similar to: Feature Request: Plugin Model for authorizing public keys

Hi all, At my organisation we have an LDAP infrastructure built on OpenLDAP, between Unix boxes running OpenSSH at multiple sites. It works well but the SSH key management is something of an inconvenience, especially as we would like to implement SSO with ssh-agent and passphrased keys. There is an OpenSSH patch called LPK which can allow the authorized_keys to be stored in LDAP, and that

Hello Are there plans to merge the hpn-ssh (http://www.psc.edu/networking/projects/hpn-ssh/) and the LPK (http://code.google.com/p/openssh-lpk/) into the mainline openssh. Adding lpk has been logged as a bug in bugzilla as They are two patches that I always apply as the performance boost from hpn-ssh is substantial to say the least, and centralisation of the authorized_keys into a LDAP server

Hello everybody, I'd like to have LPK (or something like that - getting public keys from LDAP) integrated into mainline OpenSSH. *** First of all, a summary. The project page at http://code.google.com/p/openssh-lpk/ mentions that a few distributions include LPK per default; but reading the various threads at Support for merging LPK and hpn-ssh into mainline openssh?

I have successfully created a packaged version of openssh that has the LPK patch. LPK allows you to store your public keys in LDAP. However when I go to install the package I created it complains about dependencies: [root at VIRTCENT13:/home/bluethundr/rpm]#rpm -Uvh openssh-5.6p1-1.i386.rpm error: Failed dependencies: openssh = 5.5p1-1.el5 is needed by (installed)

http://bugzilla.mindrot.org/show_bug.cgi?id=1316 Summary: Add LDAP support to sshd Product: Portable OpenSSH Version: 4.6p1 Platform: All URL: http://dev.inversepath.com/trac/openssh-lpk OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: PAM support AssignedTo:

Hello I've created patch to the openssh which allows to use an agent for obtaining the public keys. It may be the first step towards the implementation of something similar lpk. The solution is independent on the agent, so it may be used with ldap based agent or with any other technology. May be that patch acceptable as the first aproach to the lpk replacement? It is placet in mindrot's

> From: Damien Miller <djm () mindrot ! org> > Date: 2009-02-17 4:22:05 > Message-ID: alpine.BSO.2.00.0902171519190.1946 () fuyu ! mindrot ! org > On Tue, 17 Feb 2009, Peter Lambrechtsen wrote: > >> On Tue, Feb 17, 2009 at 3:18 PM, Damien Miller <djm at mindrot.org> wrote: >> > I don't think there are any plans to merge the LPK patch. We

Hello, My is Dmitri Pal and for the last two years I have been working on SSSD and IPA open source projects. SSSD is effectively a replacement for PAM/NSS combination with offline caching. The details about the project can be read here: https://fedorahosted.org/sssd/ Quick overview of features is here: https://fedorahosted.org/sssd/attachment/wiki/Contribute/sssd%20overview%20slides.2.pdf SSSD

Hi, I''m attempting to move from 0.24.x to 2.6.x :) trying to fix all those parts that have changed, and found that the use of plugins we are doing is probably not the best approach hoping you can help me with comments regarding this use case. In our working 0.24.x environment we had to make use of plugins to add an attribute in the package.rb, something like: *newparam(:ignoredeps)*

Hi, I've been kicking this idea around, and the problem with it escapes me. I'm looking for someone to tell me why this is a bad idea. The new OpenSSH includes the AuthorizedKeysCommand, which was mostly added to let people use a command to look up user keys in LDAP. LDAP key lookup have some limitations -- specifically, the common openssh-lpk_openldap schema won't let you add

Hi Daniel, In my case ExecutionEngine::create() loads 40 modules, then each time I try to resolve a symbol that I know is in a DLL that I supply, it looks through all 40 modules first. This is on Windows, so I get the following modules loaded: ntdll.dll, kernel32.dll, USER32.dll, GDI32.dll, SHELL32.dll, ADVAPI32.dll, RPCRT4.dll, Secur32.dll, msvcrt.dll, SHLWAPI.dll, ole32.dll, OLEAUT32.dll,

https://bugzilla.mindrot.org/show_bug.cgi?id=1663 Summary: Allow to use agent for distribution of public keys. Product: Portable OpenSSH Version: 5.3p1 Platform: All OS/Version: All Status: NEW Severity: normal Priority: P2 Component: sshd AssignedTo: unassigned-bugs at mindrot.org

I have a set-up of 3 servers at disparate geographical locations. Server 1 provides web services, and users should be able to use sftp only. Admins should be able to get shells. Server 2 provides CVS services, and users sh ould be able to use cvs only. Admins should be able to get shells. Server 3 provides shell services for all users. There appears to be no easy way of implementing this within

Hi, I''ve been using puppet for about a week and a half now, and it''s definitely making my life a lot easier. I''m using 0.24.1 and I''ve run into a small snag. I''m trying to write some code to make sure user home directories exist for users in LDAP. I''m trying to get their uid, gid and home directory from getent with something like: $uid =

Hi Rob, Can you comment on exactly what the problem is you want to solve? Is it a performance issue with LoadLibraryPermanently, or do you simply not want the external symbols to be resolved from within the JIT? - Daniel On Wed, Jul 22, 2009 at 11:22 PM, Evan Cheng<evan.cheng at apple.com> wrote: > > On Jul 22, 2009, at 9:43 PM, Rob Grapes wrote: > >> Hi, >> >>

Im trying to clarify if I understand correctly about authorizing users. "The simplest login method is sending the user login info in plain text and allowing access only to users that already have UNIX access (ie. in /etc/passwd) to the machine dovecot is running on." Im using fetchmail postfix dovecot on my own personal computer to get my mail from two servers. What Im wanting to

Try adding auth_debug_password=yes Aki On 01.02.2018 10:27, yuryb wrote: > We have FreeBSD-server with dovecot installed on it as IMAP-server. My > user and password database is a text file with plaintext passwords. > Clients connect to imap-server via TLS protocol and plaintext > password. All works fine. But I want to configure ability to authorize > with a client certificates.

You probably need to also enable auth_debug=yes auth_verbose=yes also, are you sure you just don't have wrong password? Aki On 01.02.2018 12:08, yuryb wrote: > I have added "auth_debug_password=yes" to "10-logging.conf" and > restarted dovecot.?But I do not see any information about the password > in the logs. Does this mean that the thunderbird does not

Hi all, I've set up a CentOS machine with samba version 3.0.28-1.el5_2.1 to join a Windows 2003 ADS. Everything seemed to go fine while joining the domain: [root@mailserver ~]# net ads join -U administrator administrator's password: Using short domain name -- MYDOMAIN Joined 'MAILSERVER' to realm 'MYDOMAIN.LOCAL' The trouble I'm having is authorizing users. When

Hi, Attached is a patch to allow multiple files and/or pipes to be read when searching for keys. The patch centralises the file reading code into one place, rather than repeating it amongst several files as it was previously. It also allows reading keys from a pipe as well as files. This functionality is not used in the current patch. The eventual goal is to make custom key sources, such as