Tips for finding Knowledge Articles

  • - Enter just a few key words related to your question or problem
  • - Add Key words to refine your search as necessary
  • - Do not use punctuation
  • - Search is not case sensitive
  • - Avoid non-descriptive filler words like "how", "the", "what", etc.
  • - If you do not find what you are looking for the first time,reduce the number of key words you enter and try searching again.
  • - Minimum supported Internet Explorer version is IE9
Home  >

KB-3433: What are the methods to disable SSO for users?

Authentication Service ,  

21 March,17 at 03:38 PM

Applies to: All versions of Centrify DirectControl



What are the methods to disable Single-Sign On/Kerberos for AD users?



GSSAPI is the authentication method that is used for single sign on (SSO).


If GSSAPIauthentication is disabled, the user will still be able to login by using PAM - but SSO will no longer work.


There are two methods to disable SSO:


Option 1: Client side


  • In PuTTY go to:

    Connection -> SSH -> Auth -> "Attempt GSSAPI/SSPI auth (SSH-2)" -> Disable this option

  • Or:

    Connection -> SSH -> Auth -> GSSAPI -> "Allow GSSAPI Authentication (SSH-2 only)" -> Disable this option



Option 2: Server side


  • vi into /etc/centrifydc/ssh/sshd_config
  • Uncomment the following parameters and save the file.

    GSSAPIAuthentication no
    GSSAPIKeyExchange no

  • Run adreload and restart the Centify sshd server