thr3ads.net - openssh bugs - [Bug 1927] New: authorized_credentials (aka authorized

If this information is useful, please help other people find it:
Share via:

bugzilla-daemon at bugzilla.mindrot.org

2011-Aug-21 23:59 UTC

[Bug 1927] New: authorized_credentials (aka authorized_keys for GSSAPI-MIC)

https://bugzilla.mindrot.org/show_bug.cgi?id=1927

             Bug #: 1927
           Summary: authorized_credentials (aka authorized_keys for
                    GSSAPI-MIC)
    Classification: Unclassified
           Product: Portable OpenSSH
           Version: 5.8p2
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Kerberos support
        AssignedTo: unassigned-bugs at mindrot.org
        ReportedBy: matthew.nygard.dodd at gmail.com


Created attachment 2076
  --> https://bugzilla.mindrot.org/attachment.cgi?id=2076
Patch against CVS implementing the above.

Gives GSSAPI-MIC the same options capability currently provided for
public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

    %c credential    USER[/INSTANCE]@REALM
    %h homedir       /home/user
    %u username      user
    %n cred name     USER
    %i cred instance INSTANCE
    %r cred realm    REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r
# cat ~git/.ssh/authorized_credentials
command="gitosis-serve %c" */%r

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Aug-29 21:12 UTC

head link

[Bug 1927] authorized_credentials (aka authorized_keys for GSSAPI-MIC)

https://bugzilla.mindrot.org/show_bug.cgi?id=1927

Markus Kuhn <Markus.Kuhn at cl.cam.ac.uk> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |Markus.Kuhn at cl.cam.ac.uk
           See Also|                            |https://bugzilla.mindrot.or
                   |                            |g/show_bug.cgi?id=1326

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

bugzilla-daemon at bugzilla.mindrot.org

2011-Sep-06 14:12 UTC

head link

[Bug 1927] authorized_credentials (aka authorized_keys for GSSAPI-MIC)

https://bugzilla.mindrot.org/show_bug.cgi?id=1927

Daniel Kahn Gillmor <dkg at fifthhorseman.net> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |dkg at fifthhorseman.net

-- 
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.

openssh bugs - Aug 2011 - [Bug 1927] New: authorized_credentials (aka authorized_keys for GSSAPI-MIC)

[Bug 1927] New: authorized_credentials (aka authorized_keys for GSSAPI-MIC)

[Bug 1927] authorized_credentials (aka authorized_keys for GSSAPI-MIC)

[Bug 1927] authorized_credentials (aka authorized_keys for GSSAPI-MIC)