How to disallow users?
Derek Atkins
derek at ihtfp.com
Mon Mar 11 20:55:01 EST 2002
Depends on your configuration. If you turn on Kerberos authentication
and turn off RSA/DSA authentication, then it should require that they
use Kerberos. See your ssh documentation
-derek
Austin Gonyou <austin at coremetrics.com> writes:
> On Fri, 2002-03-08 at 22:27, Derek Atkins wrote:
> > Um, if they have no kerberos principal, what password are they giving
> > that allows them to login? If you want to require someone to user
> > kerberos, make sure they do not have an actual password entry in
> > /etc/passwd (or NIS, Hesiod, LDAP, etc). They need to have the pwent
> > information (username, uid, shell, homedir), but the password field
> > should be set to *NP*.
> >
>
> The user had a password ON the system in question in this case. I've
> changed this behavior and the only authentication happening is kerberos.
> So, TA-DA it works. I'm happy about that now. One last thing, if a user
> is ssh'ing in, and is using keys, is it merely key authentication at
> that point, or will it be both, since kerberos auth is set in the
> sshd_config file. TIA.
>
> --
> Austin Gonyou
> Systems Architect, CCNA
> Coremetrics, Inc.
> Phone: 512-698-7250
> email: austin at coremetrics.com
>
> "It is the part of a good shepherd to shear his flock, not to skin it."
> Latin Proverb
--
Derek Atkins
Computer and Internet Security Consultant
derek at ihtfp.com www.ihtfp.com
More information about the krbdev
mailing list