karaf-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ciprian Ciubotariu (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (KARAF-5418) SSH public key authentication from LDAP
Date Wed, 11 Oct 2017 21:54:00 GMT

    [ https://issues.apache.org/jira/browse/KARAF-5418?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16201039#comment-16201039

Ciprian Ciubotariu commented on KARAF-5418:

See https://github.com/apache/karaf/pull/385

> SSH public key authentication from LDAP
> ---------------------------------------
>                 Key: KARAF-5418
>                 URL: https://issues.apache.org/jira/browse/KARAF-5418
>             Project: Karaf
>          Issue Type: Improvement
>          Components: karaf-security
>            Reporter: Ciprian Ciubotariu
>            Priority: Minor
>              Labels: security
> We have an environment with multiple karaf instances deployed, all authenticating SSH
connections using the username/password mechanism from a LDAP server. Repeatedly logging into
these servers requires copy-pasting passwords from the keychain, which ... well, can lead
to leaks and is also annoying after a while. At the same time hosts are is easier with SSH
keys, which we also store in LDAP.
> I have created a LDAP public-key authentication module to karaf following the file-based
PubkeyLoginModule, and I want to contribute it to karaf. Github PR to follow.
> To use it one has to use the same JAAS module settings as for {{LDAPLoginModule}}, but
with class {{LDAPPubkeyLoginModule}} and an added configuration option {{user.pubkey.attribute}}.
Any attribute can be used to store the public key(s), such as the {{publicKey}} attribute
from {{objectClass: extensibleObject}}. You'll find complete examples in tests.

This message was sent by Atlassian JIRA

View raw message