Request for LPK patch to be merged
chris at qwirx.com
Fri Dec 7 22:58:09 EST 2007
I sent this message a few weeks ago and so far have not had any reply. Is
there another procedure for requesting such changes?
On Sun, 25 Nov 2007, Chris Wilson wrote:
> At my organisation we have an LDAP infrastructure built on OpenLDAP,
> between Unix boxes running OpenSSH at multiple sites. It works well but
> the SSH key management is something of an inconvenience, especially as we
> would like to implement SSO with ssh-agent and passphrased keys.
> There is an OpenSSH patch called LPK which can allow the authorized_keys
> to be stored in LDAP, and that would be really useful in our environment.
> However we don't really want to maintain our own packages, and our default
> distro doesn't want to supply packages with the LPK patch as long as it's
> not supported upstream.
> So I'd like to request that you consider the LPK patch for merging into
> OpenSSH. You can find it here:
> Here is the description of what specifically we are trying to achieve:
> In particular: "The final goal is cross-platform authentication, being
> able to manage users globally on the LDAP server, without performing any
> action on the server pool (scalability for add/revoke a user to N servers
> And here is another page giving another good reason for using LPK:
> "What happens when you have dozens or more [machines]? You have to
> maintain your public keys on all those systems, ensuring they are kept up
> to date. God forbid that you loose your private key, or that it becomes
> compromised: you'd have to quickly change all the authorized_keys files on
> all machines!"
> I'm not the developer of the patch, but if there are specific issues that
> need to be addressed then I'd be happy to coordinate with the maintainer
> and/or lend a hand to see them addressed.
> Cheers, Chris.
_____ __ _
\ __/ / ,__(_)_ | Chris Wilson <0000 at qwirx.com> - Cambs UK |
/ (_/ ,\/ _/ /_ \ | Security/C/C++/Java/Perl/SQL/HTML Developer |
\ _/_/_/_//_/___/ | We are GNU-free your mind-and your software |
More information about the openssh-unix-dev