+userdir-ldap (0.3.27) unstable; urgency=low
+
+ * Export ssh-keys.tar.gz to [UNTRUSTED] hosts. Since we already export
+ ssh-rsa-shadow this is probably the right thing.
+ * Make keys in the ssh-keys tarball mode 0400 instead of mode 0600.
+
+ -- Peter Palfrader <weasel@debian.org> Mon, 19 May 2008 08:55:28 +0200
+
userdir-ldap (0.3.26) unstable; urgency=low
* ud-replicate: sgran pointed out that if all we care about ignoring is
userlist = GenPasswd(l,OutDir+"passwd",Split[1], "x");
sys.stdout.flush();
grouprevmap = GenGroup(l,OutDir+"group");
- if ExtraList.has_key("[UNTRUSTED]"):
- continue;
- if not ExtraList.has_key("[NOPASSWD]"):
- GenShadow(l,OutDir+"shadow");
# Now we know who we're allowing on the machine, export
# the relevant ssh keys
# to give a shit^W^W^Wcare about the UIDoffset stuff.
to.uname = f
to.gname = grname
- to.mode = 0600
+ to.mode = 0400
tf.addfile(to, file(os.path.join(GlobalDir, 'userkeys', f)))
tf.close()
os.rename(os.path.join(GlobalDir, 'ssh-keys-%s.tar.gz' % CurrentHost),
os.path.join(OutDir, 'ssh-keys.tar.gz'))
+ if ExtraList.has_key("[UNTRUSTED]"):
+ continue;
+ if not ExtraList.has_key("[NOPASSWD]"):
+ GenShadow(l,OutDir+"shadow");
+
# Link in global things
DoLink(GlobalDir,OutDir,"markers");
DoLink(GlobalDir,OutDir,"mail-forward.cdb");