We would like very very much to have our Linux, Sun, and Mac servers and workstations pull user names, authorization to log into hosts (by group membership), and public keys from our existing campus LDAP server. One of our admins has had success with the LPK patches http://dev.inversepath.com/trac/openssh-lpk for this purpose. Thank you for OpenSSH!
Created attachment 1826 [details] patch adding public key authentication via LDAP patch pulled from http://openssh-lpk.googlecode.com/svn/trunk/patch/contrib/openssh-lpk-0.3.10_5.4p1.patch
There seem to be plenty of interest downstream in supporting LDAP as a network datastore for pubkeys (e.g. going back a few years, RH, Debian, and Ubuntu have open bugs tracking this one), so, if this patch isn't acceptable as offered, might it be possible to understand the reasons and see if it's possible to arrive at an acceptable solution ?
We won't be integrating LDAP into sshd. There are patches to allow sshd to fetch keys using a helper program (which could in turn use LDAP) that will be considered, but I haven't had time to review them properly.
Do you have a pointer to that work? Is there anything someone could do to help progress down that path?
close resolved bugs now that openssh-5.9 has been released