> I'm attempting to manage user ssh authorized keys in 389 with clients
> using SSSD. I came across the RHEL docs [1] regarding the
> sss_ssh_authorizedkeys application but I do not see mention of the
> expected attributes for a user account to use this method. Does 389
> include the necessary schema? If so, what attributes should I look
> into? If the schema does not exist, is there a place I can reference to
> see how FreeIPA implements the schema to then add as a custom schema to
> my 389 instance?
There is some training material on this at
http://www.freeipa.org/images/1/1f/Freeipa30_SSH_Public_Keys.odp
The schema is buried in
https://git.fedorahosted.org/cgit/freeipa.git/tree/install/share/60basev3.ldif.
Look for ipaSsh*
> I realize FreeIPA contains this functionality but I can not use FreeIPA
> because our authentication is provided by our campus' Kerberos realm and
> we use 389 PAM pass through plugin to authenticate users. As far as I'm
> aware this functionality cannot be used in FreeIPA without OTP which is
> not available in EL6 or EL7.
ssh keys have nothing to do with OTP. Support for managing ssh keys has
been available in FreeIPA for quite some time now.
rob
--
389 users mailing list
389-users@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/389-users
No comments:
Post a Comment