Re: Openssh to support X509 certificates
This is a discussion on Re: Openssh to support X509 certificates within the OpenSSH Development forums, part of the Networking and Network Related category; yes a module to provide authentication is essential as a part of released OpenSSH i feel, there is also one ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-15-2008
|
|||
|
|||
Re: Openssh to support X509 certificates
yes a module to provide authentication is essential as a part of released
OpenSSH i feel, there is also one developed by Roumen Petrov, is your PAM module in anyway advantageous over that? A module which could do remote certificate authentication through some authentication server would be even better, e.g a OpenSSH client passes cert to OpenSSH server and server in turn authenticates it through a remote RADIUS server! -Joviano > No, what I mean is not that I seek some commercial support service. > > I just hope that X509 certificate support will be a part of openssh > mainstream, > because it becomes necessary in many applications. At least, > it should become a option in openssh mainstream, so that some applications > can choose to open this part of functionality. > > And, more importantly, I hope that my PAM module for X509-based > certificate > verification can serve as a module of openssh in the future.My PAM module > can do authentication via user certificates and do mapping to local > accounts. > Based on the module, a user can login remote server via his certificate > and > traverse around the whole network built on openssh by single-sign-on(SSO). > (Now, I have successfully implemented most of functionalities except > delegation, > which is needed to support SSO). > > I am willing to make some contribution to mainstream version of openssh > and > willing to open my all codes (including PAM module and modified > openssh4.5). > Hope openssh more powerful. > > Any comment? > > Regards, > > Ian > > > On Sat, Mar 15, 2008 at 2:16 AM, Peter Stuge > <stuge-openssh-unix-dev@cdy.org> wrote: >> On Fri, Mar 14, 2008 at 05:36:58PM +0800, Ian jonhson wrote: >> > No one is welling to answer me? >> >> I don't think that is the case. >> >> Keep in mind that any help on this list is strictly voluntary and >> free of charge. >> >> Maybe you could find someone who offers a commercial support service >> for the certificate extension if that is what you're after? >> >> >> //Peter >> _______________________________________________ >> openssh-unix-dev mailing list >> openssh-unix-dev@mindrot.org >> https://lists.mindrot.org/mailman/li...enssh-unix-dev >> > _______________________________________________ > openssh-unix-dev mailing list > openssh-unix-dev@mindrot.org > https://lists.mindrot.org/mailman/li...enssh-unix-dev > _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
