Hello, I have paid attention to the issue about the X509-based certificate support in standard openssh. Because I also need the support of X509-based certificates in my project, and also I have developed specific version of openssh to pass the proxy certificate from client to server. But I used the PAM module to verify the proxy and authorize the accessors. I wonder whether current support in openssh mainstream can pass the client proxy certificate to server, so that PAM module can authenticate user by its proxy certificate. Thanks a lot, Ian
No one is welling to answer me? On Thu, Mar 13, 2008 at 4:27 PM, Ian jonhson <jonhson.ian at gmail.com> wrote:> Hello, > > I have paid attention to the issue about the X509-based certificate support in > standard openssh. > > Because I also need the support of X509-based certificates in my project, > and also I have developed specific version of openssh to pass the > proxy certificate from client to server. But I used the PAM module > to verify the proxy and authorize the accessors. > > I wonder whether current support in openssh mainstream can pass > the client proxy certificate to server, so that PAM module can > authenticate user by its proxy certificate. > > Thanks a lot, > > Ian >
Ian jonhson wrote:> Hello, > > I have paid attention to the issue about the X509-based certificate support in > standard openssh. > > Because I also need the support of X509-based certificates in my project, > and also I have developed specific version of openssh to pass the > proxy certificate from client to server. But I used the PAM module > to verify the proxy and authorize the accessors. > > I wonder whether current support in openssh mainstream can pass > the client proxy certificate to server, so that PAM module can > authenticate user by its proxy certificate. > > Thanks a lot, > > IanI would like to take interest in you work for proxy-certificate but only as extension to openssh public-key algorithm. To me is of no interest pam authentication. Roumen