by A couple months ago, someone mentioned that there
is an easy way to add login handlers to Solaris.
This started me thinking about integrating ssh
more tightly into Solaris/CDE.
In our environment, user's files are not tightly
secured. It would be silly to use unencrypted
identity files (and depend on the file system
security to keep others from using them). It's
less-than-ideal, however, to have the user login
to the OS and then authenticate again for ssh.
I think it would be quite reasonable to have
ssh-agent and ssh-add run as part of the CDE login
process, though. Thus, when a user logs in, his
ID/password pair would not only be used to
authenticate him to the OS, but it would also be
used to decrypt a default identity file.
With such a system in place, the user would never
even need to know about ssh in order to perform
secure transactions. Encrypted identity files
could even be created/modified as part of
account creation and password modification.
Any thoughts on this? Is it as secure and as
useful as I think? How would it be implemented?
Thank you.
--kyler