Description
We have an environment with multiple karaf instances deployed, all authenticating SSH connections using the username/password mechanism from a LDAP server. Repeatedly logging into these servers requires copy-pasting passwords from the keychain, which ... well, can lead to leaks and is also annoying after a while. At the same time hosts are is easier with SSH keys, which we also store in LDAP.
I have created a LDAP public-key authentication module to karaf following the file-based PubkeyLoginModule, and I want to contribute it to karaf. Github PR to follow.
To use it one has to use the same JAAS module settings as for LDAPLoginModule, but with class LDAPPubkeyLoginModule and an added configuration option user.pubkey.attribute. Any attribute can be used to store the public key(s), such as the publicKey attribute from objectClass: extensibleObject. You'll find complete examples in tests.