OPENSSH_3_8_1P1_GSSAPI_20040629 merged to gpt-branch

[gssapi-openssh.git] / openssh / sshd_config.5

diff --git a/openssh/sshd_config.5 b/openssh/sshd_config.5
index 168fd23bdaa1d8bf84030f4bd550c96f3ad841cb..c53480dfa4acbf677579c6c47837c02a520e4414 100644 (file)
--- a/openssh/sshd_config.5
+++ b/openssh/sshd_config.5
@@ -34,7 +34,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.28 2004/02/17 19:35:21 jmc Exp $
+.\" $OpenBSD: sshd_config.5,v 1.29 2004/03/08 10:18:57 dtucker Exp $
 .Dd September 25, 1999
 .Dt SSHD_CONFIG 5
 .Os
@@ -312,6 +312,11 @@ To use this option, the server needs a
 Kerberos servtab which allows the verification of the KDC's identity.
 Default is
 .Dq no .
+.It Cm KerberosGetAFSToken
+If AFS is active and the user has a Kerberos 5 TGT, attempt to aquire
+an AFS token before accessing the user's home directory.
+Default is
+.Dq no .
 .It Cm KerberosOrLocalPasswd
 If set then if password authentication through Kerberos fails then
 the password will be validated via any additional local mechanism
@@ -441,7 +446,9 @@ The default is
 .Pp
 If this option is set to
 .Dq without-password
-password authentication is disabled for root.
+password authentication is disabled for root.  Note that other authentication
+methods (e.g., keyboard-interactive/PAM) may still allow root to login using
+a password.
 .Pp
 If this option is set to
 .Dq forced-commands-only