disable kerberos authentication by default

2 files changed, 6 insertions, 5 deletions

diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c
index 06cfaa1a369..b44ea3652d3 100644
--- a/usr.bin/ssh/readconf.c
+++ b/usr.bin/ssh/readconf.c
@@ -14,7 +14,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: readconf.c,v 1.43 2000/07/14 22:59:46 markus Exp $");
+RCSID("$OpenBSD: readconf.c,v 1.44 2000/08/02 16:27:16 provos Exp $");
 
 #include "ssh.h"
 #include "cipher.h"
@@ -724,7 +724,7 @@ fill_default_options(Options * options)
 		options->skey_authentication = 0;
 #ifdef KRB4
 	if (options->kerberos_authentication == -1)
-		options->kerberos_authentication = 1;
+		options->kerberos_authentication = 0;
 #endif /* KRB4 */
 #ifdef AFS
 	if (options->kerberos_tgt_passing == -1)
diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8
index 6f983ffb9ad..e5c6f28364c 100644
--- a/usr.bin/ssh/sshd.8
+++ b/usr.bin/ssh/sshd.8
@@ -9,7 +9,7 @@
 .\"
 .\" Created: Sat Apr 22 21:55:14 1995 ylo
 .\"
-.\" $Id: sshd.8,v 1.58 2000/08/01 17:46:10 deraadt Exp $
+.\" $Id: sshd.8,v 1.59 2000/08/02 16:27:16 provos Exp $
 .\"
 .Dd September 25, 1999
 .Dt SSHD 8
@@ -383,9 +383,10 @@ Specifies whether Kerberos authentication is allowed.
 This can be in the form of a Kerberos ticket, or if
 .Cm PasswordAuthentication
 is yes, the password provided by the user will be validated through
-the Kerberos KDC.
+the Kerberos KDC.  To use this option, the server needs a 
+Kerberos servtab which allows the verification of the KDC's identity.
 Default is
-.Dq yes .
+.Dq no .
 .It Cm KerberosOrLocalPasswd
 If set then if password authentication through Kerberos fails then
 the password will be validated via any additional local mechanism