Bug 1316

Summary: Add LDAP support to sshd
Product: Portable OpenSSH Reporter: Chris Pepper <pepper>
Component: PAM supportAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: buffer.g.overflow, djm, ebourg, mindrot.robmoore, ryanlee, scott
Priority: P2    
Version: -current   
Hardware: All   
OS: All   
URL: http://code.google.com/p/openssh-lpk/
Attachments:
Description Flags
patch adding public key authentication via LDAP none

Description Chris Pepper 2007-05-22 04:41:33 AEST 
We would like very very much to have our Linux, Sun, and Mac servers and workstations pull user names, authorization to log into hosts (by group membership), and public keys from our existing campus LDAP server.

One of our admins has had success with the LPK patches http://dev.inversepath.com/trac/openssh-lpk for this purpose.

Thank you for OpenSSH!
Comment 1 Scott Coil 2010-04-01 06:03:09 AEDT 
Created attachment 1826 [details]
patch adding public key authentication via LDAP

patch pulled from http://openssh-lpk.googlecode.com/svn/trunk/patch/contrib/openssh-lpk-0.3.10_5.4p1.patch
Comment 2 buffer.g.overflow 2011-05-31 00:57:59 AEST 
There seem to be plenty of interest downstream in supporting LDAP as a network datastore for pubkeys (e.g. going back a few years, RH, Debian, and Ubuntu have open bugs tracking this one), so, if this patch isn't acceptable as offered, might it be possible to understand the reasons and see if it's possible to arrive at an acceptable solution ?
Comment 3 Damien Miller 2011-06-03 12:59:49 AEST 
We won't be integrating LDAP into sshd. There are patches to allow sshd to fetch keys using a helper program (which could in turn use LDAP) that will be considered, but I haven't had time to review them properly.
Comment 4 Ryan 2011-06-03 15:29:13 AEST 
Do you have a pointer to that work?  Is there anything someone could do to help progress down that path?
Comment 5 Damien Miller 2011-09-06 15:32:54 AEST 
close resolved bugs now that openssh-5.9 has been released