sshrsaauthkey is only readble by self. everyone else does not even get to compare it

author Peter Palfrader <peter@palfrader.org>

Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)

committer Peter Palfrader <peter@palfrader.org>

Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)
author Peter Palfrader <peter@palfrader.org>
Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)
committer Peter Palfrader <peter@palfrader.org>
Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)
diff --git a/userdir-ldap-slapd.conf.in b/userdir-ldap-slapd.conf.in

index 6866a0b..2e9041d 100644 (file)
--- a/userdir-ldap-slapd.conf.in
+++ b/userdir-ldap-slapd.conf.in
@@ -33,9 +33,12 @@ access to attrs=c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,bi
  access to attrs=userPassword,sudoPassword,bATVToken
         by * compare
  
+
+
+# readable only by self
  access to attrs=sshrsaauthkey
         by self read
-       by * compare
+       by * none
  
  # debian.org readable, authenticated user readable
  access to attrs=activity-pgp,activity-from,dnsZoneEntry,c,l,loginShell,ircNick,labeledURI,icqUIN,jabberJID,onVacation,birthDate,mailDisableMessage,gender,emailforward,mailCallout,mailGreylisting,mailRBL,mailRHSBL,mailWhitelist,mailContentInspectionAction,mailDefaultOptions
@@ -50,6 +53,7 @@ access to attrs=facsimileTelephoneNumber,telephoneNumber,postalAddress,postalCod
         by dn.regex="uid=.*,ou=users,@@DN@@" read
         by * none
  
+
  # globally readable
  access to *
         by * read
author	Peter Palfrader <peter@palfrader.org>
	Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)
committer	Peter Palfrader <peter@palfrader.org>
	Tue, 1 Jun 2010 15:05:49 +0000 (17:05 +0200)