Bug 204764 - request application of OpenSSH LDAP Public Key patch
request application of OpenSSH LDAP Public Key patch
Status: CLOSED DUPLICATE of bug 169961
Product: Fedora
Classification: Fedora
Component: openssh (Show other bugs)
rawhide
All Linux
medium Severity low
: ---
: ---
Assigned To: Miloslav Trmač
Brian Brock
http://www.opendarwin.org/en/projects...
: FutureFeature
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2006-08-31 10:08 EDT by Steve Huff
Modified: 2007-11-30 17:11 EST (History)
1 user (show)

See Also:
Fixed In Version:
Doc Type: Enhancement
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-03-28 06:58:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)


External Trackers
Tracker ID Priority Status Summary Last Updated
Red Hat Bugzilla 991478 None None None Never

  None (edit)
Description Steve Huff 2006-08-31 10:08:20 EDT
Description of problem:

This is a feature enhancement request (FutureFeature); I have submitted an enhancement request to 
Red Hat Technical Support (request #991478) asking that the OpenSSH LDAP Public Key patch (http://
www.opendarwin.org/en/projects/openssh-lpk/) be added to the openssh package that ships with Red 
Hat Enterprise Linux.  I was told that this would be unlikely unless the patch were to be accepted by the 
OpenSSH project or by Fedora; as such, I request that you review the patch and include it in Fedora 
Core.

The LDAP Public Key patch allows sshd to query a LDAP server to find a user's public key.  If none is 
found or if there is a problem connecting to the LDAP server, sshd fails through to the traditional 
methods of searching for a public key (~/.ssh/authorized_keys etc.)  This functionality enables 
administrators to centralize the management of public keys; for example, if a user should be given 
access to several machines but denied access to others, the admin simply has to add that user's UID to 
the appropriate groups within the LDAP tree, rather than needing to touch the user's home directory on 
each machine.  In an environment with shared home directories, implementing this sort of fine-grained 
control could be very difficult; the LDAP Public Key patch makes it easier to do so.

While this sort of functionality may not be of interest to the casual user, it is a helpful tool for 
administrators of larger networks (especially ones where an LDAP infrastructure has already been 
deployed).  As such, it seems appropriate to add this functionality to Red Hat Enterprise Linux.

For an example of the OpenSSH LDAP Public Key patch in production use, look at the Gentoo 
distribution (http://www.gentoo.org).  A possible point of contact is Andrea Barisani 
(lcars@gentoo.org).

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:
Comment 1 Miloslav Trmač 2007-03-28 06:58:30 EDT
Thanks for your report.  This is already tracked for Fedora Core as #169961.

*** This bug has been marked as a duplicate of 169961 ***

Note You need to log in before you can comment on or make changes to this bug.