On 9/15/06, Joachim Schipper <[EMAIL PROTECTED]> wrote:
On Fri, Sep 15, 2006 at 10:27:29AM +0200, Frans Haarman wrote:
> Is there someting which does "Authpf" like things, only via a website
> ? So the users authenticates on the website, then the firewall rules
> are loaded!
>
> Another idea I have is to simply have users authenticate, then they
> can download a ssh key with which they can login.
It shouldn't be that hard to hack the authpf source to do what you want;
the downside is mostly in the fact that this is a lot of trust to place
in a web site...
The other option is comparatively easy, if you avoid the many pitfalls
(notably, the key shouldn't be reachable from the web site, of course,
but should probably not even be readable for scripts on the web site;
use a s(u|g)id program to check credentials and read the key if they are
correct).
Maybe instead of having the ever-valid ssh key available through web
have a script generate a single S/Key password for user, invalidating
the last one in case it was not used yet?
Joachim
--
viq
