How to disallow users?

Derek Atkins derek at
Mon Mar 11 20:55:01 EST 2002

Depends on your configuration.  If you turn on Kerberos authentication
and turn off RSA/DSA authentication, then it should require that they
use Kerberos.  See your ssh documentation


Austin Gonyou <austin at> writes:

> On Fri, 2002-03-08 at 22:27, Derek Atkins wrote:
> > Um, if they have no kerberos principal, what password are they giving
> > that allows them to login?  If you want to require someone to user
> > kerberos, make sure they do not have an actual password entry in
> > /etc/passwd (or NIS, Hesiod, LDAP, etc).  They need to have the pwent
> > information (username, uid, shell, homedir), but the password field
> > should be set to *NP*.
> > 
> The user had a password ON the system in question in this case. I've
> changed this behavior and the only authentication happening is kerberos.
> So, TA-DA it works. I'm happy about that now. One last thing, if a user
> is ssh'ing in, and is using keys, is it merely key authentication at
> that point, or will it be both, since kerberos auth is set in the
> sshd_config file. TIA. 
> -- 
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at
> "It is the part of a good shepherd to shear his flock, not to skin it."
> Latin Proverb

       Derek Atkins
       Computer and Internet Security Consultant
       derek at   

More information about the krbdev mailing list