2013/3/20 Jan Cholasta <jcholast@redhat.com>
On 20.3.2013 14:02, Pavel Březina wrote:
On 03/20/2013 01:16 PM, Jakub Hrozek wrote:
On Wed, Mar 20, 2013 at 08:12:33AM -0400, Simo Sorce wrote:
On Wed, 2013-03-20 at 10:19 +0100, Pavel Březina wrote:

I'm afraid we support ssh keys only with IPA backend at the moment.

Should we open a RFE to make it available with other backends too ?

This is already part of https://fedorahosted.org/sssd/ticket/1560 it

In the LDAP provider, ldap_user_ssh_public_key has no default value.
Make sshPublicKey the default value for it, so that OpenSSH-LPK support
is enabled by default.

This sounds more like it should work with LDAP provider if you set
ldap_user_ssh_public_key to sshPublicKey.

Yes, it should.

But we don't have any support
whatsoever. We lack sssm_ldap_hostid_init().

This is completely irrelevant for user public keys support.


Jan Cholasta


Thanks for all the messages.
I did add the ldap_user_public_key to sssd.conf, but it doesn't seem to change anything.

In fact, sshPublicKey isn't even requested during the ldap_search_ext/sdap_get_generic_ext_step call.

I tried to find information on IPA backend, but it seems quite unclear what this would be.
Attached is an up-to-date sanitized sssd.conf.

If you have any other insight, I'd be glad to test them or provide additional informations.