LPK integration - summary and ideas
Jan Chadima
jchadima at redhat.com
Fri Jun 11 00:03:42 EST 2010
----- "Daniel Kahn Gillmor" <dkg at fifthhorseman.net> wrote:
> On 06/09/2010 04:22 AM, Dan Kaminsky wrote:
> > There's long history of using external commands as an extensibility
> point
> > (ProxyCommand for example) and, if there was going to be any way of
> linking
> > LDAP in, this would almost certainly be the best way.
>
> I agree with Dan here. I'd rather see a general, out-of-process,
> extensible framework put in place than see LPK integrated directly.
>
> For the client side, something like KnownHostsCommand (by analogy
> with
> KnownHostsFile) would be good. I've just opened a ticket describing
> a
> simple outline for that enhancement:
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=1777
>
> For the server side, it's a bit tricker to define an
> AuthorizedKeysCommand (and to ensure that a blocked
> AuthorizedKeysCommand does not hang the rest of the daemon), but it
> would be useful too. I've opened a ticket describing that option as
> well (but it's not as well fleshed-out):
>
> https://bugzilla.mindrot.org/show_bug.cgi?id=1778
>
> --dkg
>
please look at
https://bugzilla.mindrot.org/show_bug.cgi?id=1663
there is a patch solving the above requests
+ some ldap backend also
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
--
JFCh <jchadima at redhat.com>
More information about the openssh-unix-dev
mailing list