On Thu, 16 Nov 2006, Wolfgang S. Rupprecht wrote:
> +A user certificate is an authorization made by the CA that the
> +holder of a specific private key may login to the server as a
> +specific user, without the need of an authorized_keys file being
> +present. The CA gains the power to grant individual users access
> +to the server, and users do no longer need to maintain
> +authorized_keys files of their own.

User-maintained authorized_keys files tend to be SOX auditing violations
(anyone with access to the account can grant anyone else access with any
notification or audit trail). It also lends itself to abuses where
software/generic accounts tend to accumulate the public keys of all the
developers desktop accounts. The kerberos .k5login file is similarly
problematic. I would love to see a CA-based approach which would solve
both the authentication and authorization pieces in a way that could be
wrapped with proper auditing on the granting of privs, particularly if it
was simple enough that it was widely adopted instead of authorized_keys
even at very small sites.