bugzilla-daemon at mindrot.org
2002-Mar-18 07:47 UTC
[Bug 172] Add multiple AuthorizedKeyFiles options
http://bugzilla.mindrot.org/show_bug.cgi?id=172 ------- Additional Comments From alex.kiernan at thus.net 2002-03-18 18:47 ------- Created an attachment (id=48) Multiple AuthorizedKeyFile patch ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Apr-05 22:08 UTC
[Bug 172] Add multiple AuthorizedKeyFiles options
http://bugzilla.mindrot.org/show_bug.cgi?id=172 ------- Additional Comments From mouring at eviladmin.org 2002-04-06 08:08 ------- I would perfer not myself. The reason why we went down to ONE authorization file was to simplify management. Allowing multiple key locations is asking for trouble. How do you handle the case where you have two alike authorization entries with conflicting key options (command=,environment=,etc)? Which one takes priority? First come first serve? No, you should have one spot only. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Apr-09 19:01 UTC
[Bug 172] Add multiple AuthorizedKeyFiles options
http://bugzilla.mindrot.org/show_bug.cgi?id=172 ------- Additional Comments From alex.kiernan at thus.net 2002-04-10 05:00 -------> ------- Additional Comments From mouring at eviladmin.org 2002-04-06 08:08 > ------- > I would perfer not myself. The reason why we went down to ONE authorization > > file was to simplify management. Allowing multiple key locations is > asking for trouble.If this were the default behaviour, I'd agree. It's not. It can be turned on only by deliberate administrator action. We automatically distribute the /var/db/keys-distributed-by-security-team/%u section (and have other evil hacks that allow keys in this location to be owned by a special user - those hacks aren't in the patch). This preserves the principal of least astonishment by seperating out the keys that the security team modify (and potentially clobber) from the keys that the users expect to have control over.> How do you handle the case where you have two alike authorization entries > with > conflicting key options (command=,environment=,etc)? Which one takes > priority? First come first serve?There's already that possibility today - you can have multiple keys which can match in a single file, the first match is the one that gets used.> No, you should have one spot only.Agreed you should have only one by default, but I don't think the flexibility loses you anything. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Apr-17 02:34 UTC
[Bug 172] Add multiple AuthorizedKeyFiles options
http://bugzilla.mindrot.org/show_bug.cgi?id=172 djm at mindrot.org changed: What |Removed |Added ---------------------------------------------------------------------------- Keywords| |help-wanted ------- Additional Comments From djm at mindrot.org 2002-04-17 12:34 ------- If someone comes up with a patch, then we can discuss that. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
bugzilla-daemon at mindrot.org
2002-Apr-17 05:49 UTC
[Bug 172] Add multiple AuthorizedKeyFiles options
http://bugzilla.mindrot.org/show_bug.cgi?id=172 ------- Additional Comments From alex.kiernan at thus.net 2002-04-17 15:49 ------- The patch we have is: http://bugzilla.mindrot.org/showattachment.cgi?attach_id=48 but thats against 3.1p1, I'll update it to against current CVS later today (and fix the man page which I forgot last time around). ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.