Date: Thu, 16 Nov 2006 08:43:20 -0800 From: "Wolfgang S. Rupprecht" <wolfgang+gnus200611@dailyplanet.dontspam.wsrcc.com> To: freebsd-current@freebsd.org Cc: tech@openbsd.org, openssh-unix-dev@mindrot.org Subject: Re: OpenSSH Certkey (PKI) Message-ID: <87ac2rjqaf.fsf@arbol.wsrcc.com> References: <20061115142820.GB14649@insomnia.benzedrine.cx> <87odr8i53w.fsf@arbol.wsrcc.com> <20061116135627.GA26343@tortuga.leo.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Daniel Lang <dl@leo.org> writes:
> Are you, by any chance, mixing up "known_hosts" and "authorized_keys"?
Oops. I quoted the wrong section. I had meant to quote the section
about the user_certificates. This is what I meant to cite:
+A user certificate is an authorization made by the CA that the
+holder of a specific private key may login to the server as a
+specific user, without the need of an authorized_keys file being
+present. The CA gains the power to grant individual users access
+to the server, and users do no longer need to maintain
+authorized_keys files of their own.
I don't see a problem with the host certificates methodology. (In
fact I'd love to see the known_hosts files fade away as more hosts
transition to using host certificates.)
Thanks,
-wolfgang
--
Wolfgang S. Rupprecht http://www.wsrcc.com/wolfgang/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?87ac2rjqaf.fsf>