ssh + tacacs+ / nis with key based auth

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I am interested to know if there is a way with OpenSSH to authenicate
against an NIS/Tacacs+ server and use key based authentication. I have
found documentation for the commercial ssh software however I cant see
if its possible for OpenSSHd.

Any feedback or recommendations would be greatly appreciated.



Re: ssh + tacacs+ / nis with key based auth

I should actually elaborate on this question a little further.
Currently we authenticate to each server using key based
authentication. That solution works brilliantly for each individual
system on a small scale. However as the company has grown we have got
more and more servers. When a new staff member joins or someone leaves
there is no easy way to go and add/remove users from the system.
Currently it takes around 3hours to add new users to all the systems.
Moving forward we need to centralise the authentication. I am very
familure with using NIS+ as the method of authentication however I am
unable to find any documentation on how to integrate NIS+ / OpenSSH and
keybased authentication.

I have read documentation that says its possible with the commercial
systems but not with the OpenSSH stuff. Can anyone shed some light on
that for me.



Re: ssh + tacacs+ / nis with key based auth

On Mon, 12 Dec 2005 02:45:32 -0800, Johhny wrote:


Quoted text here. Click to load it

Switch to Kerberos (and OpenSSH's GSS-API autentication method) instead
... And just keepon using NIS+ but now for identification and
authorization only. Clients configured to something like the following:

(Probably using pam_krb5 rather then pam_afs for initial login however.)

Quoted text here. Click to load it

You may want to look at this (FWIW: i haven't though): /


Site Timeline