[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Misc development news (#8)

On Mon, Jun 02, 2008 at 01:48:29AM +0200, Joerg Jaspert wrote:
> On 11403 March 1977, Steve Langasek wrote:
> > So tagging a key as belonging to a particular host is insufficient - we need
> > the full authorized_keys semantics for setting key options (from=, command=,
> > no-port-forwarding, no-X11-forwarding, at least).
> And? You have that already, just add that in front of your key as you
> would normally do. ud-ldap passes it. It really "only" needs the
> "host=gluck,merkel,whatever" addition to also limit it to target hosts
> and then all is there.

Actually, it occurs to me that one can already do a poor-man's version
of the host restriction by making the command option something like:

   command="hostname | grep -q '^\(gluck\|merkel\|whatever\)$' && ~/d-i/d-i-unpack-helper ..."

Then, once the host= feature is available it will be possible to upgrade
to using that in a moment (rather than having to go round tidying up
on each host) -- in fact, if people are consistent in using the above
incantation, we could even tweak them all in LDAP when the feature is added.

Steve, does that address your concerns?

Cheers, Phil.

Reply to: