>* Per group or per user configurations
>- In addition to per user config files with different authentication
>methods that are provided in OpenSSH and Solaris Secure Shell, the
>commercial SSH products provide a system config file that allows
>definitions of configurations/authentication methods on a per user or
>per group (or per IP address?) basis. Thus, a sys admin can determine
>that Engineering needs to use strong authentication than a Finance user
>based on Userid or IP address, etc. Is there an equiv. set of
>functionality in Solaris Secure Shell?
>I think the answer is no because no such config capability exists in
>OpenSSH.
>* PKI with SSH
>- <customer> uses Verisign and would very much love to obliviate the need for
>the above issue by simply using real digital certificates. They can do
>this in the commercial products, but not in OpenSSH or Solaris Secure
>Shell. We let them know that we had investigated this, but it's not on
>our immediate roadmaps. Can you give any feedback on what the Open
>Source community is doing to add this feature or if there are any
>targetted releases of OpenSSH that would add this capability?
about this:
>* Per group or per user configurations
>- In addition to per user config files with different authentication
>methods that are provided in OpenSSH and Solaris Secure Shell, the
it doesn't belong directly to x509v3 support project. However, even that project could make use of that option for specifying different policies per User/Group. There is an existing CR for resyncing OpenSSH's Match option keyword (6655613).