openssh unix dev - Aug 2011 - authorized_credentials patch.

Gives GSSAPI-MIC the same options capability currently provided for 
public key logins by the AuthorizedKeysFile.

Uses krb5_principal_match() to support widcard matches.

Uses percent_expand() to expand tokens for:

	credential	USER[/INSTANCE]@REALM
	homedir		/home/user
	username	user
	cred name	USER
	cred instance	INSTANCE
	cred realm	REALM

My intended application:

# cat ~svn/.ssh/authorized_credentials
command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n" */svn@%r

Enjoy.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-authorized_credentials.patch
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110820/b79fff3f/attachment-0001.ksh>

Naturally right after I sent this out I found a problem involving quoted 
strings.

Updated patch to follow.

On 8/20/11 3:52 PM, Matthew N. Dodd wrote:
> Gives GSSAPI-MIC the same options capability currently provided for
> public key logins by the AuthorizedKeysFile.
>
> Uses krb5_principal_match() to support widcard matches.
>
> Uses percent_expand() to expand tokens for:
>
> credential USER[/INSTANCE]@REALM
> homedir /home/user
> username user
> cred name USER
> cred instance INSTANCE
> cred realm REALM
>
> My intended application:
>
> # cat ~svn/.ssh/authorized_credentials
> command="/usr/bin/svnserve -t -r /var/svn/ --tunnel-user=%n"
*/svn@%r
>
> Enjoy.

On 8/20/11 11:43 PM, Matthew N. Dodd wrote:
> Updated patch to follow.
Attached.

A version of strcspn(3) that dealt with quoted strings would be useful here.
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: openssh-authorized_credentials_1.patch
URL:
<http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20110821/f26cdedf/attachment.ksh>