authorized_principals for Kerberos authentication

Friedrich Schaeuffelhut fjs at
Sat Oct 5 04:33:05 AEST 2019


SSH supports ~/.ssh/authorzied_keys for SSH keys and
~/.ssh/authorized_principals for X509 certs.

I could not find an equivalent of authorzied_keys
using Kerberos authentication.

IMHO it should be possible using the Kerberos principal
very much like the principal contained inside a X509

My main use case is assigning a specific command to
a user logging in using Kerberos credentials instead
of an SSH hey.

Before I try and implement a patch, I wanted to ask if
such a solution has been discussed before. Is there
a technical or security related reason that might
prohibit such an implementation?

Best regards
Friedrich Schäuffelhut

More information about the openssh-unix-dev mailing list