On 19/09/2022 22:45, Damien Miller wrote:
AFAICT, this allows anyone with*any* user certificate signed by the CA
to authenticate, with or without principals. That's clearly less than
ideal, but at least it was configured explicitly on this account, and
the attack surface is limited to that one particular account.
Right, that's the use-case.
OK, but I don't see how to configure "accept a certificate with no
principals", versus "accept a certificate with *any* set of principals"
openssh-unix-dev mailing list