3:18 p.m.
I would like to use public keys on my OS X servers for my LDAP users to use
SSH. All indications from the OSX list is that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key Pair/SSH is
not possible or point me in the right direction to where someone has figured
it out. I would like to centrally control SSH access and not have to have
local accounts on all of my servers.
Any help is appreciated.
4:11 p.m.
-----Original Message-----
From:
openldap-technical-bounces+christopher.barry=qlogic.com@openld
ap.org
[mailto:openldap-technical-bounces+christopher.barry=qlogic.co
m(a)openldap.org] On Behalf Of openLDAP
Sent: Wednesday, October 15, 2008 6:18 PM
To: openldap-technical(a)openldap.org
Subject: LDAP + SSH + Key Auth
I would like to use public keys on my OS X servers for my
LDAP users to use SSH. All indications from the OSX list is
that it is not possible.
I was hoping someone on this list could confirm that LDAP/Key
Pair/SSH is not possible or point me in the right direction
to where someone has figured it out. I would like to
centrally control SSH access and not have to have local
accounts on all of my servers.
Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's homes? If so,
then they'll really only need to setup a key once from their desktop,
and if you put users in groups that relate to the servers, then you can
control which groups of users get to what servers by the AllowGroups
directive in sshd_config.
Of course, it all depends on the pattern of access:
* single desktop to many automounting servers - above works good.
* many to many - it gets annoying...
HTH,
-C
12:29 a.m.
On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
> -----Original Message-----
> From:
> openldap-technical-bounces+christopher.barry=qlogic.com@openld
> ap.org
> [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> m(a)openldap.org] On Behalf Of openLDAP
> Sent: Wednesday, October 15, 2008 6:18 PM
> To: openldap-technical(a)openldap.org
> Subject: LDAP + SSH + Key Auth
>
> I would like to use public keys on my OS X servers for my
> LDAP users to use SSH. All indications from the OSX list is
> that it is not possible.
>
> I was hoping someone on this list could confirm that LDAP/Key
> Pair/SSH is not possible or point me in the right direction
> to where someone has figured it out.
http://code.google.com/p/openssh-lpk
> I would like to
> centrally control SSH access and not have to have local
> accounts on all of my servers.
>
> Any help is appreciated.
May not be relevant, but...
Are your servers mounting a centralized storage for user's homes? If so,
then they'll really only need to setup a key once from their desktop,
and if you put users in groups that relate to the servers, then you can
control which groups of users get to what servers by the AllowGroups
directive in sshd_config.
Of course, it all depends on the pattern of access:
* single desktop to many automounting servers - above works good.
* many to many - it gets annoying...
Which is exactly when the LPK patch is useful.
Regards,
Buchan
10:33 a.m.
-----Original Message-----
From: Buchan Milne [mailto:bgmilne@staff.telkomsa.net]
Sent: Thursday, October 16, 2008 3:29 AM
To: openldap-technical(a)openldap.org
Cc: Christopher Barry; openLDAP
Subject: Re: LDAP + SSH + Key Auth
On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
> > -----Original Message-----
> > From:
> > openldap-technical-bounces+christopher.barry=qlogic.com@openld
> > ap.org
> > [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> > m(a)openldap.org] On Behalf Of openLDAP
> > Sent: Wednesday, October 15, 2008 6:18 PM
> > To: openldap-technical(a)openldap.org
> > Subject: LDAP + SSH + Key Auth
> >
> > I would like to use public keys on my OS X servers for my
> > LDAP users to use SSH. All indications from the OSX list is
> > that it is not possible.
> >
> > I was hoping someone on this list could confirm that LDAP/Key
> > Pair/SSH is not possible or point me in the right direction
> > to where someone has figured it out.
http://code.google.com/p/openssh-lpk
> > I would like to
> > centrally control SSH access and not have to have local
> > accounts on all of my servers.
> >
> > Any help is appreciated.
>
> May not be relevant, but...
>
> Are your servers mounting a centralized storage for user's
homes? If so,
> then they'll really only need to setup a key once from
their desktop,
> and if you put users in groups that relate to the servers,
then you can
> control which groups of users get to what servers by the AllowGroups
> directive in sshd_config.
>
> Of course, it all depends on the pattern of access:
> * single desktop to many automounting servers - above works good.
> * many to many - it gets annoying...
Which is exactly when the LPK patch is useful.
Regards,
Buchan
Nice! Thanks for the link Buchan.
-C
5533
days inactive
5535
days old
openldap-technical@openldap.org
3 comments
3 participants
participants (3)
-
Buchan Milne -
Christopher Barry -
openLDAP