[Freeipa-users] Help with sshd configuration - ChallengeResponseAuthentication
puck at i29.net
puck at i29.net
Wed Oct 8 16:40:35 UTC 2008
Sorry. I meant GSSAPI login.
Jem
Simo Sorce wrote:
> On Wed, 2008-10-08 at 11:07 -0500, puck at i29.net wrote:
>
>> I've run into a problem when setting up IPA for ssh logins. I've found
>> that I need to set ChallengeResponseAuthentication to "yes" in my
>> sshd_config to allow users to change their expired passwords on login,
>> otherwise the login process just hangs and eventually times out.
>> However, when I set it to "yes" password-less logins between my servers
>> no longer work. Once I'm logged in, if I run a "kinit (username)" then
>> the password-less login works again so I assume that when
>> ChallengeResponseAuthentication is on, sshd just doesn't set that
>> correctly. Can anyone recommend an sshd configuration that would allow
>> both the password-less logins and allow users to change their passwords
>> at login when they are expired?
>>
>
> By "password-less" login you mean a gssapi login or an ssh-key aided
> login ?
>
> Simo.
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20081008/110ab446/attachment.htm>
More information about the Freeipa-users
mailing list