HP-UX Secure Shell Getting Started Guide HP-UX 11i v1, HP-UX 11i v2, and HP-UX 11i v3 (5900-3142, June 2013)
KerberosAuthAllowUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use this
configuration directive to specify which users can authenticate using GSSAPI authentication.
The default setting is to allow all users.
For example:
KerberosAuthDenyUsers Allow All
KerberosAuthDenyUsers
This configuration directive has been introduced by the 3rd party “Auth Selection” patch. Use this
configuration directive to specify which users must not be allowed to authenticate using GSSAPI
authentication.
The default setting is to deny no users.
For example:
KerberosAuthDenyUsers Deny none
KerberosAuthentication
Use this directive to specify whether the Kerberos KDC validates the password provided by the
user for password authentication. The server needs a Kerberos servtab to verify the KDC identity.
The default setting is yes.
For example:
KerberosAuthentication yes
KerberosOrLocalPasswd
Use this directive to specify password validation with mechanisms such as /etc/passwd/ when
password authentication through Kerberos fails.
TIP: Use KerberosOrLocalPasswd in an environment where every user does not authenticate
using Kerberos.
The default setting is yes.
For example:
KerberosOrLocalPasswd yes
KerberosTicketCleanup
Use this directive to specify whether the user ticket cache file must be destroyed automatically after
the user logs out.
The default setting is yes.
For example:
KerberosTicketCleanup yes
KexAlgorithms
Use this directive to specify the available KEX (Key Exchange) algorithms. Multiple algorithms must
be separated by commas.
The default is ecdh-sha2–nistp256, ecdh-sha2–nistp384, ecdh-sha2–nistp521,
diffie-hellman-group-exchange-sha256, diffie-hellman-group-exchange-sha1,
diffie-hellman-group14-sha1, diffie-hellman-group1-sha1.
For example:
KexAlgorithms ecdh-sha2-nistp256,ecdh-sha2-nistp384,ecdh-sha2-nistp521
72 Configuration Files and Directives