Documents in NSS


How to install and configure PAM OpenOTP plugin to enable Multifactor authentication on Linux machines 1. Background On Unix-like systems, processes such as the OpenSSH daemon need to authenticate the user and learn a few things about him or her (user ID, home directory, …). Authentication is done through a mechanism called Pluggable Authentication Modules, and retrieving information about users (or even groups, host names, …) is done through another mechanism, called the Name Service Switch.

SpanKey SSH Key Management

1. Workflow SpanKey is a centralised SSH key server for OpenSSH, which stores and maintains SSH public keys in a centralised LDAP directory (i.e. Active Directory). With SpanKey one can distribute, renew and revoke SSH keys without needing to maintain our touch the authorized keys files. Instead, SpanKey agent is deployed on hosts and logging in user public keys are then fetched ondemand. SpanKey server provides per-host access controls with “server tagging”, LDAP access groups, central Web based management with RCDevs WebADM console, support for shared account and privileged (master keys) access, use of recovery keys as well as automated public key renewal workflow (via Web Self-Services).