Hi, I'm looking for a procedure (on paper first) to provide users on hosts session keys to login to servers providing services like file, print or even access to internet or a sql db. The first step is that user has to authenticate on the local host via password. Paswword and usernames are centrally managed via ldap (or simular). The second step is that the user on host logs in to the CA server, using it's password, it's private key and the hostkey. If success, then it gets a public session key (the private is kept on the CA server) it can use to auth to ssh/sftp (etc) servers. Is this a good procedure? Stef _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev