[ale] ssh + ldap
Jerald Sheets
questy at gmail.com
Thu Mar 19 08:21:44 EDT 2009
Why not use the pam integration to LDAP through your /etc/pam.d/system-
auth and/or sshd files. In that way, let pam manage the communication
with LDAP on behalf of SSH.
There's also some real cool features of group-based authentication/
access in /etc/security/access.conf you should look at. It's the
first time I've had opportunity to use it and is quite nice.
It seems a little redundant to not just tie pam in rather than tying
both pam and sshd in.
Or, maybe I'm not understanding the way you're implementing. Could
you expand a little on that? (I'm doing the same thing for CNN right
now)
--j
On Mar 19, 2009, at 6:48 AM, Kenneth Ratliff wrote:
>
> On Mar 18, 2009, at 10:04 PM, Jim Kinney wrote:
>
>> cool idea: park ssh pub keys in ldap for large installation.
>>
>> http://code.google.com/p/openssh-lpk/
>
>
> Yeah this occurred to me when I was busy integrating my home network
> with LDAP to get everything to single signon. There's just something
> about patching OpenSSH that makes me unhappy, though.
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.ale.org/pipermail/ale/attachments/20090319/335ac373/attachment-0001.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 195 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20090319/335ac373/attachment-0001.bin
More information about the Ale
mailing list