diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index 3abac6c10..525d9c858 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -484,12 +484,40 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
484 | The default is | 484 | The default is |
485 | .Dq no . | 485 | .Dq no . |
486 | Note that this option applies to protocol version 2 only. | 486 | Note that this option applies to protocol version 2 only. |
487 | .It Cm GSSAPIKeyExchange | ||
488 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
489 | doesn't rely on ssh keys to verify host identity. | ||
490 | The default is | ||
491 | .Dq no . | ||
492 | Note that this option applies to protocol version 2 only. | ||
487 | .It Cm GSSAPICleanupCredentials | 493 | .It Cm GSSAPICleanupCredentials |
488 | Specifies whether to automatically destroy the user's credentials cache | 494 | Specifies whether to automatically destroy the user's credentials cache |
489 | on logout. | 495 | on logout. |
490 | The default is | 496 | The default is |
491 | .Dq yes . | 497 | .Dq yes . |
492 | Note that this option applies to protocol version 2 only. | 498 | Note that this option applies to protocol version 2 only. |
499 | .It Cm GSSAPIStrictAcceptorCheck | ||
500 | Determines whether to be strict about the identity of the GSSAPI acceptor | ||
501 | a client authenticates against. If | ||
502 | .Dq yes | ||
503 | then the client must authenticate against the | ||
504 | .Pa host | ||
505 | service on the current hostname. If | ||
506 | .Dq no | ||
507 | then the client may authenticate against any service key stored in the | ||
508 | machine's default store. This facility is provided to assist with operation | ||
509 | on multi homed machines. | ||
510 | The default is | ||
511 | .Dq yes . | ||
512 | Note that this option applies only to protocol version 2 GSSAPI connections, | ||
513 | and setting it to | ||
514 | .Dq no | ||
515 | may only work with recent Kerberos GSSAPI libraries. | ||
516 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
517 | Controls whether the user's GSSAPI credentials should be updated following a | ||
518 | successful connection rekeying. This option can be used to accepted renewed | ||
519 | or updated credentials from a compatible client. The default is | ||
520 | .Dq no . | ||
493 | .It Cm HostbasedAuthentication | 521 | .It Cm HostbasedAuthentication |
494 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 522 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
495 | with successful public key client host authentication is allowed | 523 | with successful public key client host authentication is allowed |