How to disallow users?
Austin Gonyou
austin at coremetrics.com
Mon Mar 11 20:55:30 EST 2002
On Fri, 2002-03-08 at 22:27, Derek Atkins wrote:
> Um, if they have no kerberos principal, what password are they giving
> that allows them to login? If you want to require someone to user
> kerberos, make sure they do not have an actual password entry in
> /etc/passwd (or NIS, Hesiod, LDAP, etc). They need to have the pwent
> information (username, uid, shell, homedir), but the password field
> should be set to *NP*.
>
The user had a password ON the system in question in this case. I've
changed this behavior and the only authentication happening is kerberos.
So, TA-DA it works. I'm happy about that now. One last thing, if a user
is ssh'ing in, and is using keys, is it merely key authentication at
that point, or will it be both, since kerberos auth is set in the
sshd_config file. TIA.
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
More information about the krbdev
mailing list