3428de017a
* Forbid ssh key signing with specified extensions when role allowed_extensions is not set - This is a behaviour change on how we process the allowed_extensions role parameter when it does not contain a value. The previous handling allowed a client to override and specify any extension they requested. - We now require a role to explicitly set this behaviour by setting the parameter to a '*' value which matches the behaviour of other keys such as allowed_users within the role. - No migration of existing roles is provided either, so operators if they truly want this behaviour will need to update existing roles appropriately. |
||
|---|---|---|
| .. | ||
| aws | ||
| cassandra | ||
| consul | ||
| database | ||
| mongodb | ||
| mssql | ||
| mysql | ||
| nomad | ||
| pki | ||
| postgresql | ||
| rabbitmq | ||
| ssh | ||
| totp | ||
| transit | ||