James Hogarth wrote: >> At the moment I'm not clear what advantage keytabs have. >> I do not have to login after "ssh -Y ..." >> as I have appended id_rsa.pub to known_hosts in each direction. > Keytabs are like a filebased password that the machine uses to > authenticate to the directory server in order to validate that the token > you provide is indeed valid. > > Without a proper kerberos infrastructure (keytabs on machines, PTR records > in place, time consistent, etc etc) GSSAPI for SSH/HTTP/etc will not work. You have not said what advantage this would have. As far as I can see, openssh changed the default setting (in /etc/ssh/ssh_config) to make GSSAPIAuthentication first choice. However, neither Fedora nor CentOS seem to have implemented the necessary steps to make this usable. Would it be likely to cause any problems if one reverts to the default setting (GSSAPIAuthentication no)? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Irelan -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
