-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ssh_authorized_keys can be owned by anyone.
Think of how git works. The file is owned by git/gitosis/whatever, but you log in as yourself. This is the whole point of ssh_authorized_keys and one way that it can be abused. In my tests, SSH doesn't care one way or the other who it's owned by so long as it's not world writable. Trevor On 08/30/2011 06:27 PM, Kelsey Hightower wrote: > One use case where it may not be desirable to have users own the keys > is in centralized ssh key setups backed by LDAP and PAM > authentication. In this specific case all keys are stored in a central > location such as /etc/ssh-public-keys/*.pub. The keys are only read by > PAM (root) during the authentication phase. > - -- Trevor Vaughan Vice President, Onyx Point, Inc. email: tvaug...@onyxpoint.com phone: 410-541-ONYX (6699) pgp: 0x6C701E94 - -- This account not approved for unencrypted sensitive information -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJOX05HAAoJECNCGV1OLcyptXMH/jierbEjz6CxhyoD2vOH993d JUk8QoFMCdbLTNhlftaGfwkrXDMb5cNCZE2xRWbiGtQa0r6hcKDYY8O79+TAnQ/i goxyVEKE8QaWd+qCCHTcCE5pCa7oE4qBD6e4wNBZAwPepkk5S64hMN+j+M33ytR5 nrAJteG9Wh7t3bkZeIDik2x2zwOOhV9kDy26Xhyd7TUjOJ3VjROhSXDwe3tbw0s5 p+ztN8JFLjYA6uAyXznZl3BGZzb2gdXxZ6152osTP1ShC86BfMFF6cuHvymoJLwQ OnTk1LRSX9IjNudcvcELNjUuwia7OmdBnzZrh1c4vER2z6l/3V/vi3tY8KTsw6A= =LYUk -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to puppet-dev@googlegroups.com. To unsubscribe from this group, send email to puppet-dev+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
<<attachment: tvaughan.vcf>>