By default, SSP would not deal with SSH Public Keys. You can enable or disable this feature with $change_sshkey
:
$change_sshkey = true;
Tip
Note that whenever posting SSH public keys using SSP, any prior existing key would be replaced. If you mean to add public keys, instead of replacing them all, then make sure to post an exhaustive list.
Set the LDAP attribute that should be used storing SSH public keys - defaults to sshPublicKey
:
$change_sshkey_attribute = "sshPublicKey";
Set the LDAP objectClass that defines the attribute. If the objectClass is specified, it is added to the user record if it does not already exist. If the object class is not specified, no check is made - default value is ldapPublicKey
:
$change_sshkey_objectClass = "ldapPublicKey";
You can change the list of key types that would be allowed:
$ssh_valid_key_types = array('ssh-rsa', 'ssh-dss', 'ecdsa-sha2-nistp256', 'ssh-ed25519');
By default, new SSH Public Keys would be written by the user requesting that modification.
If you want the LDAP manager account to edit that attribute, we may instead set the following:
$who_change_sshkey = "manager"
Use this option to send a confirmation mail to the user, just after a successful mail change:
$notify_on_sshkey_change = true;