On Tue, 18 Sep 2018, Tim Jones wrote: > Apologies if I'm teaching granny to suck eggs here, or my > understanding of SSH is all wrong. But surely SSH certificates were > only ever intended to be for authentication, not for authorization ? certificates contain several built-in authorisation features (extensions and critical options) and the supporting configuration options AuthorizedPrincipalsFile and AuthorizedPrincipalsCommand are often used to implement authorisation schemes. _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev