18 lines
540 B
ReStructuredText
18 lines
540 B
ReStructuredText
Authentication and authorization
|
|
================================
|
|
|
|
We use/support the following authentication mechanisms:
|
|
|
|
- SSH keys/certificates
|
|
- Kerberos tickets (AD)
|
|
- Password (checked against AD), not for the ``root`` account
|
|
|
|
Login is restricted to certain users and groups on each system. This is
|
|
implemented locally using :manpage:`pam_access(8)`.
|
|
|
|
Shared Credentials
|
|
------------------
|
|
|
|
Shared credentials should be avoided, eg. by using ``.k5login`` or
|
|
``AuthorizedPrincipalsFile`` (see :manpage:`sshd_config(5)` for details).
|