RE: LDAP + SSH + Key Auth

["Christopher Barry" <christopher.barry@qlogic.com>]

> -----Original Message-----
> From: 
> openldap-technical-bounces+christopher.barry=qlogic.com@openld
> ap.org 
> [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> m@openldap.org] On Behalf Of openLDAP
> Sent: Wednesday, October 15, 2008 6:18 PM
> To: openldap-technical@openldap.org
> Subject: LDAP + SSH + Key Auth
> 
> I would like to use public keys on my OS X servers for my 
> LDAP users to use SSH.  All indications from the OSX list is 
> that it is not possible.  
> 
> I was hoping someone on this list could confirm that LDAP/Key 
> Pair/SSH is not possible or point me in the right direction 
> to where someone has figured it out. I would like to 
> centrally control SSH access and not have to have local 
> accounts on all of my servers.
> 
> Any help is appreciated.
> 
> 
> 
>
May not be relevant, but...

Are your servers mounting a centralized storage for user's homes? If so,
then they'll really only need to setup a key once from their desktop,
and if you put users in groups that relate to the servers, then you can
control which groups of users get to what servers by the AllowGroups
directive in sshd_config.

Of course, it all depends on the pattern of access: 
* single desktop to many automounting servers - above works good.
* many to many - it gets annoying...

HTH,
-C