X.509 support in ssh (revisited)

Frank Cusack fcusack at fcusack.com
Wed Jan 30 08:43:19 EST 2002


On Wed, Jan 23, 2002 at 10:21:39AM -0800, Anne Carasik wrote:
> On Wed, Jan 23, 2002 at 05:53:59PM +0100, Markus Friedl wrote:
> > On Wed, Jan 23, 2002 at 08:45:49AM -0800, Anne Carasik wrote:
> > > Last I heard (and it's been a while), OpenSSH is supposed to have some 
> > > spki support, but I'm not sure when it's going to be implemented.
> > 
> > who said this? is there anyone working on patches?
> > i think lsh has some spki thingy.
> > 
> 
> I don't remember who said this, as this was a while back. All I remember
> is the PKI thingy, and everyone was trying to do something with it.
> 
> From a sysadmin standpoint, I'd like to be able to manage user keys with
> PKI.
> 
> You can probably do that with PAM, right?

No, PAM won't support that, at least not as specified in OSF RFC
86.0 (which is what folks generally mean when they say "PAM").

My understanding of Linux-PAM is that it can support this.  However, it's
not even widely supported within Linux distros AFAIK.  Any implementation
using Linux-PAM would be non-portable.

/fc



More information about the openssh-unix-dev mailing list