[Fedora-directory-users] LDAP and openssh-lpk or kerberos?
Edward Capriolo
edlinuxguru at gmail.com
Fri Jun 13 15:27:07 UTC 2008
I already have a working directory server doing password based LDAP
login. Now I I am looking to implement two factor authentication. One
way to handle this that people are fairly familiar with is
ssh public key authentication through SSH. After a quick internet
search I found this....
http://dev.inversepath.com/trac/openssh-lpk
http://dev.inversepath.com/openssh-lpk/ldap_fosdem_2006.pdf
This seems like it will work but has some drawbacks:
Implementing this involves patching the SSH server. We are going to
have to maintain our own patched open ssh RPM for several linux
systems.
What other key solutions exist? I am looking int kerb5 now. I am
looking for is something
that does not involve configuring two systems. LDAP configuration +
second system configuration
Something that has both a light footprint on the clients something
compatible with SSH would be nice.
Something that has a light server footprint. Something compatible with
modern *nux systems. Hopefully can be done via configuration of a
standard service, no/light patching.
Any ideas?
More information about the Fedora-directory-users
mailing list