[389-users] Certificate based authentication
Gerhardus Geldenhuis
gerhardus.geldenhuis at gmail.com
Thu Oct 13 16:55:14 UTC 2011
>
>
> If I can have ssh/pam authentication and have ssh retrieve public key
> from LDAP that might be a consolatory price.
>
> That is possible, but I don't think that's really what you are trying to
> do. It really sounds like what you want to do is:
> 1) generate an ssh compatible cert (or pub/priv key pair) using your
> existing cert that is issued by ejbca - that may be possible, but you'll
> need to have the ssh cert signed by the ejbca - could be difficult
> or
> 2) use your regular x509 cert for ssh authentication - it doesn't look as
> though ssh supports this although it's not clear from the man page - would
> be a very good feature for ssh though
>
>
I might end up not linking the certificates with ssh ( probably because you
can't ) and then do public key retrieval from LDAP. I am glad that I am not
the only person who found the man page to be vague...
I will do some more experimenting to see what I can come up with and
feedback any interesting finds back to the list.
Best Regards
--
Gerhardus Geldenhuis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.fedoraproject.org/pipermail/389-users/attachments/20111013/de5212e4/attachment.html>
More information about the 389-users
mailing list