Dustin
f83cea50e9
The `TrustedUserCAKeys` setting for *sshd(8)* tells the server to accept any certificates signed by keys listed in the specified file. The authenticating username has to match one of the principals listed in the certificate, of course. This role is applied to all machines, via the `base.yml` playbook. Certificates issued by the user CA managed by SSHCA will therefore be trusted everywhere. This brings us one step closer to eliminating the dependency on Active Directory/Samba. |
||
|---|---|---|
| .. | ||
| defaults | ||
| files | ||
| tasks | ||