That is possible, but I don't think that's really what you are trying to do. It really sounds like what you want to do is:
If I can have ssh/pam authentication and have ssh retrieve public key from LDAP that might be a consolatory price.
1) generate an ssh compatible cert (or pub/priv key pair) using your existing cert that is issued by ejbca - that may be possible, but you'll need to have the ssh cert signed by the ejbca - could be difficult
or
2) use your regular x509 cert for ssh authentication - it doesn't look as though ssh supports this although it's not clear from the man page - would be a very good feature for ssh though
I might end up not linking the certificates with ssh ( probably because you can't ) and then do public key retrieval from LDAP. I am glad that I am not the only person who found the man page to be vague...
I will do some more experimenting to see what I can come up with and feedback any interesting finds back to the list.
Best Regards
Gerhardus Geldenhuis
-- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
