Firstyear

Yes, because they use a different mechanism. The current linux model assumes you use ssh key auth only for initial login, the pw to sudo.

Yes, but that's using a different mechanism than authentication over ssh. The context here is that the authentication protocols available over SSH and on linux are limited, because linux authentication...

> Secondarily I have no clue whats going on with RS256/ES256 - shouldn't kanidm throw an error if the resource server uses RS256? In case 1 (with ES256) everything seems...

Closing due to inactivity if this is still an issue let us know.

> Incidentally, the [der](https://crates.io/crates/der) crate by RustCrypo is exactly how I would rewrite picky-asn1 / picky-asn1-der today if I had the time for that. Instead, I just recommend using this...

Fantastic! I'll follow up and see what's going on there too. Thanks so much. :)

Actually, even a cursory glance shows most of their protocols are FromBer/Der only. We'd need to look into to writing the encoding side. Part of what brought this up is...

Right now I'm looking at the rust crypto der crate, I think it may be the best option long term then :)

@Superhepper https://github.com/parallaxsecond/rust-tss-esapi/pull/538 pulled them out here.

Of course, go for it!