[Freeipa-users] Help with sshd configuration - ChallengeResponseAuthentication
puck at i29.net
puck at i29.net
Wed Oct 8 16:07:22 UTC 2008
I've run into a problem when setting up IPA for ssh logins. I've found
that I need to set ChallengeResponseAuthentication to "yes" in my
sshd_config to allow users to change their expired passwords on login,
otherwise the login process just hangs and eventually times out.
However, when I set it to "yes" password-less logins between my servers
no longer work. Once I'm logged in, if I run a "kinit (username)" then
the password-less login works again so I assume that when
ChallengeResponseAuthentication is on, sshd just doesn't set that
correctly. Can anyone recommend an sshd configuration that would allow
both the password-less logins and allow users to change their passwords
at login when they are expired?
Jem Tallon
More information about the Freeipa-users
mailing list