| commit | 0f77874c723845e75b3bb7e2ef137a2fcf364bd6 | |
| author | Kyle J. McKay <mackyle@gmail.com> | |
| Thu, 12 Sep 2013 08:54:47 +0000 (12 01:54 -0700) | ||
| committer | Kyle J. McKay <mackyle@gmail.com> | |
| Thu, 12 Sep 2013 08:54:47 +0000 (12 01:54 -0700) | ||
| tree | 1935f312f0b27b1d7be5c30a88dad3a802cdfc72 | treesnapshot (tar.gz zip) |
| parent | 8700d961a6ec47a91defb718834b05b39cc3fcca | commitdiff |
Support new $Girocco::Config::disable_dsa setting
OpenSSH DSA keys are problematic in that ever since OpenSSH version
4.3p1 only 1024 bit DSA keys can be created with ssh-keygen.
Even if a longer DSA key is created (with an older OpenSSH version or
with OpenSSL), the SSH protocol requires use of the SHA-1 hash in the
DSA signature blob so the value of longer DSA keys is of somewhat
questionable value when used with the SSH protocol.
If the new $Girocco::Config::disable_dsa setting is true then both
reguser.cgi and edituser.cgi will prevent DSA keys from being stored.
Pre-existing DSA keys will continue to work regardless of the current
$Girocco::Config::disable_dsa setting since the keys are only prohibited
at reguser.cgi/edituser.cgi time.
OpenSSH DSA keys are problematic in that ever since OpenSSH version
4.3p1 only 1024 bit DSA keys can be created with ssh-keygen.
Even if a longer DSA key is created (with an older OpenSSH version or
with OpenSSL), the SSH protocol requires use of the SHA-1 hash in the
DSA signature blob so the value of longer DSA keys is of somewhat
questionable value when used with the SSH protocol.
If the new $Girocco::Config::disable_dsa setting is true then both
reguser.cgi and edituser.cgi will prevent DSA keys from being stored.
Pre-existing DSA keys will continue to work regardless of the current
$Girocco::Config::disable_dsa setting since the keys are only prohibited
at reguser.cgi/edituser.cgi time.
| Girocco/Config.pm | diffblobblamehistory | |
| Girocco/User.pm | diffblobblamehistory | |
| cgi/edituser.cgi | diffblobblamehistory | |
| cgi/reguser.cgi | diffblobblamehistory |