This is a discussion on Re: Using LDAP in place of .k5login - Kerberos ; On Wed, Oct 03, 2007 at 07:51:30PM +0100, Markus Moeller wrote: > Could this be part of an name service extension, so that it can be either > local file, nis or ldap or .. ? Well, what I'm after ...
On Wed, Oct 03, 2007 at 07:51:30PM +0100, Markus Moeller wrote:
> Could this be part of an name service extension, so that it can be either
> local file, nis or ldap or .. ?
Well, what I'm after is a centralized OpenSSH authorization solution which
currently doesn't seem to exist. To quote from my earlier email:
In the solution I am envisioning, this daemon would take the hostname,
principal and username and return whether the mapping is valid or not, i.e.
whether that principal can log into that user@hostname. This then would
somehow end up back in the app through krb5_kuserok().
(Btw, it sounds like this could also be implemented using a centralized
Having a secure facility like this available could probably benefit other apps
> "Douglas E. Engert"
wrote in message
> > Does anyone have any mods to use LDAP to store the auth_to_local
> > database? Something like:
> > auth_to_local=LDAP:....
> > Thus it could be used by sshd for example.
> > --
> > Douglas E. Engert
> > Argonne National Laboratory
> > 9700 South Cass Avenue
> > Argonne, Illinois 60439
> > (630) 252-5444
> > ________________________________________________
> > Kerberos mailing list Kerberos@mit.edu
> > https://mailman.mit.edu/mailman/listinfo/kerberos
> Kerberos mailing list Kerberos@mit.edu
jos at catnook.com