Even without distributing SSH keys, SSH login can be set up as single sign-on – provided LDAP and Kerberos are in place.
If you already have LDAP and Kerberos in the network, SSH login can be set up on multiple servers without a password – without having to distribute SSH keys. However, this requires that all systems use central user administration via LDAP and that the hosts and users have a Kerberos principal. In addition, the host names of client and server must be resolvable via DNS – both forwards and backwards (reverse DNS).[Read more…] about Set up single sign-on (SSO) for SSH with LDAP and Kerberos