| Re: Misc development news (#8) |
|
 |
|
 |
|
 |
|
 |
Group: linux.debian.project · Group Profile
Author: Joerg JaspertJoerg Jaspert Date: Jun 1, 2008 16:50
On 11403 March 1977, Steve Langasek wrote:
> So tagging a key as belonging to a particular host is insufficient - we n=
eed
> the full authorized_keys semantics for setting key options (from=3D, comm=
and=3D,
> no-port-forwarding, no-X11-forwarding, at least).
And? You have that already, just add that in front of your key as you
would normally do. ud-ldap passes it. It really "only" needs the
"host=3Dgluck,merkel,whatever" addition to also limit it to target hosts
and then all is there.
> There is a workaround available in the form of "ping weasel, get a symlink
> that lets you do your mirroring thing on gluck", but it's still
> unsatisfactory in that it remains easier for users to do the wrong thing =
by
> giving their single-use keys global rights via LDAP than to coordinate wi=
th
> DSA.
Wrong.
Basically the only technical restriction keys have to pass is that
ssh-keygen -l -f $tmpfile has to be able to parse the lines. And it can
parse those options fine.
=2D-=20
bye, Joerg
#debian.de @ OFTC
(01:38) hui, hier wird sonntags gechattet :)
(01:39) ja, aber nur zwischen 1:35 und 1:45, wenn der Sonntag der 1.=
im Monat ist :)
(01:39) wasn hier los? activity :)
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Joerg Jaspert debian.org>-- Debian Developer
iD8DBQFIQzVYcV7WoH57iskRAvbgAKCE1FjQoXBiNcXg2OzGZJID1fKY7ACeJ64A
wjn8zCXayT1V3sTxnnlMUhk=
=v1wl
-----END PGP SIGNATURE-----
| 
