On redhat/centos like systems you can install the openssh-ldap package so no patching involved.
Regards
Sean O'Reilly
On Mon 25/03/13 1:20 PM , Vesa Alho listat@alho.fi sent:
I think 389 side is "easy", but how about openssh-server and/or clients? Wondering do I need to patch openssh-server to get it working or is there an easier way.
PS. thanks for responding!
-Vesa
On 03/25/2013 03:09 PM, s.oreilly wrote:
I have just done this. I will see if I can find
the docs.>
You need to add an objectclass (ldappublickey)
and an attribute (sshpublickey) to> the schema.
Regards
Sean O'Reilly
On Mon 25/03/13 1:02 PM , Vesa Alho listat@alho.fi
sent:>> Hi,
What would it take to store SSH public keys
in 389?>>
I found this old thread in archives, but
mentioned link doesn't work:>>
http://www.mail-archive.com/389-users@lists.fedoraproject.org/msg02389.html%... Other googling revealed guides which seem to
require patched version of>> openssh-server and openldap guides.>>
I guess freeipa would support this, but any
chance with only 389?>>
-Mr. Vesa Alho
389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users%3E%3E
-- 389 users mailing list 389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users%3E
-- 389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
Thanks! It seems to require patching on Debian based distros.
BTW, did you add some schema on 389 side?
-Vesa
On 03/25/2013 03:26 PM, s.oreilly wrote:
On redhat/centos like systems you can install the openssh-ldap package so no patching involved.
Regards
Sean O'Reilly
On Mon 25/03/13 1:20 PM , Vesa Alho listat@alho.fi sent:
I think 389 side is "easy", but how about openssh-server and/or clients? Wondering do I need to patch openssh-server to get it working or is there an easier way.
PS. thanks for responding!
-Vesa
On 03/25/2013 03:09 PM, s.oreilly wrote:
I have just done this. I will see if I can find
the docs.>
You need to add an objectclass (ldappublickey)
and an attribute (sshpublickey) to> the schema.
Regards
Sean O'Reilly
On Mon 25/03/13 1:02 PM , Vesa Alho listat@alho.fi
sent:>> Hi,
What would it take to store SSH public keys
in 389?>>
I found this old thread in archives, but
mentioned link doesn't work:>>
http://www.mail-archive.com/389-users@lists.fedoraproject.org/msg02389.html%... Other googling revealed guides which seem to
require patched version of>> openssh-server and openldap guides.>>
I guess freeipa would support this, but any
chance with only 389?>>
-Mr. Vesa Alho
389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users%3E%3E
-- 389 users mailing list 389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users%3E
-- 389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
Hello
On Mon, Mar 25, 2013 at 7:06 PM, Vesa Alho listat@alho.fi wrote:
Thanks! It seems to require patching on Debian based distros.
I dont use ubuntu extensively, but a quick google says this might help https://marc.w%C3%A4ckerlin.ch/computer/blog/ssh_and_ldap
BTW, did you add some schema on 389 side?
You need to add schema on 389-ds server
-Vesa
On 03/25/2013 03:26 PM, s.oreilly wrote:
On redhat/centos like systems you can install the openssh-ldap package so no patching involved.
Regards
Sean O'Reilly
On Mon 25/03/13 1:20 PM , Vesa Alho listat@alho.fi sent:
I think 389 side is "easy", but how about openssh-server and/or clients? Wondering do I need to patch openssh-server to get it working or is there an easier way.
PS. thanks for responding!
-Vesa
On 03/25/2013 03:09 PM, s.oreilly wrote:
I have just done this. I will see if I can find
the docs.>
You need to add an objectclass (ldappublickey)
and an attribute (sshpublickey) to> the schema.
Regards
Sean O'Reilly
On Mon 25/03/13 1:02 PM , Vesa Alho listat@alho.fi
sent:>> Hi,
What would it take to store SSH public keys
in 389?>>
I found this old thread in archives, but
mentioned link doesn't work:>>
http://www.mail-archive.com/389-users@lists.fedoraproject.org/msg02389.html%...
I shared this, but looks like this blog is not accessible anymore, I will write up in my blog & share soon.
Other googling revealed guides which seem to
require patched version of>> openssh-server and openldap guides.>>
I guess freeipa would support this, but any
chance with only 389?>>
-Mr. Vesa Alho
389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users%3E%3E
-- 389 users mailing list 389-users@lists.fedoraproject.org>
https://admin.fedoraproject.org/mailman/listinfo/389-users%3E
-- 389 users mailing list
389-users@lists.fedoraproject.orghttps://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
I dont use ubuntu extensively, but a quick google says this might help https://marc.w%C3%A4ckerlin.ch/computer/blog/ssh_and_ldap
Thanks! Do you know is it possible to mix public keys in local filesystem and in LDAP? Does it search from both? Just thinking about situation if LDAP is down for some reason, it would be good to have a local fallback user in servers.
-Mr Vesa Alho
Hello
On Tue, Mar 26, 2013 at 4:40 PM, Vesa Alho listat@alho.fi wrote:
I dont use ubuntu extensively, but a quick google says this might help https://marc.w%C3%A4ckerlin.ch/computer/blog/ssh_and_ldap
Thanks! Do you know is it possible to mix public keys in local filesystem and in LDAP? Does it search from both? Just thinking about situation if LDAP is down for some reason, it would be good to have a local fallback user in servers.
Yes, It searches from both depending on configuration done in /etc/nsswitch.conf
You should use SSSD & configure SSSD to cache keys :)
-Mr Vesa Alho
-- 389 users mailing list 389-users@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users
389-users@lists.fedoraproject.org