HP-UX Secure Shell Getting Started Guide
IgnoreUserKnownHosts no
KerberosAuthAllowUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use
this configuration directive to specify which users can authenticate using GSSAPI authentication.
The default setting is to allow all users.
For example:
KerberosAuthDenyUsers Allow All
KerberosAuthDenyUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use
this configuration directive to specify which users must not be allowed to authenticate using
GSSAPI authentication. The default setting is to deny no users.
For example:
KerberosAuthDenyUsers Deny none
KerberosAuthentication
Use this directive to specify whether the Kerberos KDC validates the password provided by the
user for password authentication. The server needs a Kerberos servtab to verify the KDC
identity. This directive is supported only when HP-UX Secure Shell is enabled with the
-with-kerberos option at compile time.
The default setting is YES.
For example:
KerberosAuthentication YES
KerberosOrLocalPasswd
Use this directive to specify password validation with mechanisms such as /etc/passwd/
when password authentication through Kerberos fails.
TIP: Use KerberosOrLocalPasswd in an environment where every user does not authenticate
using Kerberos.
The default setting is YES.
For example:
KerberosOrLocalPasswd YES
KerberosTicketCleanup
Use this directive to specify whether the user ticket cache file must be destroyed automatically
after the user logs out.
The default setting is YES.
For example:
KerberosTicketCleanup YES
ListenAddress
Use this directive to specify the local addresses that the sshd daemon listens on. You can set
one of the following values for this directive depending on the type of IP address (IPv4 or IPv6)
the system uses:
• host IPv4_addr IPv6_addr
• host IPv4_addr:port
• [host IPv6_addr]:port
Server Configuration Directives 73