Damien Miller djm at
Thu Jan 17 14:14:48 EST 2013

On Tue, 15 Jan 2013, Alan Barrett wrote:

> On Tue, 15 Jan 2013, Damien Miller wrote:
> > You'll have to explain this example more, because it seems to me that this
> > is well within the capabilities of the current AuthorizedKeysCommand.
> Imagine that the result from "select authorized_keys_line from
> database where username = {x}" was so large that you did not
> want to process that much data. Then the ability to say "select
> authorized_keys_line from database where (username = {x} AND key =
> {y})" would be helpful. To be able to take advantage of that, the
> AuthorizedKeysCommand would have to be passed the key as a parameter.

Thanks, that's a good example. Would passing the entire public key on
the commandline be preferable to just passing the fingerprint?


More information about the openssh-unix-dev mailing list