Home | History | Annotate | only in /src/crypto/external/bsd/openssh/dist
Up to higher level directory
NameDateSize
addr.c08-Apr-202610.2K
addr.h08-Apr-20261.9K
addrmatch.c08-Apr-20264.5K
atomicio.c20-Apr-20194.7K
atomicio.h20-Apr-20192.2K
auth-bsdauth.c08-Apr-20263.7K
auth-krb5.c08-Apr-20268.2K
auth-options.c11-Oct-202523.6K
auth-options.h02-Sep-20213.2K
auth-pam.c26-Mar-202537.2K
auth-pam.h08-Jul-20242K
auth-passwd.c11-Oct-20256.1K
auth-rhosts.c08-Jul-20249.3K
auth-skey.c18-Apr-20172.9K
auth.c08-Apr-202622.2K
auth.h08-Apr-20267.9K
auth2-chall.c19-Apr-20269.7K
auth2-gss.c08-Apr-20269.4K
auth2-hostbased.c08-Apr-20268.5K
auth2-kbdint.c08-Jul-20242.4K
auth2-krb5.c28-Dec-20252.4K
auth2-methods.c08-Jul-20243.6K
auth2-none.c08-Jul-20242.3K
auth2-passwd.c08-Jul-20242.6K
auth2-pubkey.c08-Apr-202625.6K
auth2-pubkeyfile.c08-Apr-202616.8K
auth2.c08-Apr-202622.3K
authfd.c08-Apr-202620.9K
authfd.h08-Apr-20264.2K
authfile.c08-Apr-202612.2K
authfile.h27-Feb-20202.5K
bcrypt_pbkdf.c09-Apr-20265.4K
bitmap.c01-Dec-20244.6K
bitmap.h06-Apr-20182K
blf.h06-Apr-20183.6K
blowfish.c18-Apr-201723.2K
canohost.c08-Apr-20264K
canohost.h18-Apr-2017837
chacha.c25-Oct-20235.4K
chacha.h19-Apr-20211K
channels.c08-Apr-2026148.9K
channels.h08-Apr-202615.9K
cipher-aesctr.c08-Apr-20262.2K
cipher-aesctr.h06-Apr-20181.4K
cipher-chachapoly-libcrypto.c08-Apr-20264.8K
cipher-chachapoly.c25-Oct-20234.1K
cipher-chachapoly.h28-May-20201.6K
cipher-ctr-mt.c27-Jan-201911.2K
cipher.c08-Apr-202613.6K
cipher.h20-Dec-20233.2K
cleanup.c27-Jan-20191.1K
clientloop.c08-Apr-202683.8K
clientloop.h08-Apr-20263.9K
compat.c08-Apr-20265.2K
compat.h28-Jul-20232.6K
crypto_api.h09-Apr-20262.3K
dh.c08-Apr-202615.5K
dh.h19-Apr-20212.7K
digest-libc.c08-Apr-20265.7K
digest-openssl.c05-Mar-20214.8K
digest.h05-Mar-20212.6K
dispatch.c08-Apr-20263.6K
dispatch.h08-Apr-20262K
dns.c08-Apr-20268.9K
dns.h11-Oct-20252.1K
ed25519-openssl.c08-Apr-20265.3K
ed25519.c26-Jul-2023196.9K
ed25519.sh08-Jul-20244.1K
fatal.c05-Mar-20211.9K
fmt_scaled.c27-Jan-20197.4K
fmt_scaled.h04-Feb-2019211
freezero.c06-Apr-20181.1K
getpeereid.c18-Apr-20171.9K
getpeereid.h18-Apr-2017304
getrrsetbyname.c12-Nov-202013.9K
getrrsetbyname.h18-Apr-20173.7K
groupaccess.c09-Apr-20253.4K
groupaccess.h18-Apr-20171.6K
gss-genr.c08-Apr-20268K
gss-serv-krb5.c08-Apr-20265.3K
gss-serv.c08-Apr-202610.6K
hmac.c08-Apr-20265.1K
hmac.h06-Apr-20181.7K
hostfile.c08-Apr-202625.7K
hostfile.h05-Mar-20214.4K
includes.h28-Dec-2025823
kex-names.c08-Apr-20268.3K
kex.c08-Apr-202639.2K
kex.h08-Apr-20269.5K
kexc25519.c24-Sep-20245.8K
kexdh.c08-Apr-20265K
kexecdh.c08-Apr-20265.6K
kexgen.c08-Apr-202610.9K
kexgex.c08-Apr-20263.7K
kexgexc.c08-Apr-20267.1K
kexgexs.c08-Apr-20266.4K
kexmlkem768x25519.c09-Apr-20258.6K
kexsntrup761x25519.c24-Sep-20247.3K
krl.c08-Apr-202635.8K
krl.h08-Apr-20262.7K
ldapauth.c14-Aug-202115.9K
ldapauth.h14-Aug-20214.5K
libcrux_mlkem768_sha3.h08-Apr-2026417.7K
LICENCE07-Jul-20239.1K
log.c08-Apr-202615.9K
log.h09-Apr-20257.1K
lpk-user-example.txt21-Nov-20103.7K
mac.c08-Apr-20267.1K
mac.h08-Apr-20262K
match.c24-Sep-20249.6K
match.h04-Dec-20201.3K
md-sha256.c18-Apr-20172.1K
misc-agent.c08-Apr-20268.6K
misc.c08-Apr-202666.4K
misc.h08-Apr-20269.9K
mlkem768.sh08-Apr-20266.4K
moduli26-Oct-2023573.3K
moduli-gen/08-Apr-2026
moduli.525-Oct-20234.7K
moduli.c08-Apr-202619.3K
monitor.c08-Apr-202656.6K
monitor.h08-Apr-20264.4K
monitor_fdpass.c08-Apr-20264.1K
monitor_fdpass.h18-Apr-20171.6K
monitor_wrap.c08-Apr-202633.4K
monitor_wrap.h08-Apr-20264.6K
msg.c08-Apr-20262.8K
msg.h18-Apr-20171.5K
mux.c08-Apr-202666.1K
myproposal.h08-Apr-20264.1K
namespace.h03-Sep-20213.7K
nchan.c08-Apr-202611.8K
nchan.ms25-Dec-20163.9K
nchan2.ms25-Dec-20163.4K
openssh-lpk_openldap.schema21-Nov-2010537
openssh-lpk_sun.schema21-Nov-2010609
OVERVIEW20-Apr-20196.2K
packet.c08-Apr-202682.5K
packet.h08-Apr-20267.5K
pathnames.h11-Oct-20255.8K
pfilter.c02-Aug-2024934
pfilter.h06-Apr-2018118
pkcs11.h11-Oct-202560.9K
poly1305.c25-Oct-20234.7K
poly1305.h06-Apr-2018712
progressmeter.c08-Apr-20267.9K
progressmeter.h20-Apr-20191.5K
PROTOCOL08-Apr-202624.7K
PROTOCOL.agent11-Oct-20254K
PROTOCOL.key08-Jul-20241.6K
PROTOCOL.krl25-Oct-20236.9K
PROTOCOL.mux25-Jun-20248.8K
PROTOCOL.sshsig04-Dec-20203.3K
PROTOCOL.u2f04-Dec-202010.8K
random.h18-Apr-20171.6K
readconf.c08-Apr-2026115.6K
readconf.h08-Apr-202610.1K
README25-Dec-2016917
README.lpk21-Nov-201010.6K
readpass.c08-Apr-20268.5K
readpassphrase.318-Apr-20173.6K
readpassphrase.c27-Jan-20194.6K
readpassphrase.h18-Apr-20172.2K
recallocarray.c09-Apr-20252.5K
rijndael.c08-Apr-202651.7K
rijndael.h23-Feb-20221.7K
scp.111-Oct-20258.8K
scp.c08-Apr-202653.1K
servconf.c08-Apr-2026113.9K
servconf.h08-Apr-202612.9K
serverloop.c08-Apr-202629.3K
serverloop.h07-Oct-20171K
session.c08-Apr-202661.7K
session.h26-Jul-20232.7K
sftp-client.c08-Apr-202678.6K
sftp-client.h08-Apr-20266.5K
sftp-common.c08-Apr-20267.1K
sftp-common.h08-Apr-20262.1K
sftp-glob.c25-Oct-20233.8K
sftp-realpath.c27-Sep-20216K
sftp-server-main.c12-Oct-20191.6K
sftp-server.802-Sep-20215K
sftp-server.c08-Apr-202651K
sftp-usergroup.c25-Oct-20235.8K
sftp-usergroup.h05-Oct-20221.1K
sftp.109-Apr-202517.7K
sftp.c08-Apr-202664.8K
sftp.h18-Apr-20173.4K
sk-api.h05-Oct-20222.8K
sk-usbhid.c11-Oct-202534.8K
smult_curve25519_ref.c18-Apr-20176.8K
sntrup761.c08-Apr-202678K
sntrup761.sh08-Apr-20264.4K
srclimit.c08-Apr-202615.1K
srclimit.h08-Apr-20261.7K
ssh-add.108-Apr-202610.9K
ssh-add.c08-Apr-202627.1K
ssh-agent.111-Oct-20259.1K
ssh-agent.c08-Apr-202667.8K
ssh-ecdsa-sk.c08-Apr-202614.3K
ssh-ecdsa.c08-Apr-202614.2K
ssh-ed25519-sk.c08-Apr-20267.7K
ssh-ed25519.c08-Apr-20268.3K
ssh-gss.h08-Jul-20244.2K
ssh-keygen.108-Apr-202641.2K
ssh-keygen.c08-Apr-2026105.5K
ssh-keyscan.111-Oct-20254.8K
ssh-keyscan.c11-Oct-202518.4K
ssh-keysign.808-Jul-20242.9K
ssh-keysign.c08-Apr-20268.1K
ssh-pkcs11-client.c08-Apr-202612.3K
ssh-pkcs11-helper.828-Jul-20231.8K
ssh-pkcs11-helper.c08-Apr-20267.8K
ssh-pkcs11.c08-Apr-202657.9K
ssh-pkcs11.h08-Apr-20261.9K
ssh-rsa.c08-Apr-202616.4K
ssh-sk-client.c08-Apr-202611.8K
ssh-sk-helper.805-Oct-20221.7K
ssh-sk-helper.c11-Oct-202510.3K
ssh-sk.c24-Sep-202422.5K
ssh-sk.h23-Feb-20222.7K
ssh.108-Apr-202646.6K
ssh.c08-Apr-202676.5K
ssh.h09-Apr-20252.6K
ssh2.h20-Dec-20235.9K
ssh_api.c08-Apr-202615.2K
ssh_api.h26-Aug-20184.4K
ssh_config11-Oct-20251.7K
ssh_config.508-Apr-202670.2K
sshbuf-getput-basic.c08-Apr-202613.1K
sshbuf-getput-crypto.c24-Sep-20244.5K
sshbuf-io.c27-Feb-20202.9K
sshbuf-misc.c08-Apr-20268.1K
sshbuf.c08-Apr-202610.5K
sshbuf.h08-Apr-202614.9K
sshconnect.c08-Apr-202652K
sshconnect.h08-Apr-20263.5K
sshconnect2.c08-Apr-202668.9K
sshd-auth.c08-Apr-202621.4K
sshd-debug.sh09-Apr-20251.4K
sshd-session.c08-Apr-202636.9K
sshd.811-Oct-202531.3K
sshd.c08-Apr-202651K
sshd_config09-Apr-20254.2K
sshd_config.508-Apr-202666.5K
ssherr-libcrypto.c08-Apr-20261.6K
ssherr-nolibcrypto.c08-Apr-2026946
ssherr.c08-Apr-20265.4K
ssherr.h08-Apr-20263.5K
sshkey.c08-Apr-202688.8K
sshkey.h08-Apr-202612K
sshlogin.c08-Apr-20268.5K
sshlogin.h18-Apr-2017851
sshpty.c08-Apr-20265.1K
sshpty.h18-Apr-20171.1K
sshsig.c08-Apr-202629.7K
sshsig.h23-Feb-20224K
sshtty.c18-Apr-20173.1K
ttymodes.c08-Apr-20269.4K
ttymodes.h07-Oct-20174.9K
uidswap.c08-Apr-20265K
uidswap.h26-Aug-2018746
umac.c08-Apr-202645.5K
umac.h23-Feb-20224.6K
umac128.c26-Aug-2018340
utf8.c28-May-20207.1K
utf8.h19-Apr-20211.4K
version.h08-Apr-2026561
xmalloc.c11-Oct-20252.6K
xmalloc.h20-Dec-20231.2K

README

      1 This release of OpenSSH is for OpenBSD systems only.
      2 
      3 Please read
      4 	http://www.openssh.com/portable.html
      5 if you want to install OpenSSH on other operating systems.
      6 
      7 To extract and install this release on your OpenBSD system use:
      8 
      9       # cd /usr/src/usr.bin
     10       # tar xvfz .../openssh-x.y.tgz
     11       # cd ssh
     12       # make obj
     13       # make cleandir
     14       # make depend
     15       # make
     16       # make install
     17       # cp ssh_config sshd_config /etc/ssh
     18 
     19 OpenSSH is a derivative of the original and free ssh 1.2.12 release
     20 by Tatu Ylonen.  Aaron Campbell, Bob Beck, Markus Friedl, Niels
     21 Provos, Theo de Raadt and Dug Song removed many bugs, re-added newer
     22 features and created OpenSSH.  Markus Friedl contributed the support
     23 for SSH protocol versions 1.5 and 2.0.
     24 
     25 See http://www.openssh.com/ for more information.
     26 
     27 $OpenBSD: README,v 1.7 2006/04/01 05:37:46 djm Exp $
     28 $NetBSD: README,v 1.5 2016/12/25 00:07:46 christos Exp $
     29 

README.lpk

      1 OpenSSH LDAP PUBLIC KEY PATCH 
      2 Copyright (c) 2003 Eric AUGE (eau (a] phear.org)
      3 All rights reserved.
      4 
      5 Redistribution and use in source and binary forms, with or without
      6 modification, are permitted provided that the following conditions
      7 are met:
      8 1. Redistributions of source code must retain the above copyright
      9    notice, this list of conditions and the following disclaimer.
     10 2. Redistributions in binary form must reproduce the above copyright
     11    notice, this list of conditions and the following disclaimer in the
     12    documentation and/or other materials provided with the distribution.
     13 3. The name of the author may not be used to endorse or promote products
     14    derived from this software without specific prior written permission.
     15 
     16 THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
     17 IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
     18 OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
     19 IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
     20 INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
     21 NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
     22 DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
     23 THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
     24 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
     25 THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
     26 
     27 purposes of this patch:
     28 
     29 This patch would help to have authentication centralization policy
     30 using ssh public key authentication.
     31 This patch could be an alternative to other "secure" authentication system
     32 working in a similar way (Kerberos, SecurID, etc...), except the fact 
     33 that it's based on OpenSSH and its public key abilities.
     34 
     35 >> FYI: <<
     36 'uid': means unix accounts existing on the current server
     37 'lpkServerGroup:' mean server group configured on the current server ('lpkServerGroup' in sshd_config)
     38 
     39 example schema:
     40 
     41 
     42                                   server1 (uid: eau,rival,toto) (lpkServerGroup: unix)
     43                 ___________      /
     44                /           \ --- - server3 (uid: eau, titi) (lpkServerGroup: unix)
     45               | LDAP Server |    \
     46 	      | eau  ,rival |     server2 (uid: rival, eau) (lpkServerGroup: unix)
     47 	      | titi ,toto  |
     48 	      | userx,....  |         server5 (uid: eau)  (lpkServerGroup: mail)
     49                \___________/ \       /
     50 	                       ----- - server4 (uid: eau, rival)  (no group configured)
     51 			             \
     52 				        etc...
     53 
     54 - WHAT WE NEED :
     55 
     56   * configured LDAP server somewhere on the network (i.e. OpenLDAP)
     57   * patched sshd (with this patch ;)
     58   * LDAP user(/group) entry (look at users.ldif (& groups.ldif)):
     59         User entry:
     60 	- attached to the 'ldapPublicKey' objectclass
     61 	- attached to the 'posixAccount' objectclass
     62 	- with a filled 'sshPublicKey' attribute 
     63 	Example:
     64 		dn: uid=eau,ou=users,dc=cuckoos,dc=net
     65 		objectclass: top
     66 		objectclass: person
     67 		objectclass: organizationalPerson
     68 		objectclass: posixAccount
     69 		objectclass: ldapPublicKey
     70 		description: Eric AUGE Account
     71 		userPassword: blah
     72 		cn: Eric AUGE
     73 		sn: Eric AUGE
     74 		uid: eau
     75 		uidNumber: 1034
     76 		gidNumber: 1
     77 		homeDirectory: /export/home/eau
     78 		sshPublicKey: ssh-dss AAAAB3...
     79 		sshPublicKey: ssh-dss AAAAM5...
     80 
     81 	Group entry:
     82 	- attached to the 'posixGroup' objectclass
     83 	- with a 'cn' groupname attribute
     84 	- with multiple 'memberUid' attributes filled with usernames allowed in this group
     85 	Example:
     86 		# few members
     87 		dn: cn=unix,ou=groups,dc=cuckoos,dc=net
     88 		objectclass: top
     89 		objectclass: posixGroup
     90 		description: Unix based servers group
     91 		cn: unix
     92 		gidNumber: 1002
     93 		memberUid: eau
     94 		memberUid: user1
     95 		memberUid: user2
     96 
     97 
     98 - HOW IT WORKS :
     99 
    100   * without patch
    101   If a user wants to authenticate to log in a server the sshd, will first look for authentication method allowed (RSAauth,kerberos,etc..)
    102   and if RSAauth and tickets based auth fails, it will fallback to standard password authentication (if enabled).
    103 
    104   * with the patch
    105   If a user want to authenticate to log in a server, the sshd will first look for auth method including LDAP pubkey, if the ldappubkey options is enabled.
    106   It will do an ldapsearch to get the public key directly from the LDAP instead of reading it from the server filesystem. 
    107   (usually in $HOME/.ssh/authorized_keys)
    108 
    109   If groups are enabled, it will also check if the user that wants to login is in the group of the server he is trying to log into.
    110   If it fails, it falls back on RSA auth files ($HOME/.ssh/authorized_keys), etc.. and finally to standard password authentication (if enabled).
    111 
    112   7 tokens are added to sshd_config :
    113   # here is the new patched ldap related tokens
    114   # entries in your LDAP must be posixAccount & strongAuthenticationUser & posixGroup
    115   UseLPK yes								# look the pub key into LDAP
    116   LpkServers ldap://10.31.32.5/ ldap://10.31.32.4 ldap://10.31.32.3	# which LDAP server for users ? (URL format)
    117   LpkUserDN  ou=users,dc=foobar,dc=net					# which base DN for users ?
    118   LpkGroupDN ou=groups,dc=foobar,dc=net					# which base DN for groups ? 
    119   LpkBindDN cn=manager,dc=foobar,dc=net					# which bind DN ?
    120   LpkBindPw asecret							# bind DN credidentials
    121   LpkServerGroup agroupname						# the group the server is part of
    122 
    123   Right now i'm using anonymous binding to get public keys, because getting public keys of someone doesn't impersonate him but there is some
    124   flaws you have to take care of.
    125 
    126 - HOW TO INSERT A USER/KEY INTO AN LDAP ENTRY
    127 
    128   * my way (there is plenty :)
    129   - create ldif file (i.e. users.ldif)
    130   - cat ~/.ssh/id_dsa.pub OR cat ~/.ssh/id_rsa.pub OR cat ~/.ssh/identity.pub
    131   - my way in 4 steps :
    132   Example:
    133 
    134   # you add this to the user entry in the LDIF file :
    135   [...]
    136   objectclass: posixAccount
    137   objectclass: ldapPublicKey
    138   [...]
    139   sshPubliKey: ssh-dss AAAABDh12DDUR2...
    140   [...]
    141 
    142   # insert your entry and you're done :)
    143   ldapadd -D balblabla -w bleh < file.ldif 
    144   
    145   all standard options can be present in the 'sshPublicKey' attribute.
    146 
    147 - WHY :
    148 
    149   Simply because, i was looking for a way to centralize all sysadmins authentication, easily,  without completely using LDAP 
    150   as authentication method (like pam_ldap etc..).  
    151   
    152   After looking into Kerberos, SecurID, and other centralized secure authentications systems, the use of RSA and LDAP to get 
    153   public key for authentication allows us to control who has access to which server (the user needs an account and to be in 'strongAuthenticationUser'
    154   objectclass within LDAP and part of the group the SSH server is in). 
    155 
    156   Passwords update are no longer a nightmare for a server farm (key pair passphrase is stored on each user's box and private key is locally encrypted using his passphrase 
    157   so each user can change it as much as he wants). 
    158 
    159   Blocking a user account can be done directly from the LDAP (if sshd is using RSAAuth + ldap only).
    160 
    161 - RULES :  
    162   Entry in the LDAP server must respect 'posixAccount' and 'ldapPublicKey' which are defined in core.schema. 
    163   and the additionnal lpk.schema.
    164 
    165   This patch could allow a smooth transition between standard auth (/etc/passwd) and complete LDAP based authentication 
    166   (pamldap, nss_ldap, etc..).
    167 
    168   This can be an alternative to other (old?/expensive?) authentication methods (Kerberos/SecurID/..).
    169   
    170   Referring to schema at the beginning of this file if user 'eau' is only in group 'unix'
    171   'eau' would ONLY access 'server1', 'server2', 'server3' AND 'server4' BUT NOT 'server5'.
    172   If you then modify the LDAP 'mail' group entry to add 'memberUid: eau' THEN user 'eau' would be able
    173   to log in 'server5' (i hope you got the idea, my english is bad :).
    174 
    175   Each server's sshd is patched and configured to ask the public key and the group infos in the LDAP
    176   server.
    177   When you want to allow a new user to have access to the server parc, you just add him an account on 
    178   your servers, you add his public key into his entry on the LDAP server, it's done. 
    179 
    180   Because sshds are looking public keys into the LDAP directly instead of a file ($HOME/.ssh/authorized_keys).
    181 
    182   When the user needs to change his passphrase he can do it directly from his workstation by changing 
    183   his own key set lock passphrase, and all servers are automatically aware.
    184  
    185   With a CAREFUL LDAP server configuration you could allow a user to add/delete/modify his own entry himself
    186   so he can add/modify/delete himself his public key when needed.
    187 
    188  FLAWS :
    189   LDAP must be well configured, getting the public key of some user is not a problem, but if anonymous LDAP 
    190   allow write to users dn, somebody could replace someuser's public key by its own and impersonate some 
    191   of your users in all your server farm be VERY CAREFUL.
    192   
    193   MITM attack when sshd is requesting the public key, could lead to a compromise of your servers allowing login 
    194   as the impersonnated user.
    195 
    196   If LDAP server is down then, fallback on passwd auth.
    197   
    198   the ldap code part has not been well audited yet.
    199 
    200 - LDAP USER ENTRY EXAMPLES (LDIF Format, look in users.ldif)
    201     --- CUT HERE ---
    202     dn: uid=jdoe,ou=users,dc=foobar,dc=net
    203     objectclass: top
    204     objectclass: person
    205     objectclass: organizationalPerson
    206     objectclass: posixAccount
    207     objectclass: ldapPublicKey
    208     description: My account
    209     cn: John Doe
    210     sn: John Doe
    211     uid: jdoe
    212     uidNumber: 100
    213     gidNumber: 100
    214     homeDirectory: /home/jdoe
    215     sshPublicKey: ssh-dss AAAAB3NzaC1kc3MAAAEBAOvL8pREUg9wSy/8+hQJ54YF3AXkB0OZrXB....
    216     [...]
    217     --- CUT HERE ---
    218 
    219 - LDAP GROUP ENTRY EXAMPLES (LDIF Format, look in groups.ldif)
    220     --- CUT HERE ---
    221     dn: cn=unix,ou=groups,dc=cuckoos,dc=net
    222     objectclass: top
    223     objectclass: posixGroup
    224     description: Unix based servers group
    225     cn: unix
    226     gidNumber: 1002
    227     memberUid: jdoe
    228     memberUid: user1
    229     memberUid: user2
    230     [...]
    231     --- CUT HERE ---
    232 
    233 >> FYI: << 
    234 Multiple 'sshPublicKey' in a user entry are allowed, as well as multiple 'memberUid' attributes in a group entry
    235 
    236 - COMPILING:
    237   1. Apply the patch
    238   2. ./configure --with-your-options --with-ldap=/prefix/to/ldap_libs_and_includes
    239   3. make
    240   4. it's done.
    241 
    242 - BLA :
    243   I hope this could help, and i hope to be clear enough,, or give ideas.  questions/comments/improvements are welcome.
    244   
    245 - TODO :
    246   Redesign differently.
    247 
    248 - DOCS/LINK :
    249   http://pacsec.jp/core05/psj05-barisani-en.pdf
    250   http://fritz.potsdam.edu/projects/openssh-lpk/
    251   http://fritz.potsdam.edu/projects/sshgate/
    252   http://dev.inversepath.com/trac/openssh-lpk
    253   http://lam.sf.net/ ( http://lam.sourceforge.net/documentation/supportedSchemas.htm )
    254 
    255 - CONTRIBUTORS/IDEAS/GREETS :
    256   - Falk Siemonsmeier.
    257   - Jacob Rief.
    258   - Michael Durchgraf.
    259   - frederic peters.
    260   - Finlay dobbie.
    261   - Stefan Fisher.
    262   - Robin H. Johnson.
    263   - Adrian Bridgett.
    264 
    265 - CONTACT :
    266   - Eric AUGE <eau (a] phear.org>
    267   - Andrea Barisani <andrea (a] inversepath.com>
    268