Stephen J. Turnbull wrote: > On cvs.xemacs.org (aka SunSITE.dk) ssh+cvs access with cvs access > control being handled by a Perl script scales to approximately 85 > users. I don't handle key management directly, but I believe several > users use multiple keys (I don't personally). I've never heard any > complaints from the guys who actually do key management; they just > keep authorized_keys in alphabetical order by comment (= user's real > name). Nor do I notice any authorization overhead vs. a simple ssh > login when accessing the cvs server.[1] Evidently the "what keys do > you have?" negotiation with the agent takes very little time (in > terms of what a human can notice).
That's encouraging; I'm willing to proceed with that approach then. As for key management: I just designed an infrastructure where ~pythondev/keys is a directory containing files named, say "Martin v. Loewis" (with spaces, ASCII only); the contents of the files are just the public keys. I run then make_authorized_keys, which regenerates the authorized_keys2 file, adding all the command= lines. This avoids editing authorized_keys2 in a text editor. Regards, Martin _______________________________________________ Python-Dev mailing list Python-Dev@python.org http://mail.python.org/mailman/listinfo/python-dev Unsubscribe: http://mail.python.org/mailman/options/python-dev/archive%40mail-archive.com
