Re: pubkey fingerprint and krb princ name in environment

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Sun, 28 Dec 2014, Johannes L?thberg wrote:

> Hey,
> 
> I use gitolite for git hosting on my server, and because I want to use
> kerberos authentication I patched OpenSSH to put the name of the kerberos
> principal name or the ssh fingerprint as environment variables so my
> ForceCommand script can use them to actually authorize the user by the
> principal/fingerprint.

Nice - I've written something similar for private use in the past.
The main reason why something like this isn't in sshd already is
that I haven't reworked it to handle multiple authentication.

As of last week, sshd keeps a list of the user public keys that were
used in authentication. This should make implementing the pubkey bit
of this easier...

-d
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux