pam-ussh
pam-ussh copied to clipboard
uber
uber's ssh certificate pam module
I don't work with Go but would like to build this. The description of how to build it seem to be out of date and apply to older versions of...
Make optional requiring that certs contain a principal matching the local username. For backward compatibility, disabling the check of a local-username-principal is opt-in, as doing the opposite would make existing...
I am testing pam-ussh. I am logging in to the target machine as user "web", and my certificate has principals `["web@anywhere" "database@anywhere" "root@anywhere"]`. This works for ssh login because my...
Modified pam_jwt.go to allow x509 compatible issuer, fixed by using strings.SplitN instead of strings.Split: ``` func pamAuthenticate(username string, authToken string, argv []string) (string, var verifyUser bool = true for _,...
Hi, I was trying to find cpe_uri associated with this package in NIST/NVD so that COS (https://cloud.google.com/container-optimized-os/docs) can track security vulnerabilities associated with it. However, based on the search there...
This PR migrates to using `go mod` for managing dependencies by running `go mod init github.com/uber/pam-ussh` and `go mod tidy`.
This PR adds a configuration option to execute a separate command to get a list of authorized principals. It is similar to the [AuthorizedPrincipalsCommand option for sshd](https://man.openbsd.org/sshd_config#AuthorizedPrincipalsCommand). Some of the...
This PR removes the requirement that a username must appear within a certificate's list of principals so long as an explicit set of valid principals is defined. This change was...