On Sun, 28 Dec 2014, Johannes L?thberg wrote: > Hey, > > I use gitolite for git hosting on my server, and because I want to use > kerberos authentication I patched OpenSSH to put the name of the kerberos > principal name or the ssh fingerprint as environment variables so my > ForceCommand script can use them to actually authorize the user by the > principal/fingerprint. Nice - I've written something similar for private use in the past. The main reason why something like this isn't in sshd already is that I haven't reworked it to handle multiple authentication. As of last week, sshd keeps a list of the user public keys that were used in authentication. This should make implementing the pubkey bit of this easier... -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev