3/12/07, Gustavo Rios <[EMAIL PROTECTED]> wrote: > > Great, now i know howto prevent password autentication. > > > > But one thing remains strange. > > > > I have a user entry without a password. But there is a principal for > > it in kerberos. I re enabled password authentication but the Kerberos* > > sshd options remains no, and : > > > > He is still able to login. I believed since "KerberosAuthentication > > no" he should not login. > > Are you using Kerberos or GSSAPI to log in? > > > What am i during wrong ? > > Disabling KerberosAuthentication won't prohibit GSSAPI from working. > > see sshd_config(5) > > DS
