On Mon, Sep 21, 2009 at 11:49:19PM -0400, bofh wrote: > > The dancer's shell actually look pretty interesting! :) > > Unfortunately, the current place has a very strong "if I didn't pay > > IBM for it, I'm not using it because I need support" mentality by > > management. Unfortunately, to push killing telnet/rsh, I need > > management support. *sigh* So, I had hoped that there was a chance > > that openssh can use certs that are in ldap for authorized_keys > > (understanding the security issues behind that), but if not, then, oh > > well :)
If management won't say yes to it unless they can pay IBM to support it, why are you on an OpenBSD mailing list? Anyways, if your heart is set on LDAP and management has its heart set on paying IBM... There's IBM Directory Server Client which includes 'ldapsearch'. There's 'ksh'. And there's 'awk'. Your mission, should you choose not to warm up your resume, is to look through the standard LDAP schema for an attribute that may appear multiple times and is large enough to hold an ssh key, the object classes that permit that attribute, as well as appropriate object classes for storing machine identifiers, user identifiers, and groups of machine identifiers and/or user identifiers. Then use the magic of ksh, awk, and ldapsearch to generate the files :-). But I'll let you in on a little secret. Most places opt for 'openldap' as their ldap client implementation because it runs on more platforms. IBM even packages it for non-support in their linux toolbox for AIX. > > > > -- > > http://www.glumbert.com/media/shift > > http://www.youtube.com/watch?v=tGvHNNOLnCk > > "This officer's men seem to follow him merely out of idle curiosity." > > -- Sandhurst officer cadet evaluation. > > "Securing an environment of Windows platforms from abuse - external or > > internal - is akin to trying to install sprinklers in a fireworks > > factory where smoking on the job is permitted." -- Gene Spafford > > learn french: http://www.youtube.com/watch?v=30v_g83VHK4 If you could trim your .sig down to 4 lines or so, it would be great. this is an OpenBSD mailing list, not alt.fan.warlord. > > > > > > -- > http://www.glumbert.com/media/shift > http://www.youtube.com/watch?v=tGvHNNOLnCk > "This officer's men seem to follow him merely out of idle curiosity." > -- Sandhurst officer cadet evaluation. > "Securing an environment of Windows platforms from abuse - external or > internal - is akin to trying to install sprinklers in a fireworks > factory where smoking on the job is permitted." -- Gene Spafford > learn french: http://www.youtube.com/watch?v=30v_g83VHK4 > -- Chris Dukes
