[Freeipa-devel] OpenSSH with PKCS#11 for key storage
Dmitri Pal
dpal at redhat.com
Wed Feb 19 20:13:15 UTC 2014
On 02/19/2014 01:49 PM, Petr Spacek wrote:
> Hello list,
>
> I just came across this page:
> http://www.gooze.eu/howto/using-openssh-with-smartcards/using-ssh-authentication-agent-ssh-add-with-smartcards
>
>
> If I understand correctly, it allows you to store & use your personal
> SSH keys via PKCS#11 interface.
>
> It sounds like a killer feature to me!
>
> Imagine that you can log-in to any machine in IPA realm and you will
> have all your SSH keys with you, without any extra work.
>
> This extends seamless SSO outside the enterprise (we have Kerberos for
> inside, this doesn't change that).
>
> Petr^2 Spacek
>
> P.S. It is natively supported in OpenSSH v5.4p1 - we have PKCS#11
> support in Fedora 20 already.
What are the implications for SSSD and IPA? What needs to be changed if
anything?
>
> _______________________________________________
> Freeipa-devel mailing list
> Freeipa-devel at redhat.com
> https://www.redhat.com/mailman/listinfo/freeipa-devel
--
Thank you,
Dmitri Pal
Sr. Engineering Manager for IdM portfolio
Red Hat Inc.
-------------------------------
Looking to carve out IT costs?
www.redhat.com/carveoutcosts/
More information about the Freeipa-devel
mailing list