On Thu, 2008-11-27 at 23:08 +0000, Nigel J. Taylor wrote: > If your are using Kerberos, then you need PasswordAuthentication yes in the > sshd_config also. > > If your using GSSAPI then you need GSSAPIAuthentication yes in the sshd_config > and ssh_config. That is if your using ssh wf and don't expect a prompt for a > password. The following is using GSSAPI (First a failure as no ticket). > > $ ssh me@rhea > Permission denied (publickey,gssapi-with-mic,keyboard-interactive). > $ kinit me > me@xxxxxxxxx's Password: > $ ssh me@rhea > Last login: Thu Nov 27 22:42:21 2008 from pandora.xxx.me.uk > OpenBSD 4.4-stable (GENERIC) #3: Tue Nov 11 00:54:23 GMT 2008 > > Welcome to OpenBSD: The proactively secure Unix-like operating system. > > Please use the sendbug(1) utility to report bugs in the system. > Before reporting a bug, please try to reproduce it with the latest > version of the code. With bug reports, please try to ensure that > enough information to reproduce the problem is enclosed, and if a > known fix for it exists, include that as well. > > $ egrep "Authen" /etc/ssh/sshd_config > # Authentication: > PasswordAuthentication no > KerberosAuthentication no > GSSAPIAuthentication yes > $ ^D > Connection to rhea closed. > $ hostname > pandora.xxx.me.uk > > Regards > > Nigel Taylor > Hi, its been some time but i just hate it to find "wrong" information for good software. PasswordAuthentication yes is NOT needed for GSSAPI to work as stated in the first line. the egrep later shows the truth :) greets