[Bug 1927] New: authorized_credentials (aka authorized_keys for GSSAPI-MIC)

bugzilla-daemon at bugzilla.mindrot.org bugzilla-daemon at bugzilla.mindrot.org
Mon Aug 22 09:59:40 EST 2011


https://bugzilla.mindrot.org/show_bug.cgi?id=1927

             Bug #: 1927
           Summary: authorized_credentials (aka authorized_keys for
                    GSSAPI-MIC)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Kerberos support
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: matthew.nygard.dodd at gmail.com


Created attachment 2076
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2076
Patch against CVS implementing the above.

Gives GSSAPI-MIC the same options capability currently provided for
public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

    %c credential    USER[/INSTANCE]@REALM
    %h homedir       /home/user
    %u username      user
    %n cred name     USER
    %i cred instance INSTANCE
    %r cred realm    REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r
# cat ~git/.ssh/authorized_credentials
command="gitosis-serve %c" */%r

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.


More information about the openssh-bugs mailing list