Tuesday, May 27, 2014

Re: [389-users] Schema for sss_ssh_authorizedkeys

Trey Dockendorf wrote:
> I'm attempting to manage user ssh authorized keys in 389 with clients
> using SSSD. I came across the RHEL docs [1] regarding the
> sss_ssh_authorizedkeys application but I do not see mention of the
> expected attributes for a user account to use this method. Does 389
> include the necessary schema? If so, what attributes should I look
> into? If the schema does not exist, is there a place I can reference to
> see how FreeIPA implements the schema to then add as a custom schema to
> my 389 instance?

There is some training material on this at
http://www.freeipa.org/images/1/1f/Freeipa30_SSH_Public_Keys.odp

The schema is buried in
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/share/60basev3.ldif.
Look for ipaSsh*

> I realize FreeIPA contains this functionality but I can not use FreeIPA
> because our authentication is provided by our campus' Kerberos realm and
> we use 389 PAM pass through plugin to authenticate users. As far as I'm
> aware this functionality cannot be used in FreeIPA without OTP which is
> not available in EL6 or EL7.

ssh keys have nothing to do with OTP. Support for managing ssh keys has
been available in FreeIPA for quite some time now.

rob
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users

No comments:

Post a Comment