samba - May 2022 - storing public-key in AD

Hi to all,

with OpenLDAP there is an ObjectClass to store public-keys.
http://pig.made-it.com/ldap-openssh.html

These public-keys can then be used together with ssh using the parameter
"AuthorizedKeysCommand" in sshd_conf. Is there a schema or ObjectClass
for Samba AD to store publickeys in AD or do I have to write my own
attribute? All I found was a way to add an own Attribute to AD:
https://blog.laslabs.com/2016/08/storing-ssh-keys-in-active-directory/


Stefan

On Mon, 2022-05-09 at 20:10 +0200, Stefan Kania via samba
wrote:
> 	Error verifying signature: parse error
> --------------ms000904050908020602030103
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 7bit
> 
> Hi to all,
> 
> with OpenLDAP there is an ObjectClass to store public-keys.
> http://pig.made-it.com/ldap-openssh.html
> 
> These public-keys can then be used together with ssh using the
> parameter
> "AuthorizedKeysCommand" in sshd_conf. Is there a schema or
> ObjectClass
> for Samba AD to store publickeys in AD or do I have to write my own
> attribute? All I found was a way to add an own Attribute to AD:
> https://blog.laslabs.com/2016/08/storing-ssh-keys-in-active-directory/
Yes you can extend the schema, but why bother, just use kerberos.

If you really want to extend the schema, I have an ldif somewhere.

Rowland