Hello,
I have been looking for a way to centrally manage our growing list of
openssh public keys. Currently we have around 200 users which all
authenticate to servers using public key authentication (each with their
own key). In this case the management of this becomes seriously
tiresome. We have tested the GSSAPI functionality within openssh and
found that the additional management of the kerberos was something we
did not want to deal with. We have since found the following patch
http://dev.inversepath.com/trac/openssh-lpk
It seems to be exactly what we are looking for, it removes the
requirement to have kerberos -> ldap or active directory in a totally
UNIX environment. Does anyone know if these patches will be introduced
into the mainline openssh portable code? I notice that the patches have
been available for some time. Has anyone heard anything about this or is
it a pipe dream.
Alternatively what other solutions are available to manage keys on a
large scale?
Regards,
Jimmy.
