openssh unix dev - Oct 2010 - About new feature option AuthorizedPrincipalsFile in openssh5.6

hi,all

i've read the openssh5.6 new feature document about new option
AuthorizedPrincipalsFile,and tried to config the sshd_config for a lot
times,but still not succeed.
maybe i am still ambiguously about the document's meaning.
The main problem is i don't know what's the content(or file format) in
the
file that specifed by the  AuthorizedPrincipalsFile option.
could you give me a example file of AuthorizedPrincipalsFile's specify file
or explains the file content in details ?
i would be appreciated if you could give me some help.

On Thu, 14 Oct 2010, lei yuan wrote:
> hi,all
> 
> i've read the openssh5.6 new feature document about new option
> AuthorizedPrincipalsFile,and tried to config the sshd_config for a lot
> times,but still not succeed.
> maybe i am still ambiguously about the document's meaning.
> The main problem is i don't know what's the content(or file format)
in the
> file that specifed by the  AuthorizedPrincipalsFile option.
> could you give me a example file of AuthorizedPrincipalsFile's specify
file
> or explains the file content in details ?
> i would be appreciated if you could give me some help.
Are you using certificate authentication? AuthorizedPrincipalsFile is only
useful with certificates, so if you aren't using them then stop reading
now :)

The format of the file is one certificate principal name per line,
optionally preceeded by key options similar to those in authorized_keys.
For example, the following could be valid lines:

djm
djm at mindrot.org
djm/rsync
from="172.16.0.0/16" djm

and so forth.

If the certificate is valid, and any principal name in
AuthorizedPrincipalsFile matches any principal name in the certificate
and if the key options (if any) do not disallow the line, then the
certificate will be accepted.

-d