I'm looking at a way of authenticating users connecting to an SSH daemon. There might be some big misunderstanding in what I'm asking about, but from what I know the GSSAPI can be used as an authentication provide开发者_高级运维r backend for the SSH daemon.
Is there any way of providing user's public key that way? I'd like to retain the private/public key authentication scheme, but provide the user details and keys in a specific way from external processes.
Also, is there any GSSAPI guide which provides programming informations? The only guides I've found so far are very low-level protocol descriptions or server configuration guides for admins... while I'm still missing some practical information about how to approach GSSAPI and how to write something using it (or whether this is possible).
Probably you are looking for kerberos with pkinit support.
http://www.ietf.org/rfc/rfc4556.txt
精彩评论