3.5. Enabling Users to Add a Kerberos Principal SSH Key

You can enable developers to be able to add a Kerberos principal SHH key.

The VALID_SSH_KEY_TYPES option, in the /etc/openshift/broker.conf file, contains a list of supported SSH key types. If VALID_SSH_KEY_TYPES is unspecified, all supported types are allowed.

If the k5login_directory option is used in the /etc/krb5.conf file, ensure SSHD can read the specified directory. For SELinux, the default context might need to be modified, as in the following example:

$ semanage fcontext -a -t krb5_home_t "/Path/To/File(/.*)?"
$ restorecon -R -v /Path/To/File