Using ksu/sudo with Kerberos
Russ Allbery
rra at stanford.edu
Tue Oct 5 13:27:29 EDT 2010
Guillaume Rousse <Guillaume.Rousse at inria.fr> writes:
> Le 04/10/2010 23:56, Russ Allbery a écrit :
>> There unfortunately isn't any way that I know of to allow GSSAPI and
>> public key authentication via ssh for regular users but require GSSAPI
>> alone for root authentication, so we usually just turn public key off
>> entirely. (I suppose you could enforce an empty authorized_keys file, but
>> that requires some sort of configuration management infrastructure running
>> on each system to ensure that.)
> What about this (untested) ?
> Match User root
> PubkeyAuthentication no
Ah, yes, the Match stuff is relatively new and will probably now do the
right thing. Thank you!
--
Russ Allbery (rra at stanford.edu) <http://www.eyrie.org/~eagle/>
More information about the Kerberos
mailing list