Bug 1927 - authorized_credentials (aka authorized_keys for GSSAPI-MIC)
Summary: authorized_credentials (aka authorized_keys for GSSAPI-MIC)
Status: NEW
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Kerberos support (show other bugs)
Version: -current
Hardware: All All
: P2 normal
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-22 09:59 AEST by Matthew N. Dodd
Modified: 2015-03-06 06:16 AEDT (History)
2 users (show)

See Also:

Attachments
Patch against CVS implementing the above. (13.93 KB, application/octet-stream)
2011-08-22 09:59 AEST, Matthew N. Dodd 		no flags Details
Patch against GIT implementing the above. (13.55 KB, patch)
2015-03-06 06:16 AEDT, Matthew N. Dodd 		no flags Details | Diff
Show Obsolete (1) View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Matthew N. Dodd 2011-08-22 09:59:40 AEST 
Created attachment 2076 [details]
Patch against CVS implementing the above.

Gives GSSAPI-MIC the same options capability currently provided for public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

    %c credential    USER[/INSTANCE]@REALM
    %h homedir       /home/user
    %u username      user
    %n cred name     USER
    %i cred instance INSTANCE
    %r cred realm    REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r
# cat ~git/.ssh/authorized_credentials
command="gitosis-serve %c" */%r
Comment 1 Matthew N. Dodd 2015-03-06 06:16:37 AEDT 
Created attachment 2562 [details]
Patch against GIT implementing the above.