On Fri, 2014-08-29 at 08:31 -0400, Bret Wortman wrote:
> Does this really need to be set to "yes" in /etc/sshd_config? I've
> looked through the documentation and it only seems to say this for HP-UX
> and AIX.
If you want to do SSO login (ie passwordless) you need that on.
> We're running freeipa 3.3.5-1 and are seeing some slow logins via ssh
> that some users have reported speed up markedly when this setting is
> toggled to "no". Before I make any wholesale change recommendations, I
> wanted to check on this.
Users may fail to name the server properly, or servers may not have
keytabs, what I suggest is for users to add exceptions in
their .ssh/config so that their client skips trying SSO auth for hosts
that are known to fail to provide it.
Something like:
Host fails.example.com
User root
GSSAPIAuthentication no
HTH,
Simo.
--
Simo Sorce * Red Hat, Inc * New York
--
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go To http://freeipa.org for more info on the project
