You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Feature Request:
Currently when specifying CA mode the vault SSH command will use the SSH username as the value for the principals field of the signed user certificate. This precludes the use of the AuthorizedPrincipalsFile SSHD config directive to accept principals that differ from the host user being logged in as.
This can be allowed by adding a valid-principal flag that enables the user to supply the list of valid principals for inclusion in the certificate. When the flag is not specified it can default to using the SSH username.
The text was updated successfully, but these errors were encountered:
Feature Request:
Currently when specifying CA mode the vault SSH command will use the SSH username as the value for the
principalsfield of the signed user certificate. This precludes the use of theAuthorizedPrincipalsFileSSHD config directive to accept principals that differ from the host user being logged in as.This can be allowed by adding a
valid-principalflag that enables the user to supply the list of valid principals for inclusion in the certificate. When the flag is not specified it can default to using the SSH username.The text was updated successfully, but these errors were encountered: