[Da-tools-commits] ./debian/userdir-ldap r400: ud-generate: Add support for generation of authorized_keys file on the db host
Peter Palfrader
peter at palfrader.org
Sat May 17 09:27:06 UTC 2008
------------------------------------------------------------
revno: 400
committer: Peter Palfrader <peter at palfrader.org>
branch nick: userdir-ldap
timestamp: Sat 2008-05-17 11:27:06 +0200
message:
ud-generate: Add support for generation of authorized_keys file on the db host
for the sshdist user. This is now possible since ud-replicate clients use
their ssh host key to authenticate to the db server. The code now supports
this but the feature is still disabled. [aba]
modified:
debian/changelog
ud-generate
------------------------------------------------------------
revno: 349.2.42
committer: Andreas Barth <aba at not.so.argh.org>
branch nick: userdir-ldap-common
timestamp: Fri 2008-05-16 17:40:19 +0000
message:
Add (disabled) generation of authorized_keys
modified:
debian/changelog
ud-generate
-------------- next part --------------
=== modified file 'debian/changelog'
--- a/debian/changelog 2008-05-17 09:22:00 +0000
+++ b/debian/changelog 2008-05-17 09:27:06 +0000
@@ -3,8 +3,13 @@
* ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
* ud-replicate: Also support the imposter dchroot-dsa from the debian
archive. [aba, weasel]
+ * ud-generate: Add support for generation of authorized_keys file on
+ the db host for the sshdist user. This is now possible since
+ ud-replicate clients use their ssh host key to authenticate to the
+ db server. The code now supports this but the feature is still
+ disabled. [aba]
- -- Peter Palfrader <weasel at debian.org> Sat, 17 May 2008 11:20:06 +0200
+ -- Peter Palfrader <weasel at debian.org> Sat, 17 May 2008 11:25:49 +0200
userdir-ldap (0.3.23) unstable; urgency=low
=== modified file 'ud-generate'
--- a/ud-generate 2008-05-14 15:56:01 +0000
+++ b/ud-generate 2008-05-16 17:40:19 +0000
@@ -702,7 +702,7 @@
Done(File,F,None);
# Generate the ssh known hosts file
-def GenSSHKnown(l,File):
+def GenSSHKnown(l,File,mode=None):
F = None;
try:
OldMask = os.umask(0022);
@@ -734,7 +734,11 @@
else: IPAdresses += [addr[1]]
for I in x[1]["sshRSAHostKey"]:
- Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
+ if mode and mode == 'authorized_keys':
+ #Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HNames + IPAdresses), I)
+ Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
+ else:
+ Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
Line = Sanitize(Line) + "\n";
F.write(Line);
# Oops, something unspeakable happened.
@@ -823,6 +827,7 @@
GenPrivate(l,GlobalDir+"debian-private");
GenDisabledAccounts(l,GlobalDir+"disabled-accounts");
GenSSHKnown(l,GlobalDir+"ssh_known_hosts");
+#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys');
GenHosts(l,GlobalDir+"debianhosts");
GenMailDisable(l,GlobalDir+"mail-disable");
GenMailBool(l,GlobalDir+"mail-greylist","mailGreylisting");
More information about the Da-tools-commits
mailing list