X.509 support in ssh (revisited)
Anne Carasik
gator at cacr.caltech.edu
Thu Jan 24 03:45:49 EST 2002
On Wed, Jan 23, 2002 at 04:46:43PM +0200, Thanos Siaperas wrote:
[deletia]
> * X.509 certificate support for authentication. As used in the likes of
> stunnel, mod_ssl etc for client auth.
>
> * Directory based (LDAP) key lookup. Either for X.509 public certs or
> standard ssh public key.
[deletia]
> We are considering upgrading our ssh infrastructure, from the previous
> one (f-secure)
> to OpenSSH or ssh.com's SSH.
> ssh.com' SSH supports certificate authentication in their commercial
> version.
Ok, right. With the many certificate vendors out there, I'd find out
who exactly they do support.
Last time I checked, X.509 support was only for SSH own CA (Certifier).
Last I heard (and it's been a while), OpenSSH is supposed to have some
spki support, but I'm not sure when it's going to be implemented.
-Anne
--
.-"".__."``". Anne Carasik, sysadmin, gator at cacr.caltech.edu
.-.--. _...' (/) (/) ``' Don't insult the alligator till after you
(O/ O) \-' ` -="""=. ', cross the river. -unknown
~`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20020123/590b5452/attachment.bin
More information about the openssh-unix-dev
mailing list