Openssh to support X509 certificates
joviano_dias at persistent.co.in
joviano_dias at persistent.co.in
Sun Mar 16 04:59:37 EST 2008
yes a module to provide authentication is essential as a part of released
OpenSSH i feel, there is also one developed by Roumen Petrov, is your PAM
module in anyway advantageous over that?
A module which could do remote certificate authentication through some
authentication server would be even better, e.g a OpenSSH client passes
cert to OpenSSH server and server in turn authenticates it through a
remote RADIUS server!
-Joviano
> No, what I mean is not that I seek some commercial support service.
>
> I just hope that X509 certificate support will be a part of openssh
> mainstream,
> because it becomes necessary in many applications. At least,
> it should become a option in openssh mainstream, so that some applications
> can choose to open this part of functionality.
>
> And, more importantly, I hope that my PAM module for X509-based
> certificate
> verification can serve as a module of openssh in the future.My PAM module
> can do authentication via user certificates and do mapping to local
> accounts.
> Based on the module, a user can login remote server via his certificate
> and
> traverse around the whole network built on openssh by single-sign-on(SSO).
> (Now, I have successfully implemented most of functionalities except
> delegation,
> which is needed to support SSO).
>
> I am willing to make some contribution to mainstream version of openssh
> and
> willing to open my all codes (including PAM module and modified
> openssh4.5).
> Hope openssh more powerful.
>
> Any comment?
>
> Regards,
>
> Ian
>
>
> On Sat, Mar 15, 2008 at 2:16 AM, Peter Stuge
> <stuge-openssh-unix-dev at cdy.org> wrote:
>> On Fri, Mar 14, 2008 at 05:36:58PM +0800, Ian jonhson wrote:
>> > No one is welling to answer me?
>>
>> I don't think that is the case.
>>
>> Keep in mind that any help on this list is strictly voluntary and
>> free of charge.
>>
>> Maybe you could find someone who offers a commercial support service
>> for the certificate extension if that is what you're after?
>>
>>
>> //Peter
>> _______________________________________________
>> openssh-unix-dev mailing list
>> openssh-unix-dev at mindrot.org
>> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
More information about the openssh-unix-dev
mailing list