Re: Publickey subsystem draft

[Joseph Galbraith <galb-list%vandyke.com@localhost>]

Our server is file based as well (presence
in the directory authorizes the key for us.)

For add, we autogenerate a name (using the
fingerprint of the key.)

For remove, we iterate through each canidate
file until we find the one that matches, and
then we delete that file.

You'll have to read each key file in the
list file until you find the one that the
user is trying to remove.  I'm not sure whether
you should just remove the entry or whether
you should remove both the entry and the file.

We deliberately avoided assuming a file based
implementation in the draft.  (What if you used
a database to store keys?)

Thanks,

- Joseph

Richard Whalen wrote:
> I am looking into implementing the Public-Key Subsystem and I've come across
> a bit of a problem that I need to solve before I can continue.
>
> Our implementation is built upon the implementation from SSH.COM.  In this
> implementation there is a file that contains a list of the files that
> contain the keys, with one key per file.
>
> Implementing the "list" operation is no problem: read the file that contains
> the list of key files and then send the information from each key file.
>
> The hard part comes with the "add" and "remove" operations.  Since each key
> is stored in a separate file, there needs to be a name for this file.  The
> current draft does not contain a "name" for a key that could be used to
> specify the file that the key is stored in.
>
> ----------------------
> Richard Whalen
> Process Software
> 508-879-6994x261