Bug 2487

Summary: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
Product: Portable OpenSSH Reporter: Christoph Anton Mitterer <calestyo>
Component: DocumentationAssignee: Assigned to nobody <unassigned-bugs>
Status: CLOSED WONTFIX    
Severity: enhancement CC: djm
Priority: P5    
Version: -current   
Hardware: All   
OS: All   

Description Christoph Anton Mitterer 2015-11-02 10:41:22 AEDT 
Hey.

AuthorizedPrincipalsCommand is analogous to AuthorizedPrincipalsFile, so I guess it also applies only to CAs that are listed in TrustedUserCAKeys.

Therefore I suggest that the same paragraph from the AuthorizedPrincipalsFile description is added there as well, i.e.:
Note that AuthorizedPrincipalsCommand is only used when authentication proceeds using a CA listed in TrustedUserCAKeys and is not consulted for certification authorities trusted via ~/.ssh/authorized_keys, though the principals= key option offers a similar facility (see sshd(8) for details).


Cheers,
Chris.
Comment 1 Damien Miller 2015-11-02 11:06:01 AEDT 
I don't think it is necessary. The first sentence of the AuthorizedPrincipalsCommand description refers the reader to AuthorizedPrincipalsFile and the entry is long enough already.
Comment 2 Damien Miller 2016-08-02 10:40:58 AEST 
Close all resolved bugs after 7.3p1 release