How to disallow users?
Austin Gonyou
austin at coremetrics.com
Mon Mar 11 21:04:00 EST 2002
Yeah..I figured as much, but had to ask. :)
On Mon, 2002-03-11 at 19:54, Derek Atkins wrote:
> Depends on your configuration. If you turn on Kerberos authentication
> and turn off RSA/DSA authentication, then it should require that they
> use Kerberos. See your ssh documentation
>
> -derek
>
> Austin Gonyou <austin at coremetrics.com> writes:
>
> > On Fri, 2002-03-08 at 22:27, Derek Atkins wrote:
> > > Um, if they have no kerberos principal, what password are they
> giving
> > > that allows them to login? If you want to require someone to user
> > > kerberos, make sure they do not have an actual password entry in
> > > /etc/passwd (or NIS, Hesiod, LDAP, etc). They need to have the
> pwent
> > > information (username, uid, shell, homedir), but the password field
> > > should be set to *NP*.
> > >
> >
> > The user had a password ON the system in question in this case. I've
> > changed this behavior and the only authentication happening is
> kerberos.
> > So, TA-DA it works. I'm happy about that now. One last thing, if a
> user
> > is ssh'ing in, and is using keys, is it merely key authentication at
> > that point, or will it be both, since kerberos auth is set in the
> > sshd_config file. TIA.
> >
> > --
> > Austin Gonyou
> > Systems Architect, CCNA
> > Coremetrics, Inc.
> > Phone: 512-698-7250
> > email: austin at coremetrics.com
> >
> > "It is the part of a good shepherd to shear his flock, not to skin
> it."
> > Latin Proverb
>
> --
> Derek Atkins
> Computer and Internet Security Consultant
> derek at ihtfp.com www.ihtfp.com
--
Austin Gonyou
Systems Architect, CCNA
Coremetrics, Inc.
Phone: 512-698-7250
email: austin at coremetrics.com
"It is the part of a good shepherd to shear his flock, not to skin it."
Latin Proverb
More information about the krbdev
mailing list