sshca: Do not sign certs for root

We no longer need *root* in the list of authorized principals for user certificates issued by SSHCA.
2025-03-04 19:22:48 -06:00
parent 8f5129cbef
commit b75d83cd32
1 changed files with 0 additions and 1 deletions
--- a/sshca/config.toml
+++ b/sshca/config.toml
@@ -15,7 +15,6 @@ private_key_passphrase_file = "/run/sshca/secrets/user/passphrase/user-ca-key.pa
 [ca.user.group_principals]
 "Server Admins" = [
    "core",
-    "root",
 ]

 [[libvirt]]