OpenSSH and X.509 Certificate Support
Peter Stuge
stuge-openssh-unix-dev at cdy.org
Thu Mar 13 15:13:42 EST 2008
On Thu, Mar 13, 2008 at 10:17:44AM +0800, Damien Mascord wrote:
> > But on the other hand - how will the certificate->username mapping be
> > done otherwise? (Each cert should only be allowed for one username.)
First a correction; one cert might be allowed for several usernames,
but not neccessarily all usernames.
> Wouldn't you be able to do this with the certificate signature,
> rather than the entire certificate ?
Where is/are username(s) stored? How will sshd match cert with
username once the CA signature has been validated?
//Peter
More information about the openssh-unix-dev
mailing list