ssh "GSSAPIAuthentication yes"
James Hogarth
james.hogarth at gmail.com
Tue Nov 26 09:59:09 UTC 2013
On 26 November 2013 01:46, Timothy Murphy <gayleard at eircom.net> wrote:
>
> At the moment I'm not clear what advantage keytabs have.
> I do not have to login after "ssh -Y ..."
> as I have appended id_rsa.pub to known_hosts in each direction.
>
>
Keytabs are like a filebased password that the machine uses to authenticate
to the directory server in order to validate that the token you provide is
indeed valid.
Without a proper kerberos infrastructure (keytabs on machines, PTR records
in place, time consistent, etc etc) GSSAPI for SSH/HTTP/etc will not work.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/users/attachments/20131126/5423decc/attachment.html>
More information about the users
mailing list