upstream commit

add AuthorizedPrincipalsCommand that allows getting authorized_principals from a subprocess rather than a file, which is quite useful in deployments with large userbases feedback and ok markus@ Upstream-ID: aa1bdac7b16fc6d2fa3524ef08f04c7258d247f6
author: djm@openbsd.org <djm@openbsd.org> 2015-05-21 06:43:30 +0000
committer: Damien Miller <djm@mindrot.org> 2015-05-21 16:45:46 +1000
commit: bcc50d816187fa9a03907ac1f3a52f04a52e10d1 (patch)
tree: 7fee32fe8c063a24674a37aad34e4b381d995ae5 /sshd_config.5
parent: 24232a3e5ab467678a86aa67968bbb915caffed4 (diff)
1 files changed, 37 insertions, 1 deletions
diff --git a/sshd_config.5 b/sshd_config.5
index e40ecedef..884e767b8 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
 .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 .\"
-.\" $OpenBSD: sshd_config.5,v 1.201 2015/05/21 06:38:35 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.202 2015/05/21 06:43:31 djm Exp $
 .Dd $Mdocdate: May 21 2015 $
 .Dt SSHD_CONFIG 5
 .Os
@@ -287,6 +287,42 @@ directory.
 Multiple files may be listed, separated by whitespace.
 The default is
 .Dq .ssh/authorized_keys .ssh/authorized_keys2 .
+.It Cm AuthorizedPrincipalsCommand
+Specifies a program to be used to generate the list of allowed
+certificate principals as per
+.Cm AuthorizedPrincipalsFile .
+The program must be owned by root, not writable by group or others and
+specified by an absolute path.
+.Pp
+Arguments to
+.Cm AuthorizedPrincipalsCommand
+may be provided using the following tokens, which will be expanded
+at runtime: %% is replaced by a literal '%', %u is replaced by the
+username being authenticated and %h is replaced by the home directory
+of the user being authenticated.
+.Pp
+The program should produce on standard output zero or
+more lines of
+.Cm AuthorizedPrincipalsFile
+output.
+If either
+.Cm AuthorizedPrincipalsCommand
+or
+.Cm AuthorizedPrincipalsFile
+is specified, then certificates offered by the client for authentication
+must contain a principal that is listed.
+By default, no AuthorizedPrincipalsCommand is run.
+.It Cm AuthorizedPrincipalsCommandUser
+Specifies the user under whose account the AuthorizedPrincipalsCommand is run.
+It is recommended to use a dedicated user that has no other role on the host
+than running authorized principals commands.
+If
+.Cm AuthorizedPrincipalsCommand
+is specified but
+.Cm AuthorizedPrincipalsCommandUser
+is not, then
+.Xr sshd 8
+will refuse to start.
 .It Cm AuthorizedPrincipalsFile
 Specifies a file that lists principal names that are accepted for
 certificate authentication.
author	djm@openbsd.org <djm@openbsd.org>	2015-05-21 06:43:30 +0000
committer	Damien Miller <djm@mindrot.org>	2015-05-21 16:45:46 +1000
commit	bcc50d816187fa9a03907ac1f3a52f04a52e10d1 (patch)
tree	7fee32fe8c063a24674a37aad34e4b381d995ae5 /sshd_config.5
parent	24232a3e5ab467678a86aa67968bbb915caffed4 (diff)

diff --git a/sshd_config.5 b/sshd_config.5 index e40ecedef..884e767b8 100644 --- a/sshd_config.5 +++ b/sshd_config.5
@@ -33,7 +33,7 @@
33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF	33	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.	34	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
35	.\"	35	.\"
36	.\" $OpenBSD: sshd_config.5,v 1.201 2015/05/21 06:38:35 djm Exp $	36	.\" $OpenBSD: sshd_config.5,v 1.202 2015/05/21 06:43:31 djm Exp $
37	.Dd $Mdocdate: May 21 2015 $	37	.Dd $Mdocdate: May 21 2015 $
38	.Dt SSHD_CONFIG 5	38	.Dt SSHD_CONFIG 5
39	.Os	39	.Os
@@ -287,6 +287,42 @@ directory.
287	Multiple files may be listed, separated by whitespace.	287	Multiple files may be listed, separated by whitespace.
288	The default is	288	The default is
289	.Dq .ssh/authorized_keys .ssh/authorized_keys2 .	289	.Dq .ssh/authorized_keys .ssh/authorized_keys2 .
		290	.It Cm AuthorizedPrincipalsCommand
		291	Specifies a program to be used to generate the list of allowed
		292	certificate principals as per
		293	.Cm AuthorizedPrincipalsFile .
		294	The program must be owned by root, not writable by group or others and
		295	specified by an absolute path.
		296	.Pp
		297	Arguments to
		298	.Cm AuthorizedPrincipalsCommand
		299	may be provided using the following tokens, which will be expanded
		300	at runtime: %% is replaced by a literal '%', %u is replaced by the
		301	username being authenticated and %h is replaced by the home directory
		302	of the user being authenticated.
		303	.Pp
		304	The program should produce on standard output zero or
		305	more lines of
		306	.Cm AuthorizedPrincipalsFile
		307	output.
		308	If either
		309	.Cm AuthorizedPrincipalsCommand
		310	or
		311	.Cm AuthorizedPrincipalsFile
		312	is specified, then certificates offered by the client for authentication
		313	must contain a principal that is listed.
		314	By default, no AuthorizedPrincipalsCommand is run.
		315	.It Cm AuthorizedPrincipalsCommandUser
		316	Specifies the user under whose account the AuthorizedPrincipalsCommand is run.
		317	It is recommended to use a dedicated user that has no other role on the host
		318	than running authorized principals commands.
		319	If
		320	.Cm AuthorizedPrincipalsCommand
		321	is specified but
		322	.Cm AuthorizedPrincipalsCommandUser
		323	is not, then
		324	.Xr sshd 8
		325	will refuse to start.
290	.It Cm AuthorizedPrincipalsFile	326	.It Cm AuthorizedPrincipalsFile
291	Specifies a file that lists principal names that are accepted for	327	Specifies a file that lists principal names that are accepted for
292	certificate authentication.	328	certificate authentication.