[ale] cool add-on: ssh pub-key in ldap without custom sshd
Jim Kinney
jim.kinney at gmail.com
Thu Oct 18 15:45:15 EDT 2012
Some time ago I ran into a process to use LDAP as a place to store ssh pub
keys for easy ssh access to all systems.
Downside was it required a specially patched and compiled sshd. um. nope!
Not gonna do that.
while poking (ok. schlogging through 200+ pages of docs) at Red Hat
Virtualization Manager I had to set up IPA. It seems that RedHat has
managed to glue in ssh pubkeys into IPA with some PAM/SSSD settings. I
haven't dug into the guts of the process but it looks like once pub keys
are stored in 389 (ldap server), and a system is configed to the kerberos
domain managed by (free)IPA, PAM knows to hit 389 for user pub keys during
an ssh login session attempt.
cool!
And since the kickstart process supports a fresh install with auto-join to
the kerberos domain, a new server can be provisioned and it comes with
admin keys in place by default.
--
--
James P. Kinney III
*
*Every time you stop a school, you will have to build a jail. What you gain
at one end you lose at the other. It's like feeding a dog on his own tail.
It won't fatten the dog.
- Speech 11/23/1900 Mark Twain
*
http://electjimkinney.org
http://heretothereideas.blogspot.com/
*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20121018/feb396cd/attachment.html
More information about the Ale
mailing list