samba - May 2022 - storing public-key in AD

On Mon, 2022-05-09 at 20:10 +0200, Stefan Kania via samba
wrote:
> 	Error verifying signature: parse error
> --------------ms000904050908020602030103
> Content-Type: text/plain; charset=UTF-8
> Content-Transfer-Encoding: 7bit
> 
> Hi to all,
> 
> with OpenLDAP there is an ObjectClass to store public-keys.
> http://pig.made-it.com/ldap-openssh.html
> 
> These public-keys can then be used together with ssh using the
> parameter
> "AuthorizedKeysCommand" in sshd_conf. Is there a schema or
> ObjectClass
> for Samba AD to store publickeys in AD or do I have to write my own
> attribute? All I found was a way to add an own Attribute to AD:
> https://blog.laslabs.com/2016/08/storing-ssh-keys-in-active-directory/
Yes you can extend the schema, but why bother, just use kerberos.

If you really want to extend the schema, I have an ldif somewhere.

Rowland

Hi Rowland

Am 09.05.22 um 20:23 schrieb Rowland Penny via samba:
> On Mon, 2022-05-09 at 20:10 +0200, Stefan Kania via samba wrote:
>> 	Error verifying signature: parse error
>> --------------ms000904050908020602030103
>> Content-Type: text/plain; charset=UTF-8
>> Content-Transfer-Encoding: 7bit
>>
>> Hi to all,
>>
>> with OpenLDAP there is an ObjectClass to store public-keys.
>> http://pig.made-it.com/ldap-openssh.html
>>
>> These public-keys can then be used together with ssh using the
>> parameter
>> "AuthorizedKeysCommand" in sshd_conf. Is there a schema or
>> ObjectClass
>> for Samba AD to store publickeys in AD or do I have to write my own
>> attribute? All I found was a way to add an own Attribute to AD:
>> https://blog.laslabs.com/2016/08/storing-ssh-keys-in-active-directory/
> 
> Yes you can extend the schema, but why bother, just use kerberos.
Most of the time using Kerberso is fine, but for some hosts I need
public-key authetnication.
> 
> If you really want to extend the schema, I have an ldif somewhere.
If you find one thart would ben nice, so I don't have to fiddle around ;-)
> 
> Rowland
> 
> 
>