Trey Dockendorf wrote: > I'm attempting to manage user ssh authorized keys in 389 with clients > using SSSD. I came across the RHEL docs [1] regarding the > sss_ssh_authorizedkeys application but I do not see mention of the > expected attributes for a user account to use this method. Does 389 > include the necessary schema? If so, what attributes should I look > into? If the schema does not exist, is there a place I can reference to > see how FreeIPA implements the schema to then add as a custom schema to > my 389 instance? There is some training material on this at http://www.freeipa.org/images/1/1f/Freeipa30_SSH_Public_Keys.odp The schema is buried in https://git.fedorahosted.org/cgit/freeipa.git/tree/install/share/60basev3.ldif. Look for ipaSsh* > I realize FreeIPA contains this functionality but I can not use FreeIPA > because our authentication is provided by our campus' Kerberos realm and > we use 389 PAM pass through plugin to authenticate users. As far as I'm > aware this functionality cannot be used in FreeIPA without OTP which is > not available in EL6 or EL7. ssh keys have nothing to do with OTP. Support for managing ssh keys has been available in FreeIPA for quite some time now. rob -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
