Bug 1927

Summary:

authorized_credentials (aka authorized_keys for GSSAPI-MIC)

Product:

Portable OpenSSH

Reporter:

Matthew N. Dodd <matthew.nygard.dodd>

Component:

Kerberos support

Assignee:

Assigned to nobody <unassigned-bugs>

Status:

NEW ---

Severity:

normal

CC:

dkg, Markus.Kuhn

Priority:

Version:

-current

Hardware:

All

OS:

All

See Also:

https://bugzilla.mindrot.org/show_bug.cgi?id=1326

Attachments:

Description	Flags
Patch against CVS implementing the above.	none
Patch against GIT implementing the above.	none

Description Matthew N. Dodd 2011-08-22 09:59:40 AEST

Created attachment 2076 [details]
Patch against CVS implementing the above.

Gives GSSAPI-MIC the same options capability currently provided for public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

    %c credential    USER[/INSTANCE]@REALM
    %h homedir       /home/user
    %u username      user
    %n cred name     USER
    %i cred instance INSTANCE
    %r cred realm    REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r
# cat ~git/.ssh/authorized_credentials
command="gitosis-serve %c" */%r

Comment 1 Matthew N. Dodd 2015-03-06 06:16:37 AEDT

Created attachment 2562 [details]
Patch against GIT implementing the above.