Hi, I'm looking for a procedure (on paper first) to provide users on hosts session keys to login to servers providing services like file, print or even access to internet or a sql db. The first step is that user has to authenticate on the local host via password. Paswword and usernames are centrally managed via ldap (or simular). The second step is that the user on host logs in to the CA server, using it's password, it's private key and the hostkey. If success, then it gets a public session key (the private is kept on the CA server) it can use to auth to ssh/sftp (etc) servers. Is this a good procedure? Stef
Op di 21 aug. 2018 om 06:04 schreef Stef Bon <stefbon at gmail.com>:> > Hi, > > I'm looking for a procedure (on paper first) to provide users on hosts > session keys to login to servers providing services like file, print > or even access to internet or a sql db. > > The first step is that user has to authenticate on the local host via > password. Paswword and usernames are centrally managed via ldap (or > simular). > > The second step is that the user on host logs in to the CA server, > using it's password, it's private key and the hostkey.The user dos not do that, the localhost computer does this behind the scenes.
On 2018-08-21T06:21, Stef Bon <stefbon at gmail.com> wrote:> Op di 21 aug. 2018 om 06:04 schreef Stef Bon <stefbon at gmail.com>: > > > > Hi, > > > > I'm looking for a procedure (on paper first) to provide users on hosts > > session keys to login to servers providing services like file, print > > or even access to internet or a sql db. > > > > The first step is that user has to authenticate on the local host via > > password. Paswword and usernames are centrally managed via ldap (or > > simular). > > > > The second step is that the user on host logs in to the CA server, > > using it's password, it's private key and the hostkey. > > The user dos not do that, the localhost computer does this behind the scenes.Sounds like you are reinventing Kerberos. Ciao, Alexander Wuerstlein.