comanage-dev - Re: [comanage-dev] SSH Provisioning / Authentication
Subject: COmanage Developers List
List archive
- From: Scott Koranda <>
- To: Benn Oshrin <>
- Cc: comanage-dev <>
- Subject: Re: [comanage-dev] SSH Provisioning / Authentication
- Date: Thu, 10 Apr 2014 09:26:20 -0600
Hi,
On Thu, Apr 10, 2014 at 9:13 AM, Benn Oshrin
<>
wrote:
> I've taken a first pass at the SSH use case (for the HTCondor presentation,
> but also generally).
>
> https://spaces.internet2.edu/display/COmanage/SSH
Thanks.
> It turns out while OpenSSH doesn't support pulling keys directly from LDAP,
> there are various approached that folks have adopted to do so. This is
> probably the best:
>
> https://github.com/AndriiGrytsenko/openssh-ldap-publickey
Interesting.
>
> We could try to follow this model (the LDAP schema is non-standard, though),
> which would simplify the key provisioning. We might still have to worry
> about allocating a home directory, but not for purposes of provisioning the
> account or storing the keys.
>
> Thoughts?
I think we can try using the openssh-ldap-publickey for the demo, and
use SSH with a master key as a tunnel to run 'adduser' or 'mkdir' to create
the home directory.
The point is that different clusters will use many different methods
for creating
home directories because of the many different types of storage systems used,
so we will want to gather requirements.
Some sites will probably want nothing more than an email notification when
the
enrollment is approved so they can manually create the home directory.
Thanks,
Scott
>
> Thanks,
>
> -Benn-
- [comanage-dev] SSH Provisioning / Authentication, Benn Oshrin, 04/10/2014
- Re: [comanage-dev] SSH Provisioning / Authentication, Scott Koranda, 04/10/2014
Archive powered by MHonArc 2.6.16.