readme static principal-files added
This commit is contained in:
Jakobus Schürz
parent
fb9da76837
commit
2a528be734
1 changed files with 22 additions and 0 deletions
22
README.rst
22
README.rst
|
|
@ -247,6 +247,28 @@ what the identity is, try::
|
|||
from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
|
||||
Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
|
||||
|
||||
### parallel use of principals/certificates an pubkeys
|
||||
|
||||
It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
|
||||
public-sshkey in the keydir.
|
||||
|
||||
### static principal-files
|
||||
If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo.
|
||||
Just add::
|
||||
|
||||
AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
|
||||
|
||||
to your sshd_config instead of the "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
|
||||
|
||||
/home/git/.ssh/principals
|
||||
|
||||
Or if you want all of your principal-files in your users homedirectories, you can use::
|
||||
|
||||
AuthorizedPrincipalsFile %h/.ssh/principals
|
||||
|
||||
It belongs to your setup.
|
||||
|
||||
|
||||
Contact
|
||||
=======
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue