* ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
* ud-replicate: Also support the imposter dchroot-dsa from the debian
archive. [aba, weasel]
+ * ud-generate: Add support for generation of authorized_keys file on
+ the db host for the sshdist user. This is now possible since
+ ud-replicate clients use their ssh host key to authenticate to the
+ db server. The code now supports this but the feature is still
+ disabled. [aba]
- -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 11:20:06 +0200
+ -- Peter Palfrader <weasel@debian.org> Sat, 17 May 2008 11:25:49 +0200
userdir-ldap (0.3.23) unstable; urgency=low
Done(File,F,None);
# Generate the ssh known hosts file
-def GenSSHKnown(l,File):
+def GenSSHKnown(l,File,mode=None):
F = None;
try:
OldMask = os.umask(0022);
else: IPAdresses += [addr[1]]
for I in x[1]["sshRSAHostKey"]:
- Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
+ if mode and mode == 'authorized_keys':
+ #Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HNames + IPAdresses), I)
+ Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
+ else:
+ Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
Line = Sanitize(Line) + "\n";
F.write(Line);
# Oops, something unspeakable happened.
GenPrivate(l,GlobalDir+"debian-private");
GenDisabledAccounts(l,GlobalDir+"disabled-accounts");
GenSSHKnown(l,GlobalDir+"ssh_known_hosts");
+#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys');
GenHosts(l,GlobalDir+"debianhosts");
GenMailDisable(l,GlobalDir+"mail-disable");
GenMailBool(l,GlobalDir+"mail-greylist","mailGreylisting");