search for: lpk

...n we have an LDAP infrastructure built on OpenLDAP, between Unix boxes running OpenSSH at multiple sites. It works well but the SSH key management is something of an inconvenience, especially as we would like to implement SSO with ssh-agent and passphrased keys. There is an OpenSSH patch called LPK which can allow the authorized_keys to be stored in LDAP, and that would be really useful in our environment. However we don't really want to maintain our own packages, and our default distro doesn't want to supply packages with the LPK patch as long as it's not supported upstream....

Hello Are there plans to merge the hpn-ssh (http://www.psc.edu/networking/projects/hpn-ssh/) and the LPK (http://code.google.com/p/openssh-lpk/) into the mainline openssh. Adding lpk has been logged as a bug in bugzilla as They are two patches that I always apply as the performance boost from hpn-ssh is substantial to say the least, and centralisation of the authorized_keys into a LDAP server is a v...

Hello everybody, I'd like to have LPK (or something like that - getting public keys from LDAP) integrated into mainline OpenSSH. *** First of all, a summary. The project page at http://code.google.com/p/openssh-lpk/ mentions that a few distributions include LPK per default; but reading the various threads at Support for mergi...

Hello I've created patch to the openssh which allows to use an agent for obtaining the public keys. It may be the first step towards the implementation of something similar lpk. The solution is independent on the agent, so it may be used with ldap based agent or with any other technology. May be that patch acceptable as the first aproach to the lpk replacement? It is placet in mindrot's bugzilla #1663. -- JFCh

...17 4:22:05 > Message-ID: alpine.BSO.2.00.0902171519190.1946 () fuyu ! mindrot ! org > On Tue, 17 Feb 2009, Peter Lambrechtsen wrote: > >> On Tue, Feb 17, 2009 at 3:18 PM, Damien Miller <djm at mindrot.org> wrote: >> > I don't think there are any plans to merge the LPK patch. We really >> > don't want a dependency on LDAP libraries in sshd. Maybe if it were >> > abstracted into a helper app that sshd could consult to verify keys >> > then it would be more palatable, but even this is doubtful unless it >> > can be done in a...

...o know if it would be possible to integrate such change without the need of importing all the providers, or any alternative solution to my use case. This is a simplified version of a class we are using, on which we need to remove packages without its dependencies: class ssh { $ssh_pkgs_in = $use_lpk ? { true => ["openssh-lpk", "openssh-lpk-clients", "openssh-lpk-server"], false => ["openssh", "openssh-clients", "openssh-server"], } $ssh_pkgs_out = $use_lpk ? { true => ["openssh", "openssh-cli...

I have successfully created a packaged version of openssh that has the LPK patch. LPK allows you to store your public keys in LDAP. However when I go to install the package I created it complains about dependencies: [root at VIRTCENT13:/home/bluethundr/rpm]#rpm -Uvh openssh-5.6p1-1.i386.rpm error: Failed dependencies: openssh = 5.5p1-1.el5 is needed by (installed) open...

http://bugzilla.mindrot.org/show_bug.cgi?id=1316 Summary: Add LDAP support to sshd Product: Portable OpenSSH Version: 4.6p1 Platform: All URL: http://dev.inversepath.com/trac/openssh-lpk OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo: bitbucket at mindrot.org ReportedBy: pepper at rockefeller.edu We would like very very much to have our Linux, Sun, and Mac servers an...

...h openssh to provide better management capabilities to the users. 1) Centrally managing the user public keys. Instead of having user public keys in a key file on each system the appropriate key(s) can be delivered to the server host via SSSD and IPA (or other LDAP server). It is similar to openssh-lpk effort but a bit different (see below). 2) Centrally managing fingerprints of the server keys. If the server host fingerprint is loaded into the central server like IPA the SSSD would be able to get and cache it. openssh in turn can fetch it from SSSD on as needed basis and do a silent fingerprin...

...so on for each user based on their relative privileges and the host in question. For obvious reasons, this is nasty. I am pushing towards moving everything over to LDAP for authentication and user information. This includes the public keys, and in fact we have taken over the hosting of the OpenSSH-LPK project[1] and I plan on contributing resources towards that end (we've started using our own schema, I'm writing up an Internet-Draft on it, etc). Basically, I was wondering if anybody had any input on this situation, what they'd like to see from any OpenSSH/LDAP integration, and that...

...(function defined below). It would not be a stretch to add DSA et al., but I didn't want to bother unless this gets blessed. The function gets invoked in auth2-pubkey only if the authorized_keys file checks failed. I did this as the only other functionality like this I saw were things like the LPK/Fed-SSH patches that assume one is running LDAP; this mechanism allows a user to run whatever arbitrary things they want to determine what keys map to what users (or by group, etc.). Thank you! /** * NAME: * int sshd_user_rsa_key_allowed(RSA *rsa, struct passwd *pwd, const char *fingerprint...

...problem with it escapes me. I'm looking for someone to tell me why this is a bad idea. The new OpenSSH includes the AuthorizedKeysCommand, which was mostly added to let people use a command to look up user keys in LDAP. LDAP key lookup have some limitations -- specifically, the common openssh-lpk_openldap schema won't let you add restrictions at the front of the key. This didn't matter so much when the LPK patch was such a pain, but now that OpenSSH can actually do this out of the box I'd like to use it. So: What about using a SQLite database, copied to all machines, and a sim...

https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Summary: Allow to use agent for distribution of public keys. Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

...Secur32.dll, msvcrt.dll, SHLWAPI.dll, ole32.dll, OLEAUT32.dll, WS2_32.dll, WS2HELP.dll, PSAPI.DLL, VERSION.dll, MSACM32.dll, WINMM.dll, WININET.dll, Normaliz.dll, urlmon.dll, iertutil.dll, IPHLPAPI.DLL, IMM32.dll, HID.DLL, SETUPAPI.dll, OPENGL32.dll, GLU32.dll, DDRAW.dll, DCIMAN32.dll, dbghelp.dll, LPK.DLL, USP10.dll, comctl32.dll, comctl32.dll, rsaenh.dll, uxtheme.dll, MSCTF.dll, USERENV.dll, as well as the exe. It wouldn't be so bad if it looked through the modules in reverse order, so mine were searched first. So, as an alternative can the order be changed, or, can it be set up so that t...

Hi, I''ve been using puppet for about a week and a half now, and it''s definitely making my life a lot easier. I''m using 0.24.1 and I''ve run into a small snag. I''m trying to write some code to make sure user home directories exist for users in LDAP. I''m trying to get their uid, gid and home directory from getent with something like: $uid =

Hi Rob, Can you comment on exactly what the problem is you want to solve? Is it a performance issue with LoadLibraryPermanently, or do you simply not want the external symbols to be resolved from within the JIT? - Daniel On Wed, Jul 22, 2009 at 11:22 PM, Evan Cheng<evan.cheng at apple.com> wrote: > > On Jul 22, 2009, at 9:43 PM, Rob Grapes wrote: > >> Hi, >> >>

...l files as it was previously. It also allows reading keys from a pipe as well as files. This functionality is not used in the current patch. The eventual goal is to make custom key sources, such as searching LDAP or a database, easier to write and maintain. Currently things such as the openssh-lpk patch are quite invasive and must track upstream openssh carefully with each release. If we allow reading of keys from a pipe, the abstraction allows the two things to remain seperate. Please let me know your thoughts on the patch and/or the idea in general. Thanks, Rob -------------- next par...

...If AuthorizedKeysExec is set and an authorized_keys file exists, checking the existing authorized_keys file takes precedence. I believe this to be a more simplistic and trivial patch to openssh opposed to the pre-existing patches, such as the popular LDAP patch (http://code.google.com/p/openssh-lpk/). Best, -- Michael J. Flickinger -------------- next part -------------- A non-text attachment was scrubbed... Name: patch.diff Type: text/x-patch Size: 5655 bytes Desc: not available URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20111214/437dbeba/attachment.bin>

...ma/gosa/gofon.schema include /etc/openldap/schema/gosa/goto.schema include /etc/openldap/schema/gosa/goto-mime.schema include /etc/openldap/schema/gosa/gosa-samba3.schema include /etc/openldap/schema/gosa/gofax.schema include /etc/openldap/schema/gosa/openssh-lpk.schema include /etc/openldap/schema/gosa/goserver.schema include /etc/openldap/schema/gosa/sudo.schema pidfile /var/run/openldap/slapd.pid argsfile /var/run/openldap/slapd.args database hdb suffix "dc=example,dc=com" checkpoint 32...

....1-dfsg-3 Bug #692832 {Done: Sergei Golovan <sgolovan at nes.ru>} [erlang] Erlang should be multi-arch: foreign No longer marked as fixed in versions 1:15.b.1-dfsg-3. > notfixed 690974 1.0.4 Bug #690974 {Done: Paul Gevers <elbrus at debian.org>} [lazarus] lcl packages: missing some *.lpk files There is no source info for the package 'lazarus' at version '1.0.4' with architecture '' Unable to make a source version for version '1.0.4' No longer marked as fixed in versions 1.0.4. > fixed 690974 1.0.8+dfsg-1 Bug #690974 {Done: Paul Gevers <elbrus a...