ssh from user to RBAC role

Is ssh'ing from username@host to RBAC-ROLE@hostname a possible and
viable configuration?



I have an id_rsa.pub key in the homedir/.ssh/authorized_keys file for
the role [from the client] yet ssh fails to authenticate using the keys
negotiated. [id_rsa authentication is working for user to user on this
host]



I have read : http://opensolaris.org/jive/thread.jspa?messageID=261586
and Darren Moffat's blog at
http://blogs.sun.com/darren/entry/role_enhancements_proposal

Which details a work around as configured below [Allow the role to have
a role of itself]



sysadmin::::type=role;roles=sysadmin;profiles=Primary Administrator

ksmith::::type=normal;roles=sysadmin



Yet ssh fails from user to role, am I missing something here or is it
really currently a unsupported config.



Thanks.



Kev Smith


http://www.espeed.com
CONFIDENTIAL: This e-mail, including its contents and attachments, if any, are
confidential. If you are not the named recipient please notify the sender and
immediately delete it. You may not disseminate, distribute, or forward this
e-mail message or disclose its contents to anybody else. Copyright and any
other intellectual property rights in its contents are the sole property of
eSpeed, Inc and its affiliates.
This e-mail was issued by eSpeed International Limited (eSpeed). eSpeed is a
limited liability company incorporated under the laws of England (company
number 3809189 and VAT registration number 577 406809). eSpeeds registered
office is at 40 Bank Street, Canary Wharf, London E14 5DW. For any issues
arising from this email please reply to the sender.
E-mail transmission cannot be guaranteed to be secure or error-free. The
sender therefore does not accept liability for any errors or omissions in the
contents of this message which arise as a result of e-mail transmission. If
verification is required please request a hard-copy version.
Although we routinely screen for viruses, addressees should check this e-mail
and any attachments for viruses. We make no representation or warranty as to
the absence of viruses in this e-mail or any attachments. Please note that to
ensure regulatory compliance and for the protection of our customers and
business, we may monitor and read e-mails sent to and from our server(s).
_______________________________________________
sunmanagers mailing list
sunmanagers@xxxxxxxxxxxxxxx
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

Relevant Pages

  • Re: Basic Authentication + IIS 5 + Windows 2000 + Frontpage 2002 = failure?
    ... This posting is provided “AS IS” with no warranties, and confers no rights. ... |> In my setup, I cannot log in to the local computer, only the domain. ... |>> extra bit added to the configuration of this puzzle, ... |>> authenticate, and can use the local administrator account to ...
    (microsoft.public.inetserver.iis.security)
  • Re: Wireless network w/ SBS
    ... actual do authenticate prior to log in but very late in the start up ... the computer certificate is not installed properly, ... policies are user lever. ... I document are in "Computer Configuration" and NONE of them are in "User ...
    (microsoft.public.windows.server.sbs)
  • [SLE] NewOnList: Virus, Worms, Spam, Spyware - Firewall
    ... - now I use sendmail on the firewall (maybe I switch to ... same for viruses. ... In my situation my wife will have "her" spam using ... But this configuration should also be adapted be usable ...
    (SuSE)
  • Re: Searching child OUs for authentication
    ... Having implemented a similar configuration, I have encountered the same limitation that you refer to. ... I am unable to authenticate users who are outside of a single top-level OU in AD. ... I have a quick question on apache configuration when attempting to ...
    (RedHat)
  • Authenticating using lower case domain/realm
    ... I have successfully configured ubuntu machines to authenticate to a active ... directory running windows 2k. ... The realm is ... krb5-config 1.19 Configuration files for Kerberos Version 5 ...
    (comp.protocols.kerberos)