You don't get revocation checking, and you need to update the account when the user gets a new card, but it's better than passwords.
FWIW, there have been pushes to include X.509 authentication in the SSH protocol, but last I checked there was only one unofficial set of patches against OpenSSH implementing only one proposed version. SSH, Inc. has done some work along these lines and included it in both the Tectia client and server products, but the cert->account mapping was kludgy IMHO and nothing made its way into the standard protocol.
-- Tim On Jan 15, 2008, at 5:09 PM, Lippold, Aaron L CIV DISA PEO-GES wrote:
Classification: UNCLASSIFIED Caveats: NONE Hi, Anyone have to quick how-to on number 3? Aaron -----Original Message----- From: Mckenzie, Kenneth Mr CIV USA TRADOC [mailto:kenneth.mckenzie@xxxxxxxxxxx] Sent: Friday, January 11, 2008 1:05 PM To: Lippold, Aaron L CIV DISA PEO-GES Subject: RE: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED) Importance: HighWe have Dell Poweredge 4600 file server that is used has a software & patchrepository. System currently running REDHAT AS 4 Update 3. Looking to upgrade system to REDHAT Enterprise Server 5 Update 1. The intent is to have the system CAC compliant to Army standards. With the below1. Ability to have the system join our active directory domain. (For IAVASCANS) 2. Logon locally with CAC. 3. Access File share remotely via SSH/SCP by using SSO or CAC. Via our https://nscops.leavenworth.army.mil Any help/suggestion you have would be greatly appreciated. Thanks! V/R Ken Remember! AMERICAN SOLDIERS! They're The Reason We're Here! Ken McKenzie IT Specialist, NSC Ops FT Leavenworth, KS kenneth.mckenzie@xxxxxxxxxxxxxx 913-684-8397 DSN 552-8397 -----Original Message-----From: Lippold, Aaron L CIV DISA PEO-GES [mailto:Aaron.Lippold@xxxxxxxx]Sent: Friday, January 11, 2008 10:11 AM To: McKenzie, Kenneth A CIV USA TRADOC Cc: Linuxcac-developers Subject: RE: Using CAC with RHEL SVR 5.1 (UNCLASSIFIED) Classification: UNCLASSIFIED Caveats: NONE Hi, Could you send an email outlining what you need to do. I also cc'd the linuxcac-develpers list here at DISA. Thanks, Aaron-----Original Message----- From: McKenzie, Kenneth A CIV USA TRADOC [mailto:Kenneth.McKenzie@xxxxxxxxxxx] Sent: Thursday, January 10, 2008 5:23 PM To: Lippold, Aaron L CIV DISA PEO-GES Cc: aaron.l.lippold@xxxxxxxxxxx Subject: Using CAC with RHEL SVR 5.1 Importance: High Sorry for the delay I had an L in your name sending again. Web SVR we spoke about. https://nscops.leavenworth.army.mil/ V/R Ken Remember! AMERICAN SOLDIERS! They're The Reason We're Here! Ken McKenzie IT Specialist National Simulation Center Ops FT Leavenworth, KS kenneth.mckenzie@xxxxxxxxxxxxxx <mailto:kenneth.mckenzie@xxxxxxxxxxxxxx> 913-684-8397 DSN 552-8397 From: McKenzie, Kenneth A CIV USA TRADOC Sent: Thursday, January 10, 2008 4:02 PM To: 'aaronl.lippold@xxxxxxxx' Subject: https://nscops.leavenworth.army.mil/ Importance: High https://nscops.leavenworth.army.mil/ V/R Ken Remember! AMERICAN SOLDIERS! They're The Reason We're Here! Ken McKenzie IT Specialist, NSC Ops FT Leavenworth, KS kenneth.mckenzie@xxxxxxxxxxxxxx <mailto:kenneth.mckenzie@xxxxxxxxxxxxxx> 913-684-8397 DSN 552-8397Classification: UNCLASSIFIED Caveats: NONE Classification: UNCLASSIFIED Caveats: NONE _______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Coolkey-devel mailing list Coolkey-devel@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/coolkey-devel
