From b75d83cd325b8213255f752e254a4b1aad47f575 Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Tue, 4 Mar 2025 19:22:48 -0600
Subject: [PATCH] sshca: Do not sign certs for root

We no longer need *root* in the list of authorized principals for user
certificates issued by SSHCA.
---
 sshca/config.toml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/sshca/config.toml b/sshca/config.toml
index 3171fdb..76c414b 100644
--- a/sshca/config.toml
+++ b/sshca/config.toml
@@ -15,7 +15,6 @@ private_key_passphrase_file = "/run/sshca/secrets/user/passphrase/user-ca-key.pa
 [ca.user.group_principals]
 "Server Admins" = [
     "core",
-    "root",
 ]
 
 [[libvirt]]