HCoop / hcoop / zz_old / debian / hcoop-openssh-server-config.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 0ae43dd)
HCoop changes to sshd_config for Kerberos support
authorClinton Ebadi <clinton@unknownlamer.org>
Thu, 7 Jun 2012 06:55:08 +0000 (02:55 -0400)
committerClinton Ebadi <clinton@unknownlamer.org>
Thu, 7 Jun 2012 06:55:08 +0000 (02:55 -0400)
Enable GSSAPI Authentication, ensure credentials are destroyed on
logout. Use kerberos host key for verficiation instead of the ssh host
keys (it's how we do it now and it seems sane since kerberos is the
law at HCoop).

files/sshd_config patch | blob | blame | history

diff --git a/files/sshd_config b/files/sshd_config
index ea0303b..497234b 100644 (file)
--- a/files/sshd_config
+++ b/files/sshd_config
@@ -55,9 +55,13 @@ ChallengeResponseAuthentication no
 #KerberosOrLocalPasswd yes
 #KerberosTicketCleanup yes
 
+# hcoop-changes
 # GSSAPI options
-#GSSAPIAuthentication no
-#GSSAPICleanupCredentials yes
+GSSAPIAuthentication yes
+GSSAPICleanupCredentials yes
+# Check the kerberos host key instead of the ssh host keys
+GSSAPIKeyExchange yes 
+# hcoop-changes
 
 X11Forwarding yes
 X11DisplayOffset 10
hcoop-openssh-server-config packaging