diff options
author | djm@openbsd.org <djm@openbsd.org> | 2016-09-14 05:42:25 +0000 |
---|---|---|
committer | Damien Miller <djm@mindrot.org> | 2016-09-14 15:43:23 +1000 |
commit | e7907c1cb938b96dd33d27c2fea72c4e08c6b2f6 (patch) | |
tree | 67ec2f667bfccee49098e877a9ecfd8746cc23a0 /sshd_config.5 | |
parent | 2b939c272a81c4d0c47badeedbcb2ba7c128ccda (diff) |
upstream commit
add %-escapes to AuthorizedPrincipalsCommand to match those
supported for AuthorizedKeysCommand (key, key type, fingerprint, etc) and a
few more to provide access to the certificate's CA key; 'looks ok' dtucker@
Upstream-ID: 6b00fd446dbebe67f4e4e146d2e492d650ae04eb
Diffstat (limited to 'sshd_config.5')
-rw-r--r-- | sshd_config.5 | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/sshd_config.5 b/sshd_config.5 index a4d1ca000..9e96acf39 100644 --- a/sshd_config.5 +++ b/sshd_config.5 | |||
@@ -33,8 +33,8 @@ | |||
33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF | 33 | .\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF |
34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 34 | .\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
35 | .\" | 35 | .\" |
36 | .\" $OpenBSD: sshd_config.5,v 1.231 2016/09/07 18:39:24 jmc Exp $ | 36 | .\" $OpenBSD: sshd_config.5,v 1.232 2016/09/14 05:42:25 djm Exp $ |
37 | .Dd $Mdocdate: September 7 2016 $ | 37 | .Dd $Mdocdate: September 14 2016 $ |
38 | .Dt SSHD_CONFIG 5 | 38 | .Dt SSHD_CONFIG 5 |
39 | .Os | 39 | .Os |
40 | .Sh NAME | 40 | .Sh NAME |
@@ -304,9 +304,18 @@ specified by an absolute path. | |||
304 | Arguments to | 304 | Arguments to |
305 | .Cm AuthorizedPrincipalsCommand | 305 | .Cm AuthorizedPrincipalsCommand |
306 | may be provided using the following tokens, which will be expanded | 306 | may be provided using the following tokens, which will be expanded |
307 | at runtime: %% is replaced by a literal '%', %u is replaced by the | 307 | at runtime: |
308 | username being authenticated and %h is replaced by the home directory | 308 | %% is replaced by a literal '%', |
309 | of the user being authenticated. | 309 | %u is replaced by the username being authenticated, |
310 | %h is replaced by the home directory of the user being authenticated, | ||
311 | %t is replaced with type of the certificate being offered, | ||
312 | %T with the type of the CA key, | ||
313 | %f is replaced with certificate fingerprint, | ||
314 | %F with the fingerprint of the CA key, | ||
315 | %k is replaced with the full base-64 encoded certificate and | ||
316 | %K is replaced with the base-64 encoded CA key. | ||
317 | If no arguments are specified then the username of the target user | ||
318 | will be supplied. | ||
310 | .Pp | 319 | .Pp |
311 | The program should produce on standard output zero or | 320 | The program should produce on standard output zero or |
312 | more lines of | 321 | more lines of |