On Wed, Oct 03, 2007 at 07:51:30PM +0100, Markus Moeller wrote: > Could this be part of an name service extension, so that it can be either > local file, nis or ldap or .. ?
Well, what I'm after is a centralized OpenSSH authorization solution which currently doesn't seem to exist. To quote from my earlier email: In the solution I am envisioning, this daemon would take the hostname, principal and username and return whether the mapping is valid or not, i.e. whether that principal can log into that [EMAIL PROTECTED] This then would somehow end up back in the app through krb5_kuserok(). (Btw, it sounds like this could also be implemented using a centralized authorization server.) Having a secure facility like this available could probably benefit other apps besides OpenSSH. Jos > Markus > > "Douglas E. Engert" <[EMAIL PROTECTED]> wrote in message > news:[EMAIL PROTECTED] > > Does anyone have any mods to use LDAP to store the auth_to_local > > database? Something like: > > > > auth_to_local=LDAP:.... > > > > Thus it could be used by sshd for example. > > > > -- > > > > Douglas E. Engert <[EMAIL PROTECTED]> > > Argonne National Laboratory > > 9700 South Cass Avenue > > Argonne, Illinois 60439 > > (630) 252-5444 > > ________________________________________________ > > Kerberos mailing list [email protected] > > https://mailman.mit.edu/mailman/listinfo/kerberos > > > > > > ________________________________________________ > Kerberos mailing list [email protected] > https://mailman.mit.edu/mailman/listinfo/kerberos -- Jos Backus jos at catnook.com ________________________________________________ Kerberos mailing list [email protected] https://mailman.mit.edu/mailman/listinfo/kerberos
