On Fri, Sep 18, 2009 at 10:29:54AM -0400, bofh wrote:
> Hi,
> Just wanted to see how you guys manage authorized_keys. I'm trying to
> move everyone off "legacy" protocols onto openssh, and one of my
> proposals will involve using authorized keys for scripts/automated
> processes.
>
> There's 400+ unix boxes. I know we can stick keys into
> authorized_keys, but managing it for a bunch of automated processes
> seems a bit unwieldy. Is there any way of pointing to an external
> source, say, ldap?
Have you considered Kerberos? You'll still have to add accounts (or use
LDAP, indeed), but at least you don't have to copy the keys everywhere.
Joachim
