Hi Reyk, Reyk Floeter wrote:
could we add an LDAP schema file that makes it easier to use sshd's "AuthorizedKeysCommand"? While most howtos out there agree on the attribute name "sshPublicKey", there is no common LDAP schema that implements it. Some people patch nis.schema (which seems a bad idea), others add their own schema files.
ack! Especially in regard to patching nis.schema.
What about adding our own schema (using OpenBSD's allocated 1.3.6.1.4.1.30155 PEN) that includes the required "sshPublicKey" attribute? It can be used to extend existing LDAP users with the additional bsdAccount objectClass.
I think, this is a good idea. felix
