bugzilla-daemon at mindrot.org
2002-Jan-25 02:27 UTC
[Bug 78] New: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries
http://bugzilla.mindrot.org/show_bug.cgi?id=78 Summary: Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries Product: Portable OpenSSH Version: 3.0.2p1 Platform: All URL: http://marc.theaimsgroup.com/?l=openssh-unix- dev&m=101189381805982&w=2 OS/Version: All Status: NEW Severity: enhancement Priority: P2 Component: sshd AssignedTo: openssh-unix-dev at mindrot.org ReportedBy: Nicolas.Williams at ubsw.com CC: openssh-unix-dev at mindrot.org This patch adds support for entries in authorized_keys which reference Kerberos principal names, GSI/X.509 certificate names when doing Kerberos or GSS authentication. Also included is support for authorized_keys entries which are patterns matching such names. Also included is support for a new authorized_keys entry option, "deny-access." With this patch sshd also sets environment variables to indicate the client's authenticated name, if a named authorized_keys entry matches. These simple features simplify key management and authorized_keys file management in environments where Kerberos or GSI are in use with OpenSSH (see Simon Wilkinson's patch to OpenSSH that implements the gsskeyex draft). These features represent a much more general authorization system for Kerberos than .klogin or .k5login, and apply to other authentication mechanisms as well (again, GSI/X.509, and, in the future, when direct X.509 support is added to OpenSSH, x.509). These features, or a variation thereof, in OpenSSH, would be greatly appreciated. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. You are on the CC list for the bug, or are watching someone who is.
Reasonably Related Threads
- [Bug 78] Support use of named (krb4, krb5, gsi, x.509) keys in auth_keys entries
- PATCH: krb4/krb5/... names/patterns in auth_keys entries
- [Bug 170] New: Double free() and heap corruption when krb4 auth fails
- Announce: Puppet 2.6.14 Available [security update]
- [ossh patch] principal name/patterns in authorized_keys2