24 lines
642 B
Plaintext
24 lines
642 B
Plaintext
|
|
||
|
This version of the Kerbros/GSSAPI support avoids DNS lookups
|
||
|
for Kerberos-related names. These DNS lookups were problematic
|
||
|
for dialup users because they would lead to excessive delays
|
||
|
if DNS was not reachable.
|
||
|
|
||
|
In order to disable these lookups, I had to change the default
|
||
|
configuration, disabling GSSAPI authentication.
|
||
|
|
||
|
If you do use Kerberos, please make sure you edit the server and
|
||
|
client configuration files as follows:
|
||
|
|
||
|
/etc/ssh/sshd_config:
|
||
|
|
||
|
GSSAPIAuthentication yes
|
||
|
GSSAPICleanupCredentials yes
|
||
|
|
||
|
/etc/ssh/ssh_config:
|
||
|
Host *
|
||
|
... lots of other options ...
|
||
|
GSSAPIAuthentication yes
|
||
|
GSSAPIDelegateCredentials yes
|
||
|
|