From: Buchan Milne [mailto:firstname.lastname@example.org]
Sent: Thursday, October 16, 2008 3:29 AM
Cc: Christopher Barry; openLDAP
Subject: Re: LDAP + SSH + Key Auth
On Thursday 16 October 2008 01:11:15 Christopher Barry wrote:
> > -----Original Message-----
> > From:
> > openldap-technical-bounces+christopher.barry=qlogic.com@openld
> > ap.org
> > [mailto:openldap-technical-bounces+christopher.barry=qlogic.co
> > m(a)openldap.org] On Behalf Of openLDAP
> > Sent: Wednesday, October 15, 2008 6:18 PM
> > To: openldap-technical(a)openldap.org
> > Subject: LDAP + SSH + Key Auth
> > I would like to use public keys on my OS X servers for my
> > LDAP users to use SSH. All indications from the OSX list is
> > that it is not possible.
> > I was hoping someone on this list could confirm that LDAP/Key
> > Pair/SSH is not possible or point me in the right direction
> > to where someone has figured it out.
> > I would like to
> > centrally control SSH access and not have to have local
> > accounts on all of my servers.
> > Any help is appreciated.
> May not be relevant, but...
> Are your servers mounting a centralized storage for user's
homes? If so,
> then they'll really only need to setup a key once from
> and if you put users in groups that relate to the servers,
then you can
> control which groups of users get to what servers by the AllowGroups
> directive in sshd_config.
> Of course, it all depends on the pattern of access:
> * single desktop to many automounting servers - above works good.
> * many to many - it gets annoying...
Which is exactly when the LPK patch is useful.