]> Frank Brehm's Git Trees - config/berta/etc.git/commitdiff
projects / config / berta / etc.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 4897ec9)
saving uncommitted changes in /etc prior to emerge run
authorFrank Brehm <frank@brehm-online.com>
Tue, 20 Dec 2016 15:37:48 +0000 (16:37 +0100)
committerFrank Brehm <frank@brehm-online.com>
Tue, 20 Dec 2016 15:37:48 +0000 (16:37 +0100)
.etckeeper patch | blob | history
openldap/schema/openssh-lpk.schema [new file with mode: 0644] patch | blob
ssh/sshd_config patch | blob | history

diff --git a/.etckeeper b/.etckeeper
index c75823c62516d660e3aa8c706da2e47a41c33d68..a8e8396a552b740ab85163986e14a19cb68097ef 100755 (executable)
--- a/.etckeeper
+++ b/.etckeeper
@@ -401,6 +401,7 @@ maybe chmod 0444 'openldap/schema/nis.ldif'
 maybe chmod 0444 'openldap/schema/nis.schema'
 maybe chmod 0444 'openldap/schema/openldap.ldif'
 maybe chmod 0444 'openldap/schema/openldap.schema'
+maybe chmod 0644 'openldap/schema/openssh-lpk.schema'
 maybe chmod 0444 'openldap/schema/pmi.ldif'
 maybe chmod 0444 'openldap/schema/pmi.schema'
 maybe chmod 0444 'openldap/schema/ppolicy.ldif'
diff --git a/openldap/schema/openssh-lpk.schema b/openldap/schema/openssh-lpk.schema
new file mode 100644 (file)
index 0000000..5f5512a
--- /dev/null
+++ b/openldap/schema/openssh-lpk.schema
@@ -0,0 +1,19 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+# 
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' 
+       DESC 'MANDATORY: OpenSSH Public key' 
+       EQUALITY octetStringMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+       DESC 'MANDATORY: OpenSSH LPK objectclass'
+       MUST ( sshPublicKey $ uid ) 
+       )
diff --git a/ssh/sshd_config b/ssh/sshd_config
index 2f728d2d0f24decd046cb0b478f3c1c1f92bf61e..4251be27e9f7a65dab7c38ccf9b00bf65443abfa 100644 (file)
--- a/ssh/sshd_config
+++ b/ssh/sshd_config
@@ -121,6 +121,22 @@ PrintLastLog no
 # no default banner path
 #Banner none
 
+# here are the new patched ldap related tokens
+# entries in your LDAP must have posixAccount & ldapPublicKey objectclass
+#UseLPK yes
+#LpkLdapConf /etc/ldap.conf
+#LpkServers  ldap://10.1.7.1/ ldap://10.1.7.2/
+#LpkUserDN   ou=users,dc=phear,dc=org
+#LpkGroupDN  ou=groups,dc=phear,dc=org
+#LpkBindDN cn=Manager,dc=phear,dc=org
+#LpkBindPw secret
+#LpkServerGroup mail
+#LpkFilter (hostAccess=master.phear.org)
+#LpkForceTLS no
+#LpkSearchTimelimit 3
+#LpkBindTimelimit 3
+#LpkPubKeyAttr sshPublicKey
+
 # override default of no subsystems
 Subsystem      sftp    /usr/lib64/misc/sftp-server
 
Unnamed repository; edit this file 'description' to name the repository.