[PATCH] allow wildcard matches for principals with CA certs and return all matches when calling find-principals
Brian Candler
b.candler at pobox.com
Tue Jan 25 22:32:30 AEDT 2022
On 25/01/2022 08:54, Fabian Stelzer wrote:
> ssh-keygen -Y find-principals will fail to return any matches if a
> certificate signature is used and the allowed principals file contains a
> wildcard principal (e.g.: *@example.com).
Do you mean the "allowed signers" file, rather than the "allowed
principals" file?
I'm not aware of any wildcard matching in AuthorizedPrincipalsFile, so
that confused me a bit: in other words, I thought "*@example.com" would
only match literally the principal "*@example.com". If that's not true,
I'd like to know more.
More information about the openssh-unix-dev
mailing list