readme static principal-files added

This commit is contained in:
Jakobus Schürz 2019-08-02 03:26:48 +02:00
parent fb9da76837
commit 2a528be734

View file

@ -247,6 +247,28 @@ what the identity is, try::
from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos. from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo
### parallel use of principals/certificates an pubkeys
It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
public-sshkey in the keydir.
### static principal-files
If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo.
Just add::
AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
to your sshd_config instead of the "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
/home/git/.ssh/principals
Or if you want all of your principal-files in your users homedirectories, you can use::
AuthorizedPrincipalsFile %h/.ssh/principals
It belongs to your setup.
Contact Contact
======= =======