openssh keys in ldap
Jarno Huuskonen
Jarno.Huuskonen at uku.fi
Tue Jul 17 04:50:24 EST 2001
Hi,
On Mon, Jul 16, Simon Wilkinson wrote:
> I've got a script which uploads the keys to the LDAP server (over a Kerberos
> authenticated connection) and generates the ssh_known_hosts file (again using
> a Kerberos authenticated connection). We drive this from an rc.d style script
> which generates and uploads the key as necessary, and updates the known_hosts
> file nightly. All of this doesn't require touching the ssh code base at all.
>
> Our LDAP map is RFC2307-compliant - we add a new 'sshHost' auxiliary object
> class to the host records in it, which adds 'sshKey' and 'sshRSAKey'
> attributes to each host's information. These are used for version 2 and
> version 1 host keys respectively - the sshKey attribute is multi-valued
> allowing the use of different types of version 2 keys.
>
> If you're interested I can package up the script, our schema definitions, and
> the (OpenLDAP) server configuration thats required to make all of this work
> and make it available.
This sounds interesting, I would really appreciate if you could package
all the necessary stuff for others to use.
Thanks,
-Jarno
--
Jarno Huuskonen <Jarno.Huuskonen at uku.fi>
More information about the openssh-unix-dev
mailing list