2011/3/28 StanisÅaw Pitucha <viraptor@xxxxxxxxx>: > Hi all, > > I'm looking for a way to allow a lot of users / public keys to be used > on a server via sshd and I'd like to manage them easily in some > repository (many such hosts would need access to it). I'd like to do > that without sshd modifications like lpk. The data store already > exists and cannot be changed, so kerberos unfortunately cannot be > used. > I do not want to use passwords (will be completely disabled) and would > like standard ssh clients to be able to connect to this server > (openssh and putty at least, but not only the latest versions). > > Users will have a standard ssh key pair (or a certificate with private > key if that makes things any easier), but the client software is > pretty much out of my control. I really want to use keys kere, since > users will also use those for other purposes. > I know that GSSAPI exists and is potentially related, but couldn't > really find an answer for: can it be used here, what needs to be > implemented to support it and can it use private/public key > authentication? > > I'm interested in RHEL6-based systems, so openssh version ~5.3. > You might be able to write a PAM module for your customized authentication needs. -- regards, kushal