About new feature option AuthorizedPrincipalsFile in openssh5.6

Damien Miller djm at mindrot.org
Thu Oct 14 21:47:10 EST 2010

On Thu, 14 Oct 2010, lei yuan wrote:

> hi,all
> i've read the openssh5.6 new feature document about new option
> AuthorizedPrincipalsFile,and tried to config the sshd_config for a lot
> times,but still not succeed.
> maybe i am still ambiguously about the document's meaning.
> The main problem is i don't know what's the content(or file format) in the
> file that specifed by the  AuthorizedPrincipalsFile option.
> could you give me a example file of AuthorizedPrincipalsFile's specify file
> or explains the file content in details ?
> i would be appreciated if you could give me some help.

Are you using certificate authentication? AuthorizedPrincipalsFile is only
useful with certificates, so if you aren't using them then stop reading
now :)

The format of the file is one certificate principal name per line,
optionally preceeded by key options similar to those in authorized_keys.
For example, the following could be valid lines:

djm at mindrot.org
from="" djm

and so forth.

If the certificate is valid, and any principal name in
AuthorizedPrincipalsFile matches any principal name in the certificate
and if the key options (if any) do not disallow the line, then the
certificate will be accepted.


More information about the openssh-unix-dev mailing list