Re: LDAP + SSH + Key Auth

[Buchan Milne <bgmilne@staff.telkomsa.net>]

On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
> > -----Original Message-----
> > From:
> > openldap-technical-bounces+christopher.barry=qlogic.com@openld
> > ap.org
> > [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> > m@openldap.org] On Behalf Of openLDAP
> > Sent: Wednesday, October 15, 2008 6:18 PM
> > To: openldap-technical@openldap.org
> > Subject: LDAP + SSH + Key Auth
> >
> > I would like to use public keys on my OS X servers for my
> > LDAP users to use SSH.  All indications from the OSX list is
> > that it is not possible.
> >
> > I was hoping someone on this list could confirm that LDAP/Key
> > Pair/SSH is not possible or point me in the right direction
> > to where someone has figured it out.

http://code.google.com/p/openssh-lpk

> > I would like to
> > centrally control SSH access and not have to have local
> > accounts on all of my servers.
> >
> > Any help is appreciated.
>
> May not be relevant, but...
>
> Are your servers mounting a centralized storage for user's homes? If so,
> then they'll really only need to setup a key once from their desktop,
> and if you put users in groups that relate to the servers, then you can
> control which groups of users get to what servers by the AllowGroups
> directive in sshd_config.
>
> Of course, it all depends on the pattern of access:
> * single desktop to many automounting servers - above works good.
> * many to many - it gets annoying...

Which is exactly when the LPK patch is useful.


Regards,
Buchan