From 0f753be3f4ac9cc6889da1a7b2f81deea284183d Mon Sep 17 00:00:00 2001 From: Niels Provos Date: Wed, 2 Aug 2000 16:27:17 +0000 Subject: disable kerberos authentication by default --- usr.bin/ssh/readconf.c | 4 ++-- usr.bin/ssh/sshd.8 | 7 ++++--- 2 files changed, 6 insertions(+), 5 deletions(-) (limited to 'usr.bin') diff --git a/usr.bin/ssh/readconf.c b/usr.bin/ssh/readconf.c index 06cfaa1a369..b44ea3652d3 100644 --- a/usr.bin/ssh/readconf.c +++ b/usr.bin/ssh/readconf.c @@ -14,7 +14,7 @@ */ #include "includes.h" -RCSID("$OpenBSD: readconf.c,v 1.43 2000/07/14 22:59:46 markus Exp $"); +RCSID("$OpenBSD: readconf.c,v 1.44 2000/08/02 16:27:16 provos Exp $"); #include "ssh.h" #include "cipher.h" @@ -724,7 +724,7 @@ fill_default_options(Options * options) options->skey_authentication = 0; #ifdef KRB4 if (options->kerberos_authentication == -1) - options->kerberos_authentication = 1; + options->kerberos_authentication = 0; #endif /* KRB4 */ #ifdef AFS if (options->kerberos_tgt_passing == -1) diff --git a/usr.bin/ssh/sshd.8 b/usr.bin/ssh/sshd.8 index 6f983ffb9ad..e5c6f28364c 100644 --- a/usr.bin/ssh/sshd.8 +++ b/usr.bin/ssh/sshd.8 @@ -9,7 +9,7 @@ .\" .\" Created: Sat Apr 22 21:55:14 1995 ylo .\" -.\" $Id: sshd.8,v 1.58 2000/08/01 17:46:10 deraadt Exp $ +.\" $Id: sshd.8,v 1.59 2000/08/02 16:27:16 provos Exp $ .\" .Dd September 25, 1999 .Dt SSHD 8 @@ -383,9 +383,10 @@ Specifies whether Kerberos authentication is allowed. This can be in the form of a Kerberos ticket, or if .Cm PasswordAuthentication is yes, the password provided by the user will be validated through -the Kerberos KDC. +the Kerberos KDC. To use this option, the server needs a +Kerberos servtab which allows the verification of the KDC's identity. Default is -.Dq yes . +.Dq no . .It Cm KerberosOrLocalPasswd If set then if password authentication through Kerberos fails then the password will be validated via any additional local mechanism -- cgit v1.2.3