forwarded 493874 https://bugzilla.mindrot.org/show_bug.cgi?id=1612 thanks
So i looked into this further. And while gnome-keyring has dubious behavior, it actually correctly reports when it does not support constraints. See the discussion with gnome folks here: https://bugzilla.gnome.org/show_bug.cgi?id=525574 The most serious bug is in ssh-add, which sees the failure to add-key with constraints, and then goes ahead and tries to re-submit the key *without* constraints. I've reported this to openssh upstream, along with a patch: https://bugzilla.mindrot.org/show_bug.cgi?id=1612 they seem to be indicating (via bugzilla bug blocking/dependency trees) that the patch will be incorporated into OpenSSH by version 5.4. --dkg
signature.asc
Description: OpenPGP digital signature
