How to disallow users?

Austin Gonyou austin at
Mon Mar 11 20:55:30 EST 2002

On Fri, 2002-03-08 at 22:27, Derek Atkins wrote:
> Um, if they have no kerberos principal, what password are they giving
> that allows them to login?  If you want to require someone to user
> kerberos, make sure they do not have an actual password entry in
> /etc/passwd (or NIS, Hesiod, LDAP, etc).  They need to have the pwent
> information (username, uid, shell, homedir), but the password field
> should be set to *NP*.

The user had a password ON the system in question in this case. I've
changed this behavior and the only authentication happening is kerberos.
So, TA-DA it works. I'm happy about that now. One last thing, if a user
is ssh'ing in, and is using keys, is it merely key authentication at
that point, or will it be both, since kerberos auth is set in the
sshd_config file. TIA. 

Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at

"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb

More information about the krbdev mailing list