CVSROOT: /cvs
Module name: src
Changes by: d...@cvs.openbsd.org 2016/11/29 19:57:40
Modified files:
usr.bin/ssh : auth-options.c auth-options.h auth2-pubkey.c
sshd.8
Log message:
When a forced-command appears in both a certificate and an
authorized keys/principals command= restriction, refuse to accept
the certificate unless they are identical.
The previous (documented) behaviour of having the certificate forced-
command override the other could be a bit confused and more error-prone.
Pointed out by Jann Horn of Project Zero; ok dtucker@
