Guillaume Rousse <guillaume.rou...@inria.fr> writes: > Le 04/10/2010 23:56, Russ Allbery a écrit :
>> There unfortunately isn't any way that I know of to allow GSSAPI and >> public key authentication via ssh for regular users but require GSSAPI >> alone for root authentication, so we usually just turn public key off >> entirely. (I suppose you could enforce an empty authorized_keys file, but >> that requires some sort of configuration management infrastructure running >> on each system to ensure that.) > What about this (untested) ? > Match User root > PubkeyAuthentication no Ah, yes, the Match stuff is relatively new and will probably now do the right thing. Thank you! -- Russ Allbery (r...@stanford.edu) <http://www.eyrie.org/~eagle/> ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
