summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDamien Miller <djm@mindrot.org>2012-04-22 11:25:10 +1000
committerDamien Miller <djm@mindrot.org>2012-04-22 11:25:10 +1000
commit8fef9ebbab6bd68d245edbadedd52600a800c09c (patch)
tree941d280c54fc833a3e006766b4e65d1b1c49c363
parent23528816dc10165b3bc009f2ab5fdf1653db418c (diff)
- djm@cvs.openbsd.org 2012/04/12 02:43:55
[sshd_config sshd_config.5] mention AuthorizedPrincipalsFile=none default
-rw-r--r--ChangeLog3
-rw-r--r--sshd_config4
-rw-r--r--sshd_config.56
3 files changed, 10 insertions, 3 deletions
diff --git a/ChangeLog b/ChangeLog
index a8312a5e..5ca22714 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -37,6 +37,9 @@
[servconf.c servconf.h sshd.c sshd_config sshd_config.5]
VersionAddendum option to allow server operators to append some arbitrary
text to the SSH-... banner; ok deraadt@ "don't care" markus@
+ - djm@cvs.openbsd.org 2012/04/12 02:43:55
+ [sshd_config sshd_config.5]
+ mention AuthorizedPrincipalsFile=none default
20120420
- (djm) [contrib/caldera/openssh.spec contrib/redhat/openssh.spec]
diff --git a/sshd_config b/sshd_config
index 99dbd858..ec3ca2af 100644
--- a/sshd_config
+++ b/sshd_config
@@ -1,4 +1,4 @@
-# $OpenBSD: sshd_config,v 1.85 2012/04/12 02:42:32 djm Exp $
+# $OpenBSD: sshd_config,v 1.86 2012/04/12 02:43:55 djm Exp $
# This is the sshd server system-wide configuration file. See
# sshd_config(5) for more information.
@@ -49,6 +49,8 @@
# but this is overridden so installations will only check .ssh/authorized_keys
AuthorizedKeysFile .ssh/authorized_keys
+#AuthorizedPrincipalsFile none
+
# For this to work you will also need host keys in /etc/ssh/ssh_known_hosts
#RhostsRSAAuthentication no
# similar for protocol version 2
diff --git a/sshd_config.5 b/sshd_config.5
index 1522355a..27ee1914 100644
--- a/sshd_config.5
+++ b/sshd_config.5
@@ -33,7 +33,7 @@
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
-.\" $OpenBSD: sshd_config.5,v 1.137 2012/04/12 02:42:32 djm Exp $
+.\" $OpenBSD: sshd_config.5,v 1.138 2012/04/12 02:43:55 djm Exp $
.Dd $Mdocdate: April 12 2012 $
.Dt SSHD_CONFIG 5
.Os
@@ -198,7 +198,9 @@ After expansion,
is taken to be an absolute path or one relative to the user's home
directory.
.Pp
-The default is not to use a principals file \(en in this case, the username
+The default is
+.Dq none ,
+i.e. not to use a principals file \(en in this case, the username
of the user must appear in a certificate's principals list for it to be
accepted.
Note that