readme static principal-files added

2019-08-02 03:26:48 +02:00 · 2019-08-02 03:26:48 +02:00 · 2a528be734
parent fb9da76837
commit 2a528be734
1 changed files with 22 additions and 0 deletions
--- a/README.rst
+++ b/README.rst
@ -247,6 +247,28 @@ what the identity is, try::
 from your principals in the key, only git and gitosis-admin are allowed. You must have at least one of this allowed principals in your key, to get access to your gitosis-served repos.
 Access is only given, if you have one of the allowed principals in your certificate, and your key ID is listed as member in the repo

+### parallel use of principals/certificates an pubkeys
+
+It is possible, to use pubkeys in parallel to these principals from certificates. Just as described above. If you have a user, which has no certificate from your ssh-CA, just add his
+public-sshkey in the keydir.
+
+### static principal-files
+If you don't want to use the AuthorizedPrincipalCommand, you get a statically generated principal-file on each commit of your gitosis-admin repo. 
+Just add::
+    
+    AuthorizedPrincipalsFile /etc/ssh/userprincipals/%u
+
+to your sshd_config instead of the  "Match User git"-section from above, before all of your matching-sections. This file MUST point (use symlinks) to::
+
+    /home/git/.ssh/principals
+
+Or if you want all of your principal-files in your users homedirectories, you can use::
+
+    AuthorizedPrincipalsFile %h/.ssh/principals
+
+It belongs to your setup.
+
+
 Contact
 =======