openssh unix dev - Apr 2010 - [PATCH] AuthorizedKeysFile: tokens for type and fingerprint

Hello all,
	There are some scenarios where is useful to storage one key per authorized_keys
in an OpenSSH server. This is particularly true in gitosis cases. It manages 
multiple repositories under the same user account and it may have escalation 
problems. In our case, the keys are stored in a MySQL database and queried by a 
fuse application when the authorized file is requested by OpenSSH. Of course we 
wanted to minimized the size of the query response.
	That's why we wrote the attached patch. It allows to use two new tokens in
the
AuthorizedKeysFile sshd_config option:
    * %t, user pubkey type
    * %f, user pubkey fingerprint
So, "AuthorizedKeysFile      ~/%t-%f.pubkey" will look for the key at 
~/RSA-e9:6e:a0:72:c6:a3:29:f6:bd:79:f2:f8:e0:08:b4:14.pubkey.
	Maybe you have your own scenario where this may be useful. It would be nice if 
you put this code in.

thanks, luciano
-------------- next part --------------
A non-text attachment was scrubbed...
Name: fp_token.patch
Type: text/x-diff
Size: 2990 bytes
Desc: not available
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0002.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part.
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20100411/c3e6bfdc/attachment-0003.bin>