Unkerberized NFS
Ed Phillips
ed at UDel.Edu
Wed Nov 7 09:35:53 EST 2001
On Tue, 6 Nov 2001, Darren J Moffat wrote:
> Date: Tue, 06 Nov 2001 14:06:33 -0800
> From: Darren J Moffat <Darren.Moffat at Sun.COM>
> To: Ed Phillips <ed at UDel.Edu>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: Unkerberized NFS
>
>
>
> Ed Phillips wrote:
>
> > How common is the /etc/publickey in various OSes? I was thinking that for
> > our site, it might be nice to access public keys using PAM/LDAP. On
> > Solaris, theoretically, sshd could call getpublickey(). It puts another
> > constraint on login (the LDAP server has to be available), but chances
> > are, if you're using LDAP, and the LDAP server is down, the Solaris system
> > can get at /etc/passwd, et. al., stuff either through LDAP, so you'd get a
> > cached version if available in nscd.
>
>
> PAM has nothing to do with this, you mean NSS (nsswitch.conf and the nss
> modules).
Okay... that makes sense.
> Any system that has got ONC/ONC+ from Sun or has implemented NIS+ from
> scratch would have them.
What is ONC?
> However I would strongly discourage you using getpublickey since it was
> not intended to store keys other than those for the AUTH_DH mechanisms
> of RPC.
I was just wondering if getpublickey() was a "standard"-enough place to
get a public key from sshd.
What would be a "standard" way to have sshd lookup a public key that isn't
in the normal ~/.ssh/authorized_keys2 place? Would it just have to be
enhanced for this particular "look up public keys in LDAP" feature?
Thanks,
Ed
Ed Phillips <ed at udel.edu> University of Delaware (302) 831-6082
Systems Programmer III, Network and Systems Services
finger -l ed at polycut.nss.udel.edu for PGP public key
More information about the openssh-unix-dev
mailing list