Hi Gustavo,

Using settings from  'ipa-advise config-redhat-sssd-before-1-9' with below 
modifications seems to work quite well:

- on ipa server add permisson to read ipaSshPubKey anonymously:

[ipa-server]# ipa permission-add 'Read ipaSshPubKey' --type=user 
--attrs=ipaSshPubKey --bindtype=anonymous --permissions=read

[ipa-client]# diff /etc/sssd/sssd.conf /etc/sssd/sssd.conf.orig
2c2
< services = nss, pam, ssh
---
> services = nss, pam
12c12
< ldap_search_base = cn=accounts,dc=example,dc=org
---
> ldap_search_base = cn=compat,dc=example,dc=org
14d13
< ldap_user_ssh_public_key = ipaSshPubKey



________________________________
From: freeipa-users-boun...@redhat.com <freeipa-users-boun...@redhat.com> on 
behalf of Gustavo Mateus <gustavo.mat...@gmail.com>
Sent: 11 September 2015 00:30
To: freeipa-users@redhat.com
Subject: [Freeipa-users] AuthorizedKeysCommand for clients using nss-pam-ldapd

Hi,

I'm trying to setup my Amazon Linux instances to be able to fetch the IPA users 
public ssh key.

Do I have to setup a binddn and bindpw in the ldap.conf file and use 
/usr/libexec/openssh/ssh-ldap-wrapper or is there a better way to do it?

Thanks,
Gustavo
-- 
Manage your subscription for the Freeipa-users mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-users
Go to http://freeipa.org for more info on the project

Reply via email to