diff options
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index dfd07b713..a3357d445 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -374,12 +374,40 @@ Specifies whether user authentication based on GSSAPI is allowed. | |||
374 | The default is | 374 | The default is |
375 | .Dq no . | 375 | .Dq no . |
376 | Note that this option applies to protocol version 2 only. | 376 | Note that this option applies to protocol version 2 only. |
377 | .It Cm GSSAPIKeyExchange | ||
378 | Specifies whether key exchange based on GSSAPI is allowed. GSSAPI key exchange | ||
379 | doesn't rely on ssh keys to verify host identity. | ||
380 | The default is | ||
381 | .Dq no . | ||
382 | Note that this option applies to protocol version 2 only. | ||
377 | .It Cm GSSAPICleanupCredentials | 383 | .It Cm GSSAPICleanupCredentials |
378 | Specifies whether to automatically destroy the user's credentials cache | 384 | Specifies whether to automatically destroy the user's credentials cache |
379 | on logout. | 385 | on logout. |
380 | The default is | 386 | The default is |
381 | .Dq yes . | 387 | .Dq yes . |
382 | Note that this option applies to protocol version 2 only. | 388 | Note that this option applies to protocol version 2 only. |
389 | .It Cm GSSAPIStrictAcceptorCheck | ||
390 | Determines whether to be strict about the identity of the GSSAPI acceptor | ||
391 | a client authenticates against. If | ||
392 | .Dq yes | ||
393 | then the client must authenticate against the | ||
394 | .Pa host | ||
395 | service on the current hostname. If | ||
396 | .Dq no | ||
397 | then the client may authenticate against any service key stored in the | ||
398 | machine's default store. This facility is provided to assist with operation | ||
399 | on multi homed machines. | ||
400 | The default is | ||
401 | .Dq yes . | ||
402 | Note that this option applies only to protocol version 2 GSSAPI connections, | ||
403 | and setting it to | ||
404 | .Dq no | ||
405 | may only work with recent Kerberos GSSAPI libraries. | ||
406 | .It Cm GSSAPIStoreCredentialsOnRekey | ||
407 | Controls whether the user's GSSAPI credentials should be updated following a | ||
408 | successful connection rekeying. This option can be used to accepted renewed | ||
409 | or updated credentials from a compatible client. The default is | ||
410 | .Dq no . | ||
383 | .It Cm HostbasedAuthentication | 411 | .It Cm HostbasedAuthentication |
384 | Specifies whether rhosts or /etc/hosts.equiv authentication together | 412 | Specifies whether rhosts or /etc/hosts.equiv authentication together |
385 | with successful public key client host authentication is allowed | 413 | with successful public key client host authentication is allowed |