Private key authentication with pam_ldap
There is an unofficial patch to openssh for that. You can find it here.
You can also use a configuration manager (like puppet or cfengine) to manage and distribute the keys, possibly even pulling them from LDAP.
Otherwise, you can to up an ad-hoc CRON job to update the keys from LDAP.
Related videos on Youtube
08 : 26
08 : 15
04 : 11
04 : 55
01 : 26
Comments
-
Gareth almost 2 years
I'd like to set up pam_ldap on some of our servers so that we can centrally manage who has access to which server, and easily revoke access if e.g. someone leaves the company.
I've done some research and got this working. Hooray!
However I'd also like to be able to use public-private key logins - i.e. allow users to store their public keys in the LDAP directory and have these work for logins too.
I can't find any documentation about being able to do this, but I also can't find any reasons that it shouldn't be possible. Is there a way to do it, or is there some fundamental reason that it won't work?