Re: [389-users] Migrating to LDAP authentication

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Sean Carolan wrote:
>> #2
>> a.there is also a setting in /etc/ldap.conf called pam_groupdn. This
>> lets you define an LDAP object with multiple membe attributes to
>> control who can login. I find it easy to use
>> b. SSH can be told to only accept logins from a posix group (same deal
>> just handled at a different part of the stack)
>>     
>
> One other question came to mind, and that was users with ssh keys.
> How will migrating to LDAP-only authentication affect them?  Is there
> a way to continue allowing these users to use their keys for login?
>   

You can either continue as usual with an authorized_keys file in their 
home directories, or look at the LPK patch available for OpenSSH that 
allows storing public keys in LDAP.

Having the users in LDAP has absolutely no effect on how key-based 
logins work with SSH, but it does open up some other options.
--
389 users mailing list
389-users@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/389-users

[Index of Archives]     [Fedora Directory Users]     [Fedora Directory Devel]     [Fedora Announce]     [Fedora Legacy Announce]     [Kernel]     [Fedora Legacy]     [Share Photos]     [Fedora Desktop]     [PAM]     [Red Hat Watch]     [Red Hat Development]     [Big List of Linux Books]     [Gimp]     [Yosemite News]

  Powered by Linux