On Wed, 2014-04-16 at 20:08 +0200, David Kreuter wrote:
> Hi, 
> Today I faced the issue that Kerberos authentication stopped working
> after disabling PasswordAuthentication in /etc/ssh/sshd_config on a
> FreeIPA client. The deactivation of this option was done due to
> security issues. 
> Is it really necessary to have this option set to yes when using
> Keberos authentication? 

No, GSSAPI authentication does not need PasswordAuthentication, of
course it requires valid kerberos credentials on the client and a valid
keytab on the server.


Simo Sorce * Red Hat, Inc * New York

Freeipa-users mailing list

Reply via email to