On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
-----Original Message----- From: openldap-technical-bounces+christopher.barry=qlogic.com@openld ap.org [mailto:openldap-technical-bounces+christopher.barry=qlogic.co m@openldap.org] On Behalf Of openLDAP Sent: Wednesday, October 15, 2008 6:18 PM To: openldap-technical@openldap.org Subject: LDAP + SSH + Key Auth
I would like to use public keys on my OS X servers for my LDAP users to use SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is not possible or point me in the right direction to where someone has figured it out.
http://code.google.com/p/openssh-lpk
I would like to centrally control SSH access and not have to have local accounts on all of my servers.
Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's homes? If so, then they'll really only need to setup a key once from their desktop, and if you put users in groups that relate to the servers, then you can control which groups of users get to what servers by the AllowGroups directive in sshd_config.
Of course, it all depends on the pattern of access:
- single desktop to many automounting servers - above works good.
- many to many - it gets annoying...
Which is exactly when the LPK patch is useful.
Regards, Buchan