KerberosAuthentication
- From: "Gustavo Rios" <rios.gustavo@xxxxxxxxx>
- Date: Mon, 12 Mar 2007 19:27:29 -0300
Dear list members,
I have setted openssh to work with kerberos. My initial ideia is to
permit credential (tickets) or login password (/etc/passwd). In order
to achieve so, i have the following (relevant part only)
configuration:
GSSAPIAuthentication yes
KerberosAuthentication no
KerberosGetAFSToken no
KerberosOrLocalPasswd no
KerberosTicketCleanup yes
PasswordAuthentication yes
I created a user with "*" password to force GSSAPI authentication.
I got surprised when without having pulled the ticket (and remenber,
with a "*" password entry in /etc/passwd) the user was still allowed
to login by providing a password (from the kerberos server principal)
Now, an explanation:
PasswordAuthentication
Use this directive to specify if a password must be accepted as proof
of identity at login. If KerberosAuthentication is disabled, the login
password is sufficient. However, when KerberosAuthentication is also
enabled, the Kerberos Server password is accepted as a proof of
identity.
Does anybody know where am i wrong?
PS: I am using openbsd 4.0 stable.
- Prev by Date: Re: Arriving at a specified directory instead of the user's home
- Next by Date: Interpretation:
- Previous by thread: Key Authentication on Windows 2003 64 bit failing
- Next by thread: Interpretation:
- Index(es):
Relevant Pages
|
