Ken Dreyer <[email protected]> writes: > On Mon, Oct 4, 2010 at 3:38 PM, Russ Allbery <[email protected]> wrote:
>> Yup. You may want to also disable public key authentication. > We're enabling kerberos for several services at my organization, and > we were just having this same discussion. Can you elaborate on why you > would disable pubkey? It's totally up to you, of course, and we do leave it enabled on some systems because in some cases it's easier than using GSSAPI authentication with ssh. But once you have Kerberos, public keys constitute a second parallel authentication system which isn't tied in with Kerberos, which is a potential vulnerability. You may disable a Kerberos account but not forget to remove their authorized_keys entries, for example. ssh keys are also difficult to centrally manage, which is usually one of the whole points of a Kerberos infrastructure. There unfortunately isn't any way that I know of to allow GSSAPI and public key authentication via ssh for regular users but require GSSAPI alone for root authentication, so we usually just turn public key off entirely. (I suppose you could enforce an empty authorized_keys file, but that requires some sort of configuration management infrastructure running on each system to ensure that.) -- Russ Allbery ([email protected]) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
