Skip to Content.
Sympa Menu

comanage-users - Re: [comanage-users] Challenges with SSH public keys

Subject: COmanage Users List

List archive

Re: [comanage-users] Challenges with SSH public keys


Chronological Thread 
  • From: Benn Oshrin <>
  • To: "Kevin M. Hildebrand" <>
  • Cc:
  • Subject: Re: [comanage-users] Challenges with SSH public keys
  • Date: Sat, 8 Apr 2017 09:13:18 -0400
  • Ironport-phdr: 9a23:htz5uh0j3PTwKHIFsmDT+DRfVm0co7zxezQtwd8ZseIRKfad9pjvdHbS+e9qxAeQG96KtbQc26GI6+jJYi8p2d65qncMcZhBBVcuqP49uEgeOvODElDxN/XwbiY3T4xoXV5h+GynYwAOQJ6tL1LdrWev4jEMBx7xKRR6JvjvGo7Vks+7y/2+94fdbghMhTexe69+IRa5oQjQqsUdnJdvJLs2xhbVuHVDZv5YxXlvJVKdnhb84tm/8Zt++ClOuPwv6tBNX7zic6s3UbJXAjImM3so5MLwrhnMURGP5noHXWoIlBdDHhXI4wv7Xpf1tSv6q/Z91SyHNsD4Ubw4RTKv5LpwRRT2lCkIKSI28GDPisxxkq1bpg6hpwdiyILQeY2ZKeZycr/Ycd4cWGFPXNteVzZZD42hcYUPAeoPM+VWoYbzqFQBrwexCwa3CePzyDJFnGP60bE03ukjFwzNwQwuH8gJsHTRtNj4KbkdUeazzKLV1DvDdPNW2S386IjObxsspuqDUqx2ccrXzkkiDALFjlOMqYP7JTOV0PoCs3SF4+Z6S+2glnMnphh3rzOyyMksjYzJiZgUylDC7Sh5wYA1JcGmR05hZ96rDodQuz+AO4RoX8wiXmdlszs5xL0eoZO3YjQGxZc9yxPbafGLaZWE7xz9WOqLPzt0mHFodKqiixqu8kWs0OPxWtWu3FpUsyZJjMPAum4C2hHR7MWMV+Fz8V272TmV0gDe8uFELl4wlarcM5Mhwrkwlp8SsUvdGy/5gkT2jKuPeko+++Wk9/7rYrr8qpCBLY97lBvxMqEumsy4GuQ4LhICUHSc+eS5zLHj/Ev5T6tWjvAujKXVrJPXKd4fq6O7GQNZz4gu5wilAzu4zNgVnmELLFdfdxKGi4jpNUvOIPf9DfqnmFujjjFrx/bBPrD6A5XNKGTDn6n7fbZ79UFc1BQ/wcpB6J1JF7ENOOjzVVPptNzEEh85NBS5zPrgCNV4zIweX3iAAqCHP6/LrF+I/fwgI/OXZIIOvDb9KuMl5+L1jXMng1MdfK+p3YcJZ3CiGPRpPVmZbWT2jtgfDGgKo1l2cOu/wn6PTz9VL1P0F4I94j02ApivC4uJDtSujaKA2g+mG5EQa2xbXAOiC3DtIq+JXfFETzmSOM5n2mgOWL6nTKcg0w2jrgn31+AhI+bJrH5L/an/3cR4srWA3So58iZ5WoHEizmA

Hi Kevin,

This is a known issue:

https://bugs.internet2.edu/jira/browse/CO-1397

We're hoping to get this fixed in the patch release (2.0.1) after the
new feature release (2.0.0) due out in the next couple of days.

There is also an RFE for handling SSH keys as part of enrollment, though
that wouldn't really solve the issue as you point out.

https://bugs.internet2.edu/jira/browse/CO-1087

Thanks,

-Benn-

On 4/7/17 10:58 AM, Kevin M. Hildebrand wrote:
> I'm using self-signup, LDAP provisioning, and also trying to manage SSH
> public keys. The problem that I'm having is that the ldapPublicKey
> object class lists sshPublicKey as a required attribute. So if I enable
> the ldapPublicKey object class in my LDAP provisioner settings, the
> provisioning of new users will fail since there's no way for them to
> initially provide their public key during enrollment.
>
> Any thoughts on how to deal with this?
> 1) modify the LDAP schema to make sshPublicKey optional
> 2) modify the LDAP provisioner to not include the ldapPublicKey object
> class if there are no SSH keys defined
> 3) modify the enrollment process to allow upload of SSH keys during sign up
>
> It seems to me that even if (3) occurs, there may still be times where
> some users might not have SSH keys defined while others do.
>
> Thanks,
> Kevin
>
> --
> Kevin Hildebrand
> University of Maryland, College Park



Archive powered by MHonArc 2.6.19.

Top of Page