[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
RE: LDAP + SSH + Key Auth
> -----Original Message-----
> From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
> Sent: Thursday, October 16, 2008 3:29 AM
> To: openldap-technical@openldap.org
> Cc: Christopher Barry; openLDAP
> Subject: Re: LDAP + SSH + Key Auth
>
> On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
> > > -----Original Message-----
> > > From:
> > > openldap-technical-bounces+christopher.barry=qlogic.com@openld
> > > ap.org
> > > [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> > > m@openldap.org] On Behalf Of openLDAP
> > > Sent: Wednesday, October 15, 2008 6:18 PM
> > > To: openldap-technical@openldap.org
> > > Subject: LDAP + SSH + Key Auth
> > >
> > > I would like to use public keys on my OS X servers for my
> > > LDAP users to use SSH. All indications from the OSX list is
> > > that it is not possible.
> > >
> > > I was hoping someone on this list could confirm that LDAP/Key
> > > Pair/SSH is not possible or point me in the right direction
> > > to where someone has figured it out.
>
> http://code.google.com/p/openssh-lpk
>
> > > I would like to
> > > centrally control SSH access and not have to have local
> > > accounts on all of my servers.
> > >
> > > Any help is appreciated.
> >
> > May not be relevant, but...
> >
> > Are your servers mounting a centralized storage for user's
> homes? If so,
> > then they'll really only need to setup a key once from
> their desktop,
> > and if you put users in groups that relate to the servers,
> then you can
> > control which groups of users get to what servers by the AllowGroups
> > directive in sshd_config.
> >
> > Of course, it all depends on the pattern of access:
> > * single desktop to many automounting servers - above works good.
> > * many to many - it gets annoying...
>
> Which is exactly when the LPK patch is useful.
>
>
> Regards,
> Buchan
>
Nice! Thanks for the link Buchan.
-C