diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 7255b1c22..e58b7cfc7 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -374,12 +374,35 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
374 | The default is | 374 | The default is |
375 | .Dq no . | 375 | .Dq no . |
376 | Note that this option applies to protocol version 2 only. | 376 | Note that this option applies to protocol version 2 only. |
377 | .It Cm GSSAPIKeyExchange | ||
378 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
379 | doesn't rely on ssh keys to verify host identity. | ||
380 | The default is | ||
381 | .Dq no . | ||
382 | Note that this option applies to protocol version 2 only. | ||
377 | .It Cm GSSAPICleanupCredentials | 383 | .It Cm GSSAPICleanupCredentials |
378 | Specifies whether to automatically destroy the user's credentials cache | 384 | Specifies whether to automatically destroy the user's credentials cache |
379 | on logout. | 385 | on logout. |
380 | The default is | 386 | The default is |
381 | .Dq yes . | 387 | .Dq yes . |
382 | Note that this option applies to protocol version 2 only. | 388 | Note that this option applies to protocol version 2 only. |
389 | .It Cm GSSAPIStrictAcceptorCheck | ||
390 | Determines whether to be strict about the identity of the GSSAPI acceptor | ||
391 | a client authenticates against. If | ||
392 | .Dq yes | ||
393 | then the client must authenticate against the | ||
394 | .Pa host | ||
395 | service on the current hostname. If | ||
396 | .Dq no | ||
397 | then the client may authenticate against any service key stored in the | ||
398 | machine's default store. This facility is provided to assist with operation | ||
399 | on multi homed machines. | ||
400 | The default is | ||
401 | .Dq yes . | ||
402 | Note that this option applies only to protocol version 2 GSSAPI connections, | ||
403 | and setting it to | ||
404 | .Dq no | ||
405 | may only work with recent Kerberos GSSAPI libraries. | ||
383 | .It Cm HostbasedAuthentication | 406 | .It Cm HostbasedAuthentication |
384 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 407 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
385 | with successful public key client host authentication is allowed | 408 | with successful public key client host authentication is allowed |