Re: Publickey subsystem draft posted

[Jon Bright <jon%siliconcircus.com@localhost>]

(a side not - Brent has sent me the XML source, which I'm currently 
updating to match my earlier mail)

Nicolas Williams wrote:

> I think "from" should be added also (i.e., what source addresses a
> client may use this key from).

Sounds like a good idea.

> Yeah, all restrictions should be standalone attributes.  Those

I've now converted them all to be.

> restrictions which you modeled as values of the "restrict" attributes
> could be standalone attributes with boolean values (or null; if the
> attribute is present, the restriction is on, if not, not).

I've defined them as being null.

> The "subsystem" restriction should go and be replaced by the subsystem
> attribute which should list the sub-systems that a user is allowed to
> start (if the list empty, then none are allowed; if the attribute is
> missing or if the value is "*", then all are allowed).

This doesn't match the "command" attribute, which starts the command 
itself.  Then again, I'm unhappy with that aspect of the "command" 
attribute's behaviour - it raises questions such as When does it start 
the command?, Does it wait for the client to request a pty or run the 
command without one?, etc.  Maybe change "command" to specify a command 
which the user's allowed to execute.  Ideally, change it to specify more 
than one command, but in that case, I'm not sure what could be used as a 
separator.  Maybe allow for more than one command attribute to be set?

--
Jon Bright
Lead Programmer, Silicon Circus Ltd.
http://www.siliconcircus.com