Giters

cloudflare / cloudflared

Cloudflare Tunnel client (formerly Argo Tunnel)

Home Page:https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

💡 Add option to SSH CA to issue certs with UserPrincipal with full e-mail address

ajvpot opened this issue · comments

commented

Describe the feature you'd like
I would like an option in the SSH Short-Lived Certificates CA settings to sign certs with the full e-mail address of the user as the User Principal

The SSH CA currently signs certificates with the User Principal being the part of the e-mail address before the @ sign. Therefore, an access organization with multiple domains (i.e. using pin based auth with external collaborators) can have namespace conflicts when deciding which user to log in as.

Example: These users map to the same unix username.

jdoe@mycorp.com -> jdoe
jdoe@external.com -> jdoe

Describe alternatives you've considered
Unknown, this is not mentioned in the docs.

Additional context

https://developers.cloudflare.com/cloudflare-one/identity/users/short-lived-certificates/