openssh bugs - Nov 2015 - [Bug 2487] New: AuthorizedPrincipalsCommand should probably document whether it only applies to TrustedUserCAKeys CAs

https://bugzilla.mindrot.org/show_bug.cgi?id=2487

            Bug ID: 2487
           Summary: AuthorizedPrincipalsCommand should probably document
                    whether it only applies to TrustedUserCAKeys CAs
           Product: Portable OpenSSH
           Version: -current
          Hardware: All
                OS: All
            Status: NEW
          Severity: enhancement
          Priority: P5
         Component: Documentation
          Assignee: unassigned-bugs at mindrot.org
          Reporter: calestyo at scientia.net

Hey.

AuthorizedPrincipalsCommand is analogous to AuthorizedPrincipalsFile,
so I guess it also applies only to CAs that are listed in
TrustedUserCAKeys.

Therefore I suggest that the same paragraph from the
AuthorizedPrincipalsFile description is added there as well, i.e.:
Note that AuthorizedPrincipalsCommand is only used when authentication
proceeds using a CA listed in TrustedUserCAKeys and is not consulted
for certification authorities trusted via ~/.ssh/authorized_keys,
though the principals= key option offers a similar facility (see
sshd(8) for details).


Cheers,
Chris.

-- 
You are receiving this mail because:
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2487

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |djm at mindrot.org
         Resolution|---                         |WONTFIX
             Status|NEW                         |RESOLVED

--- Comment #1 from Damien Miller <djm at mindrot.org> ---
I don't think it is necessary. The first sentence of the
AuthorizedPrincipalsCommand description refers the reader to
AuthorizedPrincipalsFile and the entry is long enough already.

-- 
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.

https://bugzilla.mindrot.org/show_bug.cgi?id=2487

Damien Miller <djm at mindrot.org> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |CLOSED

--- Comment #2 from Damien Miller <djm at mindrot.org> ---
Close all resolved bugs after 7.3p1 release

-- 
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.