readme static principal-files added
This commit is contained in:
parent
fb9da76837
commit
2a528be734
1 changed files with 22 additions and 0 deletions
22
README.rst
22
README.rst
|
@ -247,6 +247,28 @@ what the identity is, try::
|
||||||
from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
|
from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
|
||||||
Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
|
Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
|
||||||
|
|
||||||
|
### parallel use of principals/certificates an pubkeys
|
||||||
|
|
||||||
|
It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
|
||||||
|
public-sshkey in the keydir.
|
||||||
|
|
||||||
|
### static principal-files
|
||||||
|
If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo.
|
||||||
|
Just add::
|
||||||
|
|
||||||
|
AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
|
||||||
|
|
||||||
|
to your sshd_config instead of the "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
|
||||||
|
|
||||||
|
/home/git/.ssh/principals
|
||||||
|
|
||||||
|
Or if you want all of your principal-files in your users homedirectories, you can use::
|
||||||
|
|
||||||
|
AuthorizedPrincipalsFile %h/.ssh/principals
|
||||||
|
|
||||||
|
It belongs to your setup.
|
||||||
|
|
||||||
|
|
||||||
Contact
|
Contact
|
||||||
=======
|
=======
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue