diff options
author | Russ Allbery <rra@dropbox.com> | 2016-07-28 01:12:22 -0700 |
---|---|---|
committer | Russ Allbery <rra@dropbox.com> | 2016-07-28 01:40:26 -0700 |
commit | 5f8d20b8e04376252d0cea8f77e4a84c0d0a2262 (patch) | |
tree | 54709dfc258f2a6a9457443e6ba45d68f90c4787 /docs | |
parent | 5dce1ad30db769d0a8ceaaf040df6fa229462d60 (diff) |
Add REMCTL_HOST support to remctl-shell
Also add a warning to the documentation for both remctld and
remctl-shell that this is based on a reverse DNS lookup and isn't
reliable.
Diffstat (limited to 'docs')
-rw-r--r-- | docs/remctl-shell.pod | 30 | ||||
-rw-r--r-- | docs/remctld.pod | 23 |
2 files changed, 34 insertions, 19 deletions
diff --git a/docs/remctl-shell.pod b/docs/remctl-shell.pod index 3e7ac35..af3cfc7 100644 --- a/docs/remctl-shell.pod +++ b/docs/remctl-shell.pod @@ -202,13 +202,11 @@ noted in each description. =over 4 -=item REMOTE_USER - -=item REMUSER +=item REMCTL_COMMAND -[3.12] Set to the value of REMCTL_CLIENT as set in the environment of -B<remctl-shell>. This should be set security via F<authorized_keys> as -discussed above. +[3.12] The command string that caused this command to be run. This +variable will contain only the command, not the subcommand or any +additional arguments (which are passed as command arguments). =item REMOTE_ADDR @@ -223,11 +221,23 @@ meaningful concept for ssh authentication via public key, and regardless is not communicated by B<sshd> to the shell. It is therefore always set to C<0> by B<remctl-shell>. -=item REMCTL_COMMAND +=item REMOTE_HOST -[3.12] The command string that caused this command to be run. This -variable will contain only the command, not the subcommand or any -additional arguments (which are passed as command arguments). +[3.12] The hostname of the remote host, if it was available. If reverse +name resolution failed, this environment variable will not be set. + +This is determined via a simple reverse DNS lookup and should be +considered under the control of the client. remctl commands should treat +it with skepticism and not use it for anything other than logging +purposes. + +=item REMOTE_USER + +=item REMUSER + +[3.12] Set to the value of REMCTL_CLIENT as set in the environment of +B<remctl-shell>. This should be set security via F<authorized_keys> as +discussed above. =back diff --git a/docs/remctld.pod b/docs/remctld.pod index c601043..f10d245 100644 --- a/docs/remctld.pod +++ b/docs/remctld.pod @@ -523,12 +523,11 @@ B<remctld> (annotated with the version at which they were added): =over 4 -=item REMOTE_USER - -=item REMUSER +=item REMCTL_COMMAND -[1.0 for REMUSER, 2.1 for REMOTE_USER] Set to the Kerberos principal of -the authenticated client. +[2.16] The command string that caused this command to be run. This +variable will contain only the command, not the subcommand or any +additional arguments (which are passed as command arguments). =item REMOTE_ADDR @@ -545,11 +544,17 @@ the Kerberos ticket used to authenticate to the server. [2.1] The hostname of the remote host, if it was available. If reverse name resolution failed, this environment variable will not be set. -=item REMCTL_COMMAND +This is determined via a simple reverse DNS lookup and should be +considered under the control of the client. remctl commands should treat +it with skepticism and not use it for anything other than logging +purposes. -[2.16] The command string that caused this command to be run. This -variable will contain only the command, not the subcommand or any -additional arguments (which are passed as command arguments). +=item REMOTE_USER + +=item REMUSER + +[1.0 for REMUSER, 2.1 for REMOTE_USER] Set to the Kerberos principal of +the authenticated client. =back |