Support for merging LPK and hpn-ssh into mainline openssh?

Damien Miller djm at
Thu Sep 10 03:00:14 EST 2009

On Tue, 8 Sep 2009, Howard Chu wrote:

> > My concern is more with the complexity and maintenance hassle of LDAP,
> > not the run-time linkage.
> Could you elaborate on this comment? Most sysadmins are looking for this
> feature precisely because it *reduces* the complexity and hassle of
> maintaining user login info across large networks.

Complexity and maintenance hassle _for the OpenSSH developers_.

> Certainly the existing patch is pretty non-optimal, but the basic idea is
> sound.

If you want this, here is the path that I proposed to get it working:

> I don't think there are any plans to merge the LPK patch. We really
> don't want a dependency on LDAP libraries in sshd. Maybe if it were
> abstracted into a helper app that sshd could consult to verify keys
> then it would be more palatable, but even this is doubtful unless it
> can be done in a way that avoids complexity - there is a lot that can
> go wrong.

Patches welcome.


More information about the openssh-unix-dev mailing list