openssh keys in ldap
jeff mcelroy
jmcelroy at dtgnet.com
Thu Jul 19 00:11:02 EST 2001
Pekka Savola wrote:
> On Wed, 18 Jul 2001, Jakob Schlyter wrote:
> > On Mon, 16 Jul 2001, jeff mcelroy wrote:
> >
> > > Is there any work going into placing keys in a central directory such as
> > > LDAP ?
> >
> > I see a problem with finding out what ldap server that has the key for
> > host.example.com? and then communicate securly and fast enough with that
> > server.
> >
> > I would rather consider the dnssec support to be the preferred key
> > distribution mechanism in the future.
>
> I think the original meant placing keys of all servers _within
> organization_ to a central _internal_ directory.
>
> This is what I though of it at any rate.
>
> For "global" secure key access, dnssec is the way to go (if you want to
> put them in a database at any rate, and can proof the transaction).
>
> --
> Pekka Savola "Tell me of difficulties surmounted,
> Netcore Oy not those you stumble over and fall"
> Systems. Networks. Security. -- Robert Jordan: A Crown of Swords
We have openssh deployed accross our organization and have to add/remove
entries into the known_hosts / authorized_keys files often. I am looking for a
way to centrally manage these keys.
Jeff McElroy
jmcelroy at dtgnet.com
More information about the openssh-unix-dev
mailing list