bostjan at a2o.si
Fri Apr 5 02:52:12 EST 2013
is there a particular reason why this feature is "user" based and not
What I mean is that it works for installation with small number of pubkeys
But imagine i.e. a GitHub scale - all users logging in as user "git". On
each auth request all the keys from database would be fetched and feeded to
Now I am only asking this out of curiosity - was it easier to implement it
the way it currently is?
Currently it executes one external command per auth request.
If we would like a larger scale support, we would need to make it
configurable to support one external command execution per presented pubkey
(user may present multiple pubkeys, of course). Something like:
AuthorizedKeysCommand "/path/to/auth %u %p"
# %p is made up, but it stands for pubkey fingerprint
More information about the openssh-unix-dev