summaryrefslogtreecommitdiff
path: root/sshd_config.5
diff options
context:
space:
mode:
Diffstat (limited to 'sshd_config.5')
-rw-r--r--sshd_config.528
1 files changed, 28 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index a6c378792..76c95aa19 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -424,12 +424,40 @@ Specifies whether user authentication based on GSSAPI is allowed.
424The default is 424The default is
425.Dq no . 425.Dq no .
426Note that this option applies to protocol version 2 only. 426Note that this option applies to protocol version 2 only.
427.It Cm GSSAPIKeyExchange
428Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
429doesn't rely on ssh keys to verify host identity.
430The default is
431.Dq no .
432Note that this option applies to protocol version 2 only.
427.It Cm GSSAPICleanupCredentials 433.It Cm GSSAPICleanupCredentials
428Specifies whether to automatically destroy the user's credentials cache 434Specifies whether to automatically destroy the user's credentials cache
429on logout. 435on logout.
430The default is 436The default is
431.Dq yes . 437.Dq yes .
432Note that this option applies to protocol version 2 only. 438Note that this option applies to protocol version 2 only.
439.It Cm GSSAPIStrictAcceptorCheck
440Determines whether to be strict about the identity of the GSSAPI acceptor
441a client authenticates against. If
442.Dq yes
443then the client must authenticate against the
444.Pa host
445service on the current hostname. If
446.Dq no
447then the client may authenticate against any service key stored in the
448machine's default store. This facility is provided to assist with operation
449on multi homed machines.
450The default is
451.Dq yes .
452Note that this option applies only to protocol version 2 GSSAPI connections,
453and setting it to
454.Dq no
455may only work with recent Kerberos GSSAPI libraries.
456.It Cm GSSAPIStoreCredentialsOnRekey
457Controls whether the user's GSSAPI credentials should be updated following a
458successful connection rekeying. This option can be used to accepted renewed
459or updated credentials from a compatible client. The default is
460.Dq no .
433.It Cm HostbasedAuthentication 461.It Cm HostbasedAuthentication
434Specifies whether rhosts or /etc/hosts.equiv authentication together 462Specifies whether rhosts or /etc/hosts.equiv authentication together
435with successful public key client host authentication is allowed 463with successful public key client host authentication is allowed