blob: 71b9c517311f4d0d9c13ab7f9b6f287a160fc87c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
|
--- openssh-6.7p1.orig/sshd_config.5 2014-11-24 10:24:29.356244415 -0800
+++ openssh-6.7p1/sshd_config.5 2014-11-24 10:23:49.415029039 -0800
@@ -610,21 +610,6 @@
The default is
.Dq yes .
Note that this option applies to protocol version 2 only.
-.It Cm GSSAPIStrictAcceptorCheck
-Determines whether to be strict about the identity of the GSSAPI acceptor
-a client authenticates against.
-If set to
-.Dq yes
-then the client must authenticate against the
-.Pa host
-service on the current hostname.
-If set to
-.Dq no
-then the client may authenticate against any service key stored in the
-machine's default store.
-This facility is provided to assist with operation on multi homed machines.
-The default is
-.Dq yes .
.It Cm HostbasedAuthentication
Specifies whether rhosts or /etc/hosts.equiv authentication together
with successful public key client host authentication is allowed
@@ -651,6 +636,21 @@
attempting to resolve the name from the TCP connection itself.
The default is
.Dq no .
+.It Cm GSSAPIStrictAcceptorCheck
+Determines whether to be strict about the identity of the GSSAPI acceptor
+a client authenticates against.
+If set to
+.Dq yes
+then the client must authenticate against the
+.Pa host
+service on the current hostname.
+If set to
+.Dq no
+then the client may authenticate against any service key stored in the
+machine's default store.
+This facility is provided to assist with operation on multi homed machines.
+The default is
+.Dq yes .
.It Cm HostCertificate
Specifies a file containing a public host certificate.
The certificate's public key must match a private host key already specified
|
