commit 1aed65eb27feec505997c98621bdf158f9ab8b99
author Damien Miller <djm@mindrot.org> Thu Mar 04 21:53:35 2010 +1100
committer Damien Miller <djm@mindrot.org> Thu Mar 04 21:53:35 2010 +1100
tree 81c2d0b9aff3c2211388ba00cde544e0618750d2
parent 2befbad9b3c8fc6e4e564c062870229bc722734c

   - djm@cvs.openbsd.org 2010/03/04 10:36:03
     [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
     are trusted to authenticate users (in addition than doing it per-user
     in authorized_keys).

     Add a RevokedKeys option to sshd_config and a @revoked marker to
     known_hosts to allow keys to me revoked and banned for user or host
     authentication.

     feedback and ok markus@

ChangeLog

diff --git a/ChangeLog b/ChangeLog
index 0b5663b..07d4aeb 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -22,6 +22,19 @@
      [key.c]
      use buffer_get_string_ptr_ret() where we are checking the return
      value explicitly instead of the fatal()-causing buffer_get_string_ptr()
+   - djm@cvs.openbsd.org 2010/03/04 10:36:03
+     [auth-rh-rsa.c auth-rsa.c auth.c auth.h auth2-hostbased.c auth2-pubkey.c]
+     [authfile.c authfile.h hostfile.c hostfile.h servconf.c servconf.h]
+     [ssh-keygen.c ssh.1 sshconnect.c sshd_config.5]
+     Add a TrustedUserCAKeys option to sshd_config to specify CA keys that
+     are trusted to authenticate users (in addition than doing it per-user
+     in authorized_keys).
+     
+     Add a RevokedKeys option to sshd_config and a @revoked marker to
+     known_hosts to allow keys to me revoked and banned for user or host
+     authentication.
+     
+     feedback and ok markus@
 
 20100303
  - (djm) [PROTOCOL.certkeys] Add RCS Ident