wildcard authorized principal?
Peter Moody
mindrot at hda3.com
Sun Feb 17 04:01:26 AEDT 2019
I suspect the answer to this is no, but say I have a setup where I
have a server with a shared user account and I want anyone with a
valid cert to be able to use that shared user. Is there a wildcard
AuthorizedPrincipal I can specify in my sshd_config to mean, "any
user"?
Alternatively, is there a way I can see the valid principals that the
incoming cert has in the AuthorizedPrincipalsCommand? It didn't appear
to be possible with the available TOKENS.
I would like to not have to enumerate every possible user because the
posix accounts don't exist on this shared machine and getting a
complete list of principals should be unnecessary considering our
certificate authority has validated the user(s)
Cheers,
peter
More information about the openssh-unix-dev
mailing list