You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@karaf.apache.org by "Łukasz Dywicki (JIRA)" <ji...@apache.org> on 2017/12/06 14:32:00 UTC

[jira] [Resolved] (KARAF-5418) SSH public key authentication from LDAP

     [ https://issues.apache.org/jira/browse/KARAF-5418?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Łukasz Dywicki resolved KARAF-5418.
-----------------------------------
    Resolution: Fixed

> SSH public key authentication from LDAP
> ---------------------------------------
>
>                 Key: KARAF-5418
>                 URL: https://issues.apache.org/jira/browse/KARAF-5418
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-security
>            Reporter: Ciprian Ciubotariu
>            Assignee: Łukasz Dywicki
>            Priority: Minor
>              Labels: security
>             Fix For: 4.1.4, 4.2.0
>
>
> We have an environment with multiple karaf instances deployed, all authenticating SSH connections using the username/password mechanism from a LDAP server. Repeatedly logging into these servers requires copy-pasting passwords from the keychain, which ... well, can lead to leaks and is also annoying after a while. At the same time hosts are is easier with SSH keys, which we also store in LDAP.
> I have created a LDAP public-key authentication module to karaf following the file-based PubkeyLoginModule, and I want to contribute it to karaf. Github PR to follow.
> To use it one has to use the same JAAS module settings as for {{LDAPLoginModule}}, but with class {{LDAPPubkeyLoginModule}} and an added configuration option {{user.pubkey.attribute}}. Any attribute can be used to store the public key(s), such as the {{publicKey}} attribute from {{objectClass: extensibleObject}}. You'll find complete examples in tests.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)