Antonio Larrosa
fef1b16e66
commented out). The keycat binary isn't really installed nor supported, so we can drop it, except for the code that is used by other SELinux patches, which is what I kept from that patch (boo#1229072). - Add patch submitted to upstream to fix RFC4256 implementation so that keyboard-interactive authentication method can send instructions and sshd shows them to users even before a prompt is requested. This fixes MFA push notifications (boo#1229010). * 0001-auth-pam-Immediately-report-instructions-to-clients-and-fix-handling-in-ssh-client.patch OBS-URL: https://build.opensuse.org/package/show/network/openssh?expand=0&rev=274
19 lines
528 B
Plaintext
19 lines
528 B
Plaintext
This version of the Kerbros/GSSAPI support avoids DNS lookups
|
|
for Kerberos-related names. These DNS lookups were problematic
|
|
for dialup users because they would lead to excessive delays
|
|
if DNS was not reachable.
|
|
|
|
If you do use Kerberos, please make sure you edit the server and
|
|
client configuration files as follows:
|
|
|
|
/etc/ssh/sshd_config:
|
|
|
|
GSSAPIAuthentication yes
|
|
GSSAPICleanupCredentials yes
|
|
|
|
/etc/ssh/ssh_config:
|
|
Host *
|
|
... lots of other options ...
|
|
GSSAPIAuthentication yes
|
|
GSSAPIDelegateCredentials yes
|