AuthorizedKeysCommand idea
Michael W. Lucas
mwlucas at michaelwlucas.com
Thu Jun 20 00:26:28 EST 2013
On Wed, Jun 19, 2013 at 04:26:39PM +0200, ?ngel Gonz?lez wrote:
> On 19/06/13 16:10, Michael W. Lucas wrote:
> > So:
> >
> > What about using a SQLite database, copied to all machines, and a
> > simple sqlite lookup for AuthorizedKeysCommand?
> >
> > If a user can't log into the local machine, because PAM or no local
> > account or whatever, the presence of the key shouldn't matter.
> >
> > For key adds/changes/deletions, I just push the new sqlite DB to all
> > my machines.
> >
> > This seems easy. Too easy. What am I missing?
> >
> > Thanks,
> > ==ml
> That should work. What makes you think that it wouldn't?
Because after two decades of systems administration, I've seen too
many people say "Oh, I'll just do this" without being aware of all the
implications.
It seems that if it was that simple, someone would have done it
already...
==ml
--
Michael W. Lucas - mwlucas at michaelwlucas.com, Twitter @mwlauthor
http://www.MichaelWLucas.com/, http://blather.MichaelWLucas.com/
Absolute OpenBSD 2/e - http://www.nostarch.com/openbsd2e
coupon code "ILUVMICHAEL" gets you 30% off & helps me.
More information about the openssh-unix-dev
mailing list