Ok lets face using user keys over the standard password has its advantages,
but with that it has its disadvantages. Managing a few hundred users is
easy, but lets make the number of users you now have to manage 5000. Puts
a little spin on it. I am thinking of all sorts of ideas but wanted to her
if anyone has had any practical experience with the management of user
keys. Having a pervasive $HOME directory helps, but that cannot always be
counted on.
Lets here it from the experts. ( I hope folks from ssh.com might shed some
light on this as well ....I am going to log a call too them as well :) )
What I would like to do is this...
1) Pervasive $HOME directory via AFS or DFS.
This would allow keys to be better managed ( don't have to maintain
lots
of copies )
2) Include Kerberos authentication either via AFS/Kerberos or what I really
want is to make my LDAP server the holder of my Kerberos keys.
3) Support a variety of client computers .... ok so I don't need to support
Mac's.
Challanges.
SSH v3.0.1 does not support AFS/DFS...but can I make it work via Kerberos
support...?
Client availability... I can handle multiple UNIX's, but the challenge is
the Windows clients.
Expiration of keys...how can this be accomplished...?
Anyone got an working distribution of keys Kerberos or otherwise via LDAP
or DNS?...I have been hearing talks about it for years.
How do I get client support for any keys on the windows side..... is it
available and can it be integrated with ssh ?
Anyone have any good ideas, comments or real experiences.....
-Thinking outloud....
-Todd Wilkinson
[EMAIL PROTECTED]
