0sec06 - 1.0
0sec 2006
a private security event for friends
| Speakers | |
|---|---|
|
Andrea Barisani |
|
Rob Holland |
| Schedule | |
|---|---|
| Day | 2 |
| Room | Talk |
| Start time | 22:00 |
| Duration | 01:00 |
| Info | |
| ID | 23 |
| Type | Lecture |
| Track | Talks |
| Language | English |
Messing with OpenSSH Public Key system
from LDAP patch to a cleaner abstraction layer
Once upon a time there was a project named openssh-lpk, aiming to hack public key lookup over LDAP into OpenSSH. The patch did a reasonable job, allowing central administration of users in a LDAP environment. However, having LDAP code in OpenSSH felt wrong and ugly, and a new system was necessary. Abstracting public key lookup would provide a flexible way for quickly allowing arbitrary lookup of keys without compromising OpenSSH code base cleaniness and conformity to strict coding standards.
The talk will cover the current openssh-lpk patch, its benefits and reasons to exist, a first approach for abstracting public keys lookup in a Quick and Dirty (tm) way, followed by a Nice and Clean (tm) approach with a complete abstraction layer. We'll show and debate concepts as well as showing our current code for the three solutions.
openssh-lpk; from egg, to ugly duckling, to swan.