aws iam isn't open to managing resource outside of aws
https://github.com/denismo/aws-iam-ldap-bridge/blob/master/INSTALL.md was the closest i found and seemed like a giant hac
https://code.google.com/p/openssh-lpk/ - patching openssh to store keys
The OpenSSH LDAP Public Key patch provides an easy way of centralizing strong user authentication by using an LDAP server for retrieving public keys instead of ~/.ssh/authorized_keys.
google authenticator has a cool pam module.. but i need soln that less trendy, more practical
https://code.google.com/p/google-authenticator/wiki/PamModuleInstructions
using ldap to centralize account information and using a configuration management tool like chef or puppet to distribute authorized_keys file doesn't seem to allow for the granularity required. Need to be able to limit which users can access which hosts without complicated exception rules in configuration management tool
http://serverfault.com/questions/471753/what-are-best-practices-for-managing-ssh-keys-in-a-team
Arrived at freeipa.
0 comments:
Post a Comment