On Wed, 2014-04-16 at 20:08 +0200, David Kreuter wrote:
> Today I faced the issue that Kerberos authentication stopped working
> after disabling PasswordAuthentication in /etc/ssh/sshd_config on a
> FreeIPA client. The deactivation of this option was done due to
> security issues.
> Is it really necessary to have this option set to yes when using
> Keberos authentication?
No, GSSAPI authentication does not need PasswordAuthentication, of
course it requires valid kerberos credentials on the client and a valid
keytab on the server.
Simo Sorce * Red Hat, Inc * New York
Freeipa-users mailing list