Some time ago I ran into a process to use LDAP as a place to store ssh pub keys for easy ssh access to all systems.<br><br>Downside was it required a specially patched and compiled sshd. um. nope! Not gonna do that. <br><br>
while poking (ok. schlogging through 200+ pages of docs) at Red Hat Virtualization ManagerĀ I had to set up IPA. It seems that RedHat has managed to glue in ssh pubkeys into IPA with some PAM/SSSD settings. I haven't dug into the guts of the process but it looks like once pub keys are stored in 389 (ldap server), and a system is configed to the kerberos domain managed by (free)IPA, PAM knows to hit 389 for user pub keys during an ssh login session attempt.<br>
<br>cool!<br><br>And since the kickstart process supports a fresh install with auto-join to the kerberos domain, a new server can be provisioned and it comes with admin keys in place by default.<br clear="all"><br>-- <br>
-- <br>James P. Kinney III<br><i><i><i><i><br></i></i></i></i>Every time you stop a school, you will have to build a jail. What you
gain at one end you lose at the other. It's like feeding a dog on his
own tail. It won't fatten the dog.<br>
- Speech 11/23/1900 Mark Twain<br><i><i><i><i><br><a href="http://electjimkinney.org" target="_blank">http://electjimkinney.org</a><br><a href="http://heretothereideas.blogspot.com/" target="_blank">http://heretothereideas.blogspot.com/</a><br>
</i></i></i></i><br>