Re: OpenSSH and X.509 Certificate Support
This is a discussion on Re: OpenSSH and X.509 Certificate Support within the OpenSSH Development forums, part of the Networking and Network Related category; Joviano Dias wrote: > As I had mentioned previously that I building a system with OpenSSH + X.509 > using ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
03-18-2008
|
|||
|
|||
Re: OpenSSH and X.509 Certificate Support
Joviano Dias wrote:
> As I had mentioned previously that I building a system with OpenSSH + X.509 > using the patch provided by Roumen, > I have to have the subject lines in my authorized keys in order to > authenticate clients based on the match of these subject lines. > > I wanted to authenticate all clients who were issued a client certificate by > the CA whose CA certificate is present on the Server as I believe that this > should be sufficient and would avoid the overhead of adding subject lines > (to authorized_keys on the server) of each client certificate issued... > > Here is what I am considering... > > [SNIP] >>> Sure, if you like every client with valid certificate to login >>> into every logon account on the server. Did you like every client with valid and verified certificate to log into every logon account even as root ? If you don't like this, then you should create a map between certificate distinguished name or public part and logon accounts. Also note that authorized-keys file is such map. Roumen -- Get X.509 certificates support in OpenSSH: http://roumenpetrov.info/openssh/ _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@mindrot.org https://lists.mindrot.org/mailman/li...enssh-unix-dev 
|
Linear Mode
