Applies to: All versions of Centrify DirectControl
What are the methods to disable Single-Sign On/Kerberos for AD users?
GSSAPI is the authentication method that is used for single sign on (SSO).
If GSSAPIauthentication is disabled, the user will still be able to login by using PAM - but SSO will no longer work.
There are two methods to disable SSO:
Option 1: Client side
- In PuTTY go to:
Connection -> SSH -> Auth -> "Attempt GSSAPI/SSPI auth (SSH-2)" -> Disable this option
Connection -> SSH -> Auth -> GSSAPI -> "Allow GSSAPI Authentication (SSH-2 only)" -> Disable this option
Option 2: Server side
- vi into /etc/centrifydc/ssh/sshd_config
- Uncomment the following parameters and save the file.
- Run adreload and restart the Centify sshd server