authorized_principals for Kerberos authentication
Friedrich Schaeuffelhut
fjs at schaeuffelhut-berger.de
Sat Oct 5 04:33:05 AEST 2019
Hello,
SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.
I could not find an equivalent of authorzied_keys
using Kerberos authentication.
IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509
certificate.
My main use case is assigning a specific command to
a user logging in using Kerberos credentials instead
of an SSH hey.
Before I try and implement a patch, I wanted to ask if
such a solution has been discussed before. Is there
a technical or security related reason that might
prohibit such an implementation?
Best regards
Friedrich Schäuffelhut
More information about the openssh-unix-dev
mailing list