Merge pull request #4266 from takehaya/T6013-trusted-ca-keys

T6013: Add support for AuthorizedPrincipalsFile to trusted_user_ca_key
author: Christian Breunig <christian@breunig.cc> 2025-05-29 20:16:51 +0200
committer: GitHub <noreply@github.com> 2025-05-29 20:16:51 +0200
commit: 08dc2e56bf4ad487709ec3849fe97ec24d5b35fe (patch)
tree: 9c46650bbe0448accb0fabcf1b980cd598fdebbf /interface-definitions
parent: 2ca38e7c8d2487446d64b3ae945705012a2dc742 (diff)
parent: 4b4bbd73b84c2c478c7752f58e7f66ec6d90459e (diff)
download: vyos-1x-08dc2e56bf4ad487709ec3849fe97ec24d5b35fe.tar.gz
vyos-1x-08dc2e56bf4ad487709ec3849fe97ec24d5b35fe.zip
2 files changed, 19 insertions, 6 deletions
diff --git a/interface-definitions/service_ssh.xml.in b/interface-definitions/service_ssh.xml.in
index 14d358c78..c659a7db7 100644
--- a/interface-definitions/service_ssh.xml.in
+++ b/interface-definitions/service_ssh.xml.in
@@ -275,14 +275,18 @@
               </constraint>
             </properties>
           </leafNode>
-          <node name="trusted-user-ca-key">
+          <leafNode name="trusted-user-ca">
             <properties>
-              <help>Trusted user CA key</help>
+              <help>OpenSSH trusted user CA</help>
+              <completionHelp>
+                <path>pki openssh</path>
+              </completionHelp>
+              <valueHelp>
+                <format>txt</format>
+                <description>OpenSSH certificate name from PKI subsystem</description>
+              </valueHelp>
             </properties>
-            <children>
-              #include <include/pki/ca-certificate.xml.i>
-            </children>
-          </node>
+          </leafNode>
           #include <include/vrf-multi.xml.i>
         </children>
       </node>
diff --git a/interface-definitions/system_login.xml.in b/interface-definitions/system_login.xml.in
index 9865e3d32..a13ba10ea 100644
--- a/interface-definitions/system_login.xml.in
+++ b/interface-definitions/system_login.xml.in
@@ -103,6 +103,15 @@
                       <help>Plaintext password used for encryption</help>
                     </properties>
                   </leafNode>
+                  <leafNode name="principal">
+                    <properties>
+                      <help>Accepted principal names for certificate authentication</help>
+                      <constraint>
+                        #include <include/constraint/login-username.xml.i>
+                      </constraint>
+                      <multi/>
+                    </properties>
+                  </leafNode>
                   <tagNode name="public-keys">
                     <properties>
                       <help>Remote access public keys</help>
author	Christian Breunig <christian@breunig.cc>	2025-05-29 20:16:51 +0200
committer	GitHub <noreply@github.com>	2025-05-29 20:16:51 +0200
commit	08dc2e56bf4ad487709ec3849fe97ec24d5b35fe (patch)
tree	9c46650bbe0448accb0fabcf1b980cd598fdebbf /interface-definitions
parent	2ca38e7c8d2487446d64b3ae945705012a2dc742 (diff)
parent	4b4bbd73b84c2c478c7752f58e7f66ec6d90459e (diff)
download	vyos-1x-08dc2e56bf4ad487709ec3849fe97ec24d5b35fe.tar.gz vyos-1x-08dc2e56bf4ad487709ec3849fe97ec24d5b35fe.zip