> > > If I can have ssh/pam authentication and have ssh retrieve public key > from LDAP that might be a consolatory price. > > That is possible, but I don't think that's really what you are trying to > do. It really sounds like what you want to do is: > 1) generate an ssh compatible cert (or pub/priv key pair) using your > existing cert that is issued by ejbca - that may be possible, but you'll > need to have the ssh cert signed by the ejbca - could be difficult > or > 2) use your regular x509 cert for ssh authentication - it doesn't look as > though ssh supports this although it's not clear from the man page - would > be a very good feature for ssh though > > I might end up not linking the certificates with ssh ( probably because you can't ) and then do public key retrieval from LDAP. I am glad that I am not the only person who found the man page to be vague...
I will do some more experimenting to see what I can come up with and feedback any interesting finds back to the list. Best Regards -- Gerhardus Geldenhuis
-- 389 users mailing list 389-us...@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/389-users