On Mon, Sep 30, 2019 at 11:25:13AM -0400, Lawrence Kearney wrote:
A question concerning the following SSSD directives:
ldap_user_ssh_public_key = ldap_host_ssh_public_key =
Both default to "sshPublicKey" values, but other than the obvious stated use cases (in the directive names and man file entries) I feel I'm missing something concerning the " ldap_host_ssh_public_key" directive.
For example, using the default configuration, the SSSD pulls down the public key(s) stored for a user stored in the " sshPublicKey" attribute using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access to a predetermined set of hosts.
What is the use case for the " ldap_host_ssh_public_key" directive? Is it somehow used to store the public Key for a particular host (and why?) and does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy" utility used to centralise (and distribute?) host keys?
Yes, please see man sss_ssh_knownhostsproxy for details. Additionally there are slides describinf this feature at https://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf. Although the slides are for FreeIPA the feature itself is not specific to FreeIPA but can be used with other LDAP servers as well.
HTH
bye, Sumit
Any info would be most useful and as always, thank you!
-- lawrence
-- Lawrence Kearney
sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.o...