Re: OpenSSH and X.509 Certificate Support

This is a discussion on Re: OpenSSH and X.509 Certificate Support within the OpenSSH Development forums, part of the Networking and Network Related category; Peter Stuge wrote: >> then, is there any workaround to eliminate the need to append the >> "....


Go Back   Usenet Forums > Networking and Network Related > OpenSSH Development

Reload this Page Re: OpenSSH and X.509 Certificate Support

FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply

 

LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 03-13-2008
Damien Mascord
 
Posts: n/a
Default Re: OpenSSH and X.509 Certificate Support
Peter Stuge wrote:
>> then, is there any workaround to eliminate the need to append the
>> ".pub" part of it to the "authorized_keys" file on the Server.
>>
>
> Here I agree with you - the administrative advantages of PKI seem to
> be lost if each client's cert needs to be distributed to all servers.
>
> But on the other hand - how will the certificate->username mapping be
> done otherwise? (Each cert should only be allowed for one username.)
>
Hi Peter,

Wouldn't you be able to do this with the certificate signature, rather
than the entire certificate ?

Cheers,

Damien

_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@mindrot.org
https://lists.mindrot.org/mailman/li...enssh-unix-dev
Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are Off
[IMG] code is Off
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT +1. The time now is 04:27 AM.

Contact Us - Usenet Forums - Archive - Top

Powered by vBulletin® Version 3.6.8
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.0.0