gitea-pages/admin-guide/architecture/authentication-authorization.rst

Authentication and authorization

We use/support the following authentication mechanisms:

• SSH keys/certificates
• Kerberos tickets (AD)
• Password (checked against AD), not for the root account

Login is restricted to certain users and groups on each system. This is implemented locally using pam_access(8).

Shared Credentials

Shared credentials should be avoided, eg. by using .k5login or AuthorizedPrincipalsFile (see sshd_config(5) for details).