> Trey Dockendorf wrote:
>> I'm attempting to manage user ssh authorized keys in 389 with clients
>> using SSSD. I came across the RHEL docs  regarding the
>> sss_ssh_authorizedkeys application but I do not see mention of the
>> expected attributes for a user account to use this method. Does 389
>> include the necessary schema? If so, what attributes should I look
>> into? If the schema does not exist, is there a place I can reference to
>> see how FreeIPA implements the schema to then add as a custom schema to
>> my 389 instance?
> There is some training material on this at
> The schema is buried in
> Look for ipaSsh*
Thanks, I'll look into adding those schema elements to my 389 instance.
>> I realize FreeIPA contains this functionality but I can not use FreeIPA
>> because our authentication is provided by our campus' Kerberos realm and
>> we use 389 PAM pass through plugin to authenticate users. As far as I'm
>> aware this functionality cannot be used in FreeIPA without OTP which is
>> not available in EL6 or EL7.
> ssh keys have nothing to do with OTP. Support for managing ssh keys has
> been available in FreeIPA for quite some time now.
Sorry, I was a bit vague in my statement. I should have said "As far
as I'm aware the PAM pass through to external Kerberos cannot be used
in FreeIPA without OTP".
> 389 users mailing list
389 users mailing list