pubkey fingerprint and krb princ name in environment
djm at mindrot.org
Tue Dec 30 12:09:30 EST 2014
On Sun, 28 Dec 2014, Johannes L?thberg wrote:
> I use gitolite for git hosting on my server, and because I want to use
> kerberos authentication I patched OpenSSH to put the name of the kerberos
> principal name or the ssh fingerprint as environment variables so my
> ForceCommand script can use them to actually authorize the user by the
Nice - I've written something similar for private use in the past.
The main reason why something like this isn't in sshd already is
that I haven't reworked it to handle multiple authentication.
As of last week, sshd keeps a list of the user public keys that were
used in authentication. This should make implementing the pubkey bit
of this easier...
More information about the openssh-unix-dev