Re: OpenSSH certified keys

To: Damien Miller <djm%mindrot.org@localhost>
Subject: Re: OpenSSH certified keys
From: Nicolas Williams <Nicolas.Williams%sun.com@localhost>
Date: Tue, 16 Mar 2010 14:31:39 -0500

On Wed, Mar 17, 2010 at 04:19:28AM +1100, Damien Miller wrote:
> "valid principals" is a string containing zero or more principals as
> strings packed inside it. These principals list the names for which this
> certificate is valid; hostnames for SSH_CERT_TYPE_HOST certificates and
> usernames for SSH_CERT_TYPE_USER certificates. As a special case, a
> zero-length "valid principals" field means the certificate is valid for
> any principal of the specified type. XXX DNS wildcards?

Er, can usernames contain @domain qualifiers?  How should usernames
without an @domain qualifier be handled by servers?

Nico
--

Follow-Ups:
- Re: OpenSSH certified keys
  - From: Damien Miller

References:
- OpenSSH certified keys
  - From: Damien Miller

Prev by Date: Re: OpenSSH certified keys
Next by Date: Re: OpenSSH certified keys
Previous by Thread: Re: OpenSSH certified keys
Next by Thread: Re: OpenSSH certified keys
Indexes:

Home | Main Index | Thread Index | Old Index