LPK integration - summary and ideas

Jan Chadima jchadima at redhat.com
Fri Jun 11 00:03:42 EST 2010


----- "Daniel Kahn Gillmor" <dkg at fifthhorseman.net> wrote:

> On 06/09/2010 04:22 AM, Dan Kaminsky wrote:
> > There's long history of using external commands as an extensibility
> point
> > (ProxyCommand for example) and, if there was going to be any way of
> linking
> > LDAP in, this would almost certainly be the best way.
> 
> I agree with Dan here.  I'd rather see a general, out-of-process,
> extensible framework put in place than see LPK integrated directly.
> 
> For the client side, something like KnownHostsCommand (by analogy
> with
> KnownHostsFile) would be good.  I've just opened a ticket describing
> a
> simple outline for that enhancement:
> 
>  https://bugzilla.mindrot.org/show_bug.cgi?id=1777
> 
> For the server side, it's a bit tricker to define an
> AuthorizedKeysCommand (and to ensure that a blocked
> AuthorizedKeysCommand does not hang the rest of the daemon), but it
> would be useful too.  I've opened a ticket describing that option as
> well (but it's not as well fleshed-out):
> 
>  https://bugzilla.mindrot.org/show_bug.cgi?id=1778
> 
> 	--dkg
> 

please look at 
https://bugzilla.mindrot.org/show_bug.cgi?id=1663
there is a patch solving the above requests
+ some ldap backend also

> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev

-- 
JFCh <jchadima at redhat.com>


More information about the openssh-unix-dev mailing list