comanage-users - Re: [comanage-users] Challenges with SSH public keys
Subject: COmanage Users List
List archive
- From: Benn Oshrin <>
- To: "Kevin M. Hildebrand" <>
- Cc:
- Subject: Re: [comanage-users] Challenges with SSH public keys
- Date: Mon, 10 Apr 2017 17:16:09 -0500
- Ironport-phdr: 9a23:0FgYNxaw7sGp4+iaLVjGgGv/LSx+4OfEezUN459isYplN5qZr8u5bnLW6fgltlLVR4KTs6sC0LuI9fm7EjRfqb+681k6OKRWUBEEjchE1ycBO+WiTXPBEfjxciYhF95DXlI2t1uyMExSBdqsLwaK+i764jEdAAjwOhRoLerpBIHSk9631+ev8JHPfglEnjSwbLdzIRmssAncuMYajZdgJ60s1hbHv3xEdvhMy2h1P1yThRH85smx/J5n7Stdvu8q+tBDX6vnYak2VKRUAzs6PW874s3rrgTDQhCU5nQASGUWkwFHDBbD4RrnQ5r+qCr6tu562CmHIc37SK0/VDq+46t3ThLjlTwKPCAl/m7JlsNwjbpboBO/qBx5347Ue5yeOP5ncq/AYd8WWW9NU8BMXCJDH4y8dZMCAfcfM+ZWr4fzpFUAohWxCgauGOzhxSRFhmP00KAgz+gtDQ/L0Q4mEtkTsHrUttL1NKIKXO2o0qbIyzPDZO5P1zfm6IjIaBEhofeRVr93asXe108vFwXCjliLqIzlOS+V2foXs2id8eVgSfyjh3Q5pA5svzii38EhgZTHiIISz1DL7yR5wIAtKN25Tk57fcCrEIFWty6EK4t6XNkuTH91tyYnzLANpJ21fDASxZg52xLSaOaLfoyK7x75SeqcLyl0iGh7dL6jhBu+6VWsx+/zW8WuzVpHqilInsPRunwTzRDf9NWLR/l780y8wziAzRrT5ftBIU0slarUNZohwrkom5oTtkTDGy72l1vzjKCMd0Uk/vGk5P7jb7jivJOcOJV4hRzkMqswgMO/BOQ4Mg8VX2iH4+izyLrj/UjhTLVLiP05jLXZvYjEKcgHpaO1GQtY34Q55xqiATqqzs4UkWcbIF9GYB6HipLmO1DKIPD2F/e/hFGsnS9wyP/YOL3hBJLNI2PCkLfnYbZy9VRcyAwtwtBD+Z5YEK8OL+/uWkPprtzXEgc5MxCow+bgENhyyoQeWWeVDa+fKqzSvkGH6vsyI+mXeoAVoi39JuMh5/7vln85hUQdcbez0ZsWbnC4AuppI1+fYXXyntcND30GsRQjQ+z32xW+VmsZRHusXqR0w3dzKIOiAYrJXImrjPbJiCS2AJxQTn1DBhaBHWq+JKueXPJZQi+UJIdGiTweVL7pH4Us0xepnA7817d9KOfIoGsVuY+1h4s93PHaiRxnrW88NM+ayWzYCjgsxm4=
I've got a patch ready but can't get it committed until we're done with
some source tree management as part of the 2.0.0 release. I'll update
the ticket (which you can watch if you want to) once it's posted in case
you want to try that out when it's available.
Thanks,
-Benn-
On 4/10/17 7:55 AM, Kevin M. Hildebrand wrote:
> Ok, thanks. For the time being I modified the schema to make the SSH
> key an optional component.
> One other observation of note that is likely related- when removing an
> SSH key (by clicking the 'Delete' button next to it on co_people/canvas/XX)
> the key is not being correctly removed from LDAP. The LDAP modify
> operation that's sent to the LDAP server updates all of the rest of the
> attributes, but doesn't include the sshPublicKey attribute.
> I guess in this case one would also have to remove the ldapPublicKey
> object class, since it's dependent on sshPublicKey. Yuck.
>
> Kevin
>
> On Sat, Apr 8, 2017 at 9:13 AM, Benn Oshrin
> <
> <mailto:>>
> wrote:
>
> Hi Kevin,
>
> This is a known issue:
>
> https://bugs.internet2.edu/jira/browse/CO-1397
> <https://bugs.internet2.edu/jira/browse/CO-1397>
>
> We're hoping to get this fixed in the patch release (2.0.1) after the
> new feature release (2.0.0) due out in the next couple of days.
>
> There is also an RFE for handling SSH keys as part of enrollment, though
> that wouldn't really solve the issue as you point out.
>
> https://bugs.internet2.edu/jira/browse/CO-1087
> <https://bugs.internet2.edu/jira/browse/CO-1087>
>
> Thanks,
>
> -Benn-
>
> On 4/7/17 10:58 AM, Kevin M. Hildebrand wrote:
> > I'm using self-signup, LDAP provisioning, and also trying to
> manage SSH
> > public keys. The problem that I'm having is that the ldapPublicKey
> > object class lists sshPublicKey as a required attribute. So if I
> enable
> > the ldapPublicKey object class in my LDAP provisioner settings, the
> > provisioning of new users will fail since there's no way for them to
> > initially provide their public key during enrollment.
> >
> > Any thoughts on how to deal with this?
> > 1) modify the LDAP schema to make sshPublicKey optional
> > 2) modify the LDAP provisioner to not include the ldapPublicKey object
> > class if there are no SSH keys defined
> > 3) modify the enrollment process to allow upload of SSH keys
> during sign up
> >
> > It seems to me that even if (3) occurs, there may still be times where
> > some users might not have SSH keys defined while others do.
> >
> > Thanks,
> > Kevin
> >
> > --
> > Kevin Hildebrand
> > University of Maryland, College Park
>
>
- [comanage-users] Challenges with SSH public keys, Kevin M. Hildebrand, 04/07/2017
- Re: [comanage-users] Challenges with SSH public keys, Benn Oshrin, 04/08/2017
- Re: [comanage-users] Challenges with SSH public keys, Kevin M. Hildebrand, 04/10/2017
- Re: [comanage-users] Challenges with SSH public keys, Benn Oshrin, 04/10/2017
- Re: [comanage-users] Challenges with SSH public keys, Benn Oshrin, 04/14/2017
- Re: [comanage-users] Challenges with SSH public keys, Benn Oshrin, 04/10/2017
- Re: [comanage-users] Challenges with SSH public keys, Kevin M. Hildebrand, 04/10/2017
- Re: [comanage-users] Challenges with SSH public keys, Benn Oshrin, 04/08/2017
Archive powered by MHonArc 2.6.19.