On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote: > On 11403 March 1977, Steve Langasek wrote: > > > So tagging a key as belonging to a particular host is insufficient - we need > > the full authorized_keys semantics for setting key options (from=, command=, > > no-port-forwarding, no-X11-forwarding, at least). > > And? You have that already, just add that in front of your key as you > would normally do. ud-ldap passes it. It really "only" needs the > "host=gluck,merkel,whatever" addition to also limit it to target hosts > and then all is there.
Actually, it occurs to me that one can already do a poor-man's version of the host restriction by making the command option something like: command="hostname | grep -q '^\(gluck\|merkel\|whatever\)$' && ~/d-i/d-i-unpack-helper ..." Then, once the host= feature is available it will be possible to upgrade to using that in a moment (rather than having to go round tidying up on each host) -- in fact, if people are consistent in using the above incantation, we could even tweak them all in LDAP when the feature is added. Steve, does that address your concerns? Cheers, Phil. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
