Bug 2487 - AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs
Summary: AuthorizedPrincipalsCommand should probably document whether it only applies ...
Status: CLOSED WONTFIX
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: Documentation (show other bugs)
Version: -current
Hardware: All All
: P5 enhancement
Assignee: Assigned to nobody
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-11-02 10:41 AEDT by Christoph Anton Mitterer
Modified: 2016-08-02 10:40 AEST (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Christoph Anton Mitterer 2015-11-02 10:41:22 AEDT 
Hey.

AuthorizedPrincipalsCommand is analogous to AuthorizedPrincipalsFile, so I guess it also applies only to CAs that are listed in TrustedUserCAKeys.

Therefore I suggest that the same paragraph from the AuthorizedPrincipalsFile description is added there as well, i.e.:
Note that AuthorizedPrincipalsCommand is only used when authentication proceeds using a CA listed in TrustedUserCAKeys and is not consulted for certification authorities trusted via ~/.ssh/authorized_keys, though the principals= key option offers a similar facility (see sshd(8) for details).


Cheers,
Chris.
Comment 1 Damien Miller 2015-11-02 11:06:01 AEDT 
I don't think it is necessary. The first sentence of the AuthorizedPrincipalsCommand description refers the reader to AuthorizedPrincipalsFile and the entry is long enough already.
Comment 2 Damien Miller 2016-08-02 10:40:58 AEST 
Close all resolved bugs after 7.3p1 release