also sprach martin f krafft <madduck@debian.org> [2003.03.11.1944 +0100]:
> > What are you actually trying to *do*?
>
> see my other post.
as it wasn't sent to the list:
because i would like to write a large-scale dyndns method. this
means
that i have a 1:n association between keys and domains that they can
change. administering this in authorized_keys is a pain. it would be
much nicer if i could use the environment for that:
a user dyndns has a shell /usr/local/bin/dns-update which can be
controlled via stdin. now the user just does something like:
echo myzone.com myhost 1.2.3.4 | ssh -i id_dsa.dyndns dyndns@mydns
and on the server side i can use a postgres database to check if the
key used has the right to modify myzone.com. doing this in
authorized_keys for about 700 users is a pain. i could write
a wrapper, sure, but i'd still have about 1000 entries in the
authorized_keys file, for which a flat file is not the best.
moreover, my solution feels less like a hack.
--
Please do not CC me when replying to lists; I read them!
.''`. martin f. krafft <madduck@debian.org>
: :' : proud Debian developer, admin, and user
`. `'`
`- Debian - when you have better things to do than fixing a system
NOTE: The pgp.net keyservers and their mirrors are broken!
Get my key here: http://people.debian.org/~madduck/gpg/330c4a75.asc
Attachment:
pgpTAXhpYgfq3.pgp
Description: PGP signature