- From: "Gustavo Rios" <rios.gustavo@xxxxxxxxx>
- Date: Mon, 12 Mar 2007 19:27:29 -0300
Dear list members,
I have setted openssh to work with kerberos. My initial ideia is to
permit credential (tickets) or login password (/etc/passwd). In order
to achieve so, i have the following (relevant part only)
I created a user with "*" password to force GSSAPI authentication.
I got surprised when without having pulled the ticket (and remenber,
with a "*" password entry in /etc/passwd) the user was still allowed
to login by providing a password (from the kerberos server principal)
Now, an explanation:
Use this directive to specify if a password must be accepted as proof
of identity at login. If KerberosAuthentication is disabled, the login
password is sufficient. However, when KerberosAuthentication is also
enabled, the Kerberos Server password is accepted as a proof of
Does anybody know where am i wrong?
PS: I am using openbsd 4.0 stable.