You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Cert based authentication (#116)
* test: align CXX Flags
* sshca: Make the implementation more C++ like
Introduce a oslogin_sshca namespace, remove the C de mangling extern.
* sshca: Add a SysLog wrapper
With this patch now we can have a global sys logger having the logging
points present whether the sys logger has been setup/initialized or not.
For unit tests for example we'll not have it initialized rendering into
no-op calls to SysLogErr().
* oslogin_utils: introduce AuthorizeUser() API
The AuthorizeUser() API merges together the authorization operations
for both login and adminLogin authorize policies. This API is meant
to be used in single points of Authorization - where both login &
adminLogin are attempted/processed.
* sshca: move it out of pam dir
As we are moving authorization out of pam modules it makes sense to
have oslogin_sshca.o in the root dir of src side-by-side with
oslogin_utils.o.
* pam: start disabling the use of oslogin_sshca
Start disaging the use of oslogin_sshca in the pam modules.
* sshca: consider sshca API to assume a cert only
In a model using AuthorizedPrincipalsCommand we can handle a ssh cert
only - not having to split and ignore method and algorithm tokens.
* authorized principals: introduce the new command
* authorize keys: update to use new APIs
Update both authorized_keys and authorized_keys_sk to use new sys logger
facilities as well as AuthorizeUser().
* pam modules: remove pam_*_admin and update pam_*_login
pam_oslogin_admin is not required anymore and pam_oslogin_login is
now only responsible to handle 2fa.
* cache_refresh: should be catching by reference.
