Re: Misc development news (#8)
On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote:
> On 11403 March 1977, Steve Langasek wrote:
> > So tagging a key as belonging to a particular host is insufficient - we need
> > the full authorized_keys semantics for setting key options (from=, command=,
> > no-port-forwarding, no-X11-forwarding, at least).
> And? You have that already, just add that in front of your key as you
> would normally do. ud-ldap passes it. It really "only" needs the
> "host=gluck,merkel,whatever" addition to also limit it to target hosts
> and then all is there.
Actually, it occurs to me that one can already do a poor-man's version
of the host restriction by making the command option something like:
command="hostname | grep -q '^\(gluck\|merkel\|whatever\)$' && ~/d-i/d-i-unpack-helper ..."
Then, once the host= feature is available it will be possible to upgrade
to using that in a moment (rather than having to go round tidying up
on each host) -- in fact, if people are consistent in using the above
incantation, we could even tweak them all in LDAP when the feature is added.
Steve, does that address your concerns?