<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div bgcolor="#ffffff" text="#000000"><div class="im"><blockquote type="cite"><div><br>
</div>
<div>If I can have ssh/pam authentication and have ssh retrieve
public key from LDAP that might be a consolatory price.</div>
</blockquote></div>
That is possible, but I don't think that's really what you are
trying to do. It really sounds like what you want to do is:<br>
1) generate an ssh compatible cert (or pub/priv key pair) using your
existing cert that is issued by ejbca - that may be possible, but
you'll need to have the ssh cert signed by the ejbca - could be
difficult<br>
or<br>
2) use your regular x509 cert for ssh authentication - it doesn't
look as though ssh supports this although it's not clear from the
man page - would be a very good feature for ssh though<div class="im"><br></div></div></blockquote><div><br></div><div>I might end up not linking the certificates with ssh ( probably because you can't ) and then do public key retrieval from LDAP. I am glad that I am not the only person who found the man page to be vague...</div>
<div><br></div><div>I will do some more experimenting to see what I can come up with and feedback any interesting finds back to the list.</div><div><br></div><div>Best Regards</div><div> </div></div>-- <br>Gerhardus Geldenhuis<br>