Community Contribution License

All community contributions in this pull request are licensed to the project maintainers
under the terms of the Apache 2 license.
By creating this pull request I represent that I have the right to license the
contributions to the project maintainers under the Apache 2 license.

Description

This PR introduces public key authentication for LDAP users in the SFTP driver.
The public key attribute can be included in the users dn attributes using MC:

$ mc idp ldap update [ALIAS] user_dn_attributes=sshPublicKey

More information about the LDAP implementation can be found within this PR: #19758

This PR also includes a new cli parameter for sftp which lets the operator disable password authentication.

--sftp="disable-password-auth=true"

Additionally, we are experimenting with new suffixes for SFTP authentication. In order to force service account or ldap authentication the user can authenticate with =ldap or =svc as suffixes to their usernames.

$ scp -P [port] -i [public_key] [file] [user=ldap]@[minio]:/[bucket]
$ scp -P [port] -i [public_key] [file] [user=svc]@[minio]:/[bucket]

Motivation and Context

How to test this PR?

This repository: https://github.com/minio/minio-iam-testing includes an ldap setup with sftp keys.
Once configured, simply create a bucket and then upload a file using scp:

$ scp -P [port] -i [public_key] [file] [user]@[minio]:/[bucket]

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Optimization (provides speedup with no functional changes)
• Breaking change (fix or feature that would cause existing functionality to change)

Checklist:

• Fixes a regression (If yes, please add commit-id or PR # here)
• Unit tests added/updated
• Internal documentation updated
• Create a documentation update request here