On Mon, Sep 30, 2019 at 11:25:13AM -0400, Lawrence Kearney wrote: > A question concerning the following SSSD directives: > > ldap_user_ssh_public_key = > ldap_host_ssh_public_key = > > Both default to "sshPublicKey" values, but other than the obvious stated > use cases (in the directive names and man file entries) I feel I'm missing > something concerning the " ldap_host_ssh_public_key" directive. > > For example, using the default configuration, the SSSD pulls down the > public key(s) stored for a user stored in the " sshPublicKey" attribute > using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access > to a predetermined set of hosts. > > What is the use case for the " ldap_host_ssh_public_key" directive? Is it > somehow used to store the public Key for a particular host (and why?) and > does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy" > utility used to centralise (and distribute?) host keys?
Yes, please see man sss_ssh_knownhostsproxy for details. Additionally there are slides describinf this feature at https://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf. Although the slides are for FreeIPA the feature itself is not specific to FreeIPA but can be used with other LDAP servers as well. HTH bye, Sumit > > > Any info would be most useful and as always, thank you! > > > -- lawrence > > -- > Lawrence Kearney > _______________________________________________ > sssd-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/[email protected] _______________________________________________ sssd-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
