external storage of public keys and users



Hi all,

I'm looking for a way to allow a lot of users / public keys to be used
on a server via sshd and I'd like to manage them easily in some
repository (many such hosts would need access to it). I'd like to do
that without sshd modifications like lpk. The data store already
exists and cannot be changed, so kerberos unfortunately cannot be
used.
I do not want to use passwords (will be completely disabled) and would
like standard ssh clients to be able to connect to this server
(openssh and putty at least, but not only the latest versions).

Users will have a standard ssh key pair (or a certificate with private
key if that makes things any easier), but the client software is
pretty much out of my control. I really want to use keys kere, since
users will also use those for other purposes.
I know that GSSAPI exists and is potentially related, but couldn't
really find an answer for: can it be used here, what needs to be
implemented to support it and can it use private/public key
authentication?

I'm interested in RHEL6-based systems, so openssh version ~5.3.

Thanks a lot for any ideas

--
KTHXBYE,

Stanisław Pitucha



Relevant Pages

  • Re: external storage of public keys and users
    ... on a server via sshd and I'd like to manage them easily in some ... that without sshd modifications like lpk. ... implemented to support it and can it use private/public key ... authentication needs. ...
    (SSH)
  • Re: When does Privilege Seperation work.
    ... >> Yesterday i've updated my server to openssh 3.3 after configuring my ... >> running privilege seperation. ... Why do i need a sshd user and group? ...
    (comp.security.ssh)
  • Re: When does Privilege Seperation work.
    ... >> Yesterday i've updated my server to openssh 3.3 after configuring my ... >> running privilege seperation. ... Why do i need a sshd user and group? ...
    (comp.security.ssh)
  • Re: are these ssh versions secure?
    ... I tried to install this on ... compile ssh-com's server and put it ini /usr/local/., then compile OpenSSH ... So installing the single sshd binary of OpenSSH would ...
    (comp.security.ssh)
  • Slow sftp transfer speed vs ftp
    ... with Solaris 9) I am transfering at 300 kb/sec. ... on both client and server. ... # The sshd shipped in this release of Solaris has support for major versions ... # Banner to be printed before authentication starts. ...
    (SunManagers)