Sumit, I did see the freeIPA slide deck. It had some good info but seemed a bit dated. I'll look into the referenced man file as well.
-- lawrence On Mon, Sep 30, 2019, 11:38 AM Sumit Bose <sb...@redhat.com> wrote: > On Mon, Sep 30, 2019 at 11:25:13AM -0400, Lawrence Kearney wrote: > > A question concerning the following SSSD directives: > > > > ldap_user_ssh_public_key = > > ldap_host_ssh_public_key = > > > > Both default to "sshPublicKey" values, but other than the obvious stated > > use cases (in the directive names and man file entries) I feel I'm > missing > > something concerning the " ldap_host_ssh_public_key" directive. > > > > For example, using the default configuration, the SSSD pulls down the > > public key(s) stored for a user stored in the " sshPublicKey" attribute > > using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access > > to a predetermined set of hosts. > > > > What is the use case for the " ldap_host_ssh_public_key" directive? Is it > > somehow used to store the public Key for a particular host (and why?) and > > does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy" > > utility used to centralise (and distribute?) host keys? > > Yes, please see man sss_ssh_knownhostsproxy for details. Additionally > there are slides describinf this feature at > https://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf > . > Although the slides are for FreeIPA the feature itself is not specific > to FreeIPA but can be used with other LDAP servers as well. > > HTH > > bye, > Sumit > > > > > > > Any info would be most useful and as always, thank you! > > > > > > -- lawrence > > > > -- > > Lawrence Kearney > > > _______________________________________________ > > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org > _______________________________________________ > sssd-users mailing list -- sssd-users@lists.fedorahosted.org > To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org >
_______________________________________________ sssd-users mailing list -- sssd-users@lists.fedorahosted.org To unsubscribe send an email to sssd-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org