-
-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New commands (including sync with file, validity management…) #39
Comments
Hi,
Yes, I would prefer this way.
This seems to be redundant to the |
Thanks a lot for your answer. I haven't finished porting everything yet. I'll do it with your comments about |
Hello,
my team has been using ssh-ldap-pubkey for a while, and made lots of changes to it, based on the 0.4.1 version. I'm currently porting these changes to the 1.3.2 version, and I wonder if some of them are worth being merged upstream. I'm aware this tool needs to keep its simplicity, but I'm sure some of these changes can benefit to many people, that's why I'd like to share them. Here is the usage text:
New commands
listall
Without options, lists public keys of all users.
With the
--uid
option, lists all logins which have a public key.With the
--json
option, outputs logins and keys in JSON format. You can use--attrs
if you want to list other attributes. Yes it adds a dependence to json, but it's really useful for admins / bots to have a global view of users and public keys.rm
Same as del, but instead of using a pattern, it uses a file containing the keys to delete. Maybe should we add an option to
del
in order to use a file?sync
Synchronize public keys of a user with a file. If a key is in the file, make sure it is in ldap. If a key is not in the file, delete it from ldap.
The
--purge
option affects the behavior related to key expiration (see below).purge
Delete all key of a user.
New options
--expire=DAYS and --validity=VALIDITY
These options add the support of key expiration. It's an important security feature, and allows to keep track of old expired keys (so they're not used again).
--max=MAX
Limits the number of authorized keys in a file during imports (with add / sync).
Your opinion?
What's your opinion about this? If you think some of this is worth being merged upstream, please tell me how you'd want me to proceed. I can make small patches and PRs in your preferred order if you don't want to include everything in one big patch (it's not that big in fact). If you think some functionality is interesting but should be made differently, please let me know, I'll be happy to rework it.
The text was updated successfully, but these errors were encountered: