IETF-SSH archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

Re: Publickey subsystem draft



Our server is file based as well (presence
in the directory authorizes the key for us.)

For add, we autogenerate a name (using the
fingerprint of the key.)

For remove, we iterate through each canidate
file until we find the one that matches, and
then we delete that file.

You'll have to read each key file in the
list file until you find the one that the
user is trying to remove.  I'm not sure whether
you should just remove the entry or whether
you should remove both the entry and the file.

We deliberately avoided assuming a file based
implementation in the draft.  (What if you used
a database to store keys?)

Thanks,

- Joseph

Richard Whalen wrote:
I am looking into implementing the Public-Key Subsystem and I've come across
a bit of a problem that I need to solve before I can continue.

Our implementation is built upon the implementation from SSH.COM.  In this
implementation there is a file that contains a list of the files that
contain the keys, with one key per file.

Implementing the "list" operation is no problem: read the file that contains
the list of key files and then send the information from each key file.

The hard part comes with the "add" and "remove" operations.  Since each key
is stored in a separate file, there needs to be a name for this file.  The
current draft does not contain a "name" for a key that could be used to
specify the file that the key is stored in.

----------------------
Richard Whalen
Process Software
508-879-6994x261






Home | Main Index | Thread Index | Old Index