1 files changed, 11 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index 5ab431890..68424f110 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -616,6 +616,12 @@ Specifies whether user authentication based on GSSAPI is allowed.
 The default is
 .Dq no .
 Note that this option applies to protocol version 2 only.
+.It Cm GSSAPIKeyExchange
+Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
+doesn't rely on ssh keys to verify host identity.
+The default is
+.Dq no .
+Note that this option applies to protocol version 2 only.
 .It Cm GSSAPICleanupCredentials
 Specifies whether to automatically destroy the user's credentials cache
 on logout.
@@ -637,6 +643,11 @@ machine's default store.
 This facility is provided to assist with operation on multi homed machines.
 The default is
 .Dq yes .
+.It Cm GSSAPIStoreCredentialsOnRekey
+Controls whether the user's GSSAPI credentials should be updated following a 
+successful connection rekeying. This option can be used to accepted renewed 
+or updated credentials from a compatible client. The default is
+.Dq no .
 .It Cm HostbasedAcceptedKeyTypes
 Specifies the key types that will be accepted for hostbased authentication
 as a comma-separated pattern list.

diff --git a/sshd_config.5 b/sshd_config.5 index 5ab431890..68424f110 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -616,6 +616,12 @@ Specifies whether user authentication based on GSSAPI is allowed.
616	The default is	616	The default is
617	.Dq no .	617	.Dq no .
618	Note that this option applies to protocol version 2 only.	618	Note that this option applies to protocol version 2 only.
		619	.It Cm GSSAPIKeyExchange
		620	Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange
		621	doesn't rely on ssh keys to verify host identity.
		622	The default is
		623	.Dq no .
		624	Note that this option applies to protocol version 2 only.
619	.It Cm GSSAPICleanupCredentials	625	.It Cm GSSAPICleanupCredentials
620	Specifies whether to automatically destroy the user's credentials cache	626	Specifies whether to automatically destroy the user's credentials cache
621	on logout.	627	on logout.
@@ -637,6 +643,11 @@ machine's default store.
637	This facility is provided to assist with operation on multi homed machines.	643	This facility is provided to assist with operation on multi homed machines.
638	The default is	644	The default is
639	.Dq yes .	645	.Dq yes .
		646	.It Cm GSSAPIStoreCredentialsOnRekey
		647	Controls whether the user's GSSAPI credentials should be updated following a
		648	successful connection rekeying. This option can be used to accepted renewed
		649	or updated credentials from a compatible client. The default is
		650	.Dq no .
640	.It Cm HostbasedAcceptedKeyTypes	651	.It Cm HostbasedAcceptedKeyTypes
641	Specifies the key types that will be accepted for hostbased authentication	652	Specifies the key types that will be accepted for hostbased authentication
642	as a comma-separated pattern list.	653	as a comma-separated pattern list.