Bug 1927 - authorized_credentials (aka authorized_keys for GSSAPI-MIC)
Summary: authorized_credentials (aka authorized_keys for GSSAPI-MIC)
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Kerberos support (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-22 09:59 AEST by Matthew N. Dodd
Modified: 2015-03-06 06:16 AEDT (History)
2 users (show)

See Also:


Attachments
Patch against CVS implementing the above. (13.93 KB, application/octet-stream)
2011-08-22 09:59 AEST, Matthew N. Dodd
no flags Details
Patch against GIT implementing the above. (13.55 KB, patch)
2015-03-06 06:16 AEDT, Matthew N. Dodd
no flags Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew N. Dodd 2011-08-22 09:59:40 AEST
Created attachment 2076 [details]
Patch against CVS implementing the above.

Gives GSSAPI-MIC the same options capability currently provided for public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

    %c credential    USER[/INSTANCE]@REALM
    %h homedir       /home/user
    %u username      user
    %n cred name     USER
    %i cred instance INSTANCE
    %r cred realm    REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r
# cat ~git/.ssh/authorized_credentials
command="gitosis-serve %c" */%r
Comment 1 Matthew N. Dodd 2015-03-06 06:16:37 AEDT
Created attachment 2562 [details]
Patch against GIT implementing the above.