OpenSSH and X.509 Certificate Support

[Damien Mascord]

Peter Stuge wrote:
>> then, is there any workaround to eliminate the need to append the
>> ".pub" part of it to the "authorized_keys" file on the Server.
>>     
>
> Here I agree with you - the administrative advantages of PKI seem to
> be lost if each client's cert needs to be distributed to all servers.
>
> But on the other hand - how will the certificate->username mapping be
> done otherwise? (Each cert should only be allowed for one username.)
>   
Hi Peter,

Wouldn't you be able to do this with the certificate signature, rather
than the entire certificate ?

Cheers,

Damien