Sumit,
I did see the freeIPA slide deck. It had some good info but seemed a bit dated. I'll look into the referenced man file as well.


-- lawrence 

On Mon, Sep 30, 2019, 11:38 AM Sumit Bose <sbose@redhat.com> wrote:
On Mon, Sep 30, 2019 at 11:25:13AM -0400, Lawrence Kearney wrote:
> A question concerning the following SSSD directives:
>
> ldap_user_ssh_public_key =
> ldap_host_ssh_public_key =
>
> Both default to "sshPublicKey" values, but other than the obvious stated
> use cases (in the directive names and man file entries) I feel I'm missing
> something concerning the " ldap_host_ssh_public_key" directive.
>
> For example, using the default configuration, the SSSD pulls down the
> public key(s) stored for a user stored in the " sshPublicKey" attribute
> using the "/usr/bin/sss_ssh_authorizedkeys" utility. to facilitate access
> to a predetermined set of hosts.
>
> What is the use case for the " ldap_host_ssh_public_key" directive? Is it
> somehow used to store the public Key for a particular host (and why?) and
> does it have any relationship to the "/usr/bin/sss_ssh_knownhostsproxy"
> utility used to centralise (and distribute?) host keys?

Yes, please see man sss_ssh_knownhostsproxy for details. Additionally
there are slides describinf this feature at
https://www.freeipa.org/images/1/10/Freeipa30_SSSD_OpenSSH_integration.pdf.
Although the slides are for FreeIPA the feature itself is not specific
to FreeIPA but can be used with other LDAP servers as well.

HTH

bye,
Sumit

>
>
> Any info would be most useful and as always, thank you!
>
>
> -- lawrence
>
> --
> Lawrence Kearney

> _______________________________________________
> sssd-users mailing list -- sssd-users@lists.fedorahosted.org
> To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
> Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org
_______________________________________________
sssd-users mailing list -- sssd-users@lists.fedorahosted.org
To unsubscribe send an email to sssd-users-leave@lists.fedorahosted.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorahosted.org/archives/list/sssd-users@lists.fedorahosted.org