Tuesday, May 27, 2014

Re: [389-users] Schema for sss_ssh_authorizedkeys

Trey Dockendorf wrote:
> I'm attempting to manage user ssh authorized keys in 389 with clients
> using SSSD. I came across the RHEL docs [1] regarding the
> sss_ssh_authorizedkeys application but I do not see mention of the
> expected attributes for a user account to use this method. Does 389
> include the necessary schema? If so, what attributes should I look
> into? If the schema does not exist, is there a place I can reference to
> see how FreeIPA implements the schema to then add as a custom schema to
> my 389 instance?

There is some training material on this at

The schema is buried in
Look for ipaSsh*

> I realize FreeIPA contains this functionality but I can not use FreeIPA
> because our authentication is provided by our campus' Kerberos realm and
> we use 389 PAM pass through plugin to authenticate users. As far as I'm
> aware this functionality cannot be used in FreeIPA without OTP which is
> not available in EL6 or EL7.

ssh keys have nothing to do with OTP. Support for managing ssh keys has
been available in FreeIPA for quite some time now.

389 users mailing list

No comments:

Post a Comment