openssh keys in ldap
Pekka Savola
pekkas at netcore.fi
Wed Jul 18 21:23:51 EST 2001
On Wed, 18 Jul 2001, Jakob Schlyter wrote:
> On Mon, 16 Jul 2001, jeff mcelroy wrote:
>
> > Is there any work going into placing keys in a central directory such as
> > LDAP ?
>
> I see a problem with finding out what ldap server that has the key for
> host.example.com? and then communicate securly and fast enough with that
> server.
>
> I would rather consider the dnssec support to be the preferred key
> distribution mechanism in the future.
I think the original meant placing keys of all servers _within
organization_ to a central _internal_ directory.
This is what I though of it at any rate.
For "global" secure key access, dnssec is the way to go (if you want to
put them in a database at any rate, and can proof the transaction).
--
Pekka Savola "Tell me of difficulties surmounted,
Netcore Oy not those you stumble over and fall"
Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
More information about the openssh-unix-dev
mailing list