Thanks to a new enough ssh on socket, it was possible to disable
password authentication for all users except sysadmins for the socket
machine.
For reference this is done using (/etc/ssh/sshd_config):
PasswordAuthentication no
Match Group admin
PasswordAuthentication yes
Note: the admin group is defined using /etc/group, not LDAP. So
sysadmins can still login even if LDAP is down.
--
Regards,
Olav
_______________________________________________
Gnome-infrastructure mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
