Support for merging LPK and hpn-ssh into mainline openssh?
Damien Miller
djm at mindrot.org
Thu Sep 10 03:00:14 EST 2009
On Tue, 8 Sep 2009, Howard Chu wrote:
> > My concern is more with the complexity and maintenance hassle of LDAP,
> > not the run-time linkage.
>
> Could you elaborate on this comment? Most sysadmins are looking for this
> feature precisely because it *reduces* the complexity and hassle of
> maintaining user login info across large networks.
Complexity and maintenance hassle _for the OpenSSH developers_.
> Certainly the existing patch is pretty non-optimal, but the basic idea is
> sound.
If you want this, here is the path that I proposed to get it working:
> I don't think there are any plans to merge the LPK patch. We really
> don't want a dependency on LDAP libraries in sshd. Maybe if it were
> abstracted into a helper app that sshd could consult to verify keys
> then it would be more palatable, but even this is doubtful unless it
> can be done in a way that avoids complexity - there is a lot that can
> go wrong.
Patches welcome.
-d
More information about the openssh-unix-dev
mailing list