Ciprian Ciubotariu created KARAF-5418:
-----------------------------------------
Summary: SSH public key authentication from LDAP
Key: KARAF-5418
URL: https://issues.apache.org/jira/browse/KARAF-5418
Project: Karaf
Issue Type: Improvement
Components: karaf-security
Reporter: Ciprian Ciubotariu
Priority: Blocker
We have an environment with multiple karaf instances deployed, all
authenticating SSH connections using the username/password mechanism from a
LDAP server. Repeatedly logging into these servers requires copy-pasting
passwords from the keychain, which ... well, can lead to leaks and is also
annoying after a while. At the same time hosts are is easier with SSH keys,
which we also store in LDAP.
I have created a LDAP public-key authentication module to karaf following the
file-based PubkeyLoginModule, and I want to contribute it to karaf. Github PR
to follow.
To use it one has to use the same JAAS module settings as for
{{LDAPLoginModule}}, but with class {{LDAPPubkeyLoginModule}} and an added
configuration option {{user.pubkey.attribute}}. Any attribute can be used to
store the public key(s), such as the {{publicKey}} attribute from
{{objectClass: extensibleObject}}. You'll find complete examples in tests.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)
