docs: clarified how authorized_keys is generated

author: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-01-16 06:46:27 -0500
committer: Chris St. Pierre <chris.a.st.pierre@gmail.com> 2013-01-16 08:01:17 -0500
commit: ef9e257c192e1b67c0a769e51b6b2209fa03a39b (patch)
tree: 308eb94937937082c2791389753ef71d399d887d
parent: d36c663737b3bac277ec8106937cf922775dd0cd (diff)
download: bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.tar.gz
bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.tar.bz2
bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.zip
1 files changed, 14 insertions, 0 deletions
diff --git a/doc/server/plugins/generators/cfg.txt b/doc/server/plugins/generators/cfg.txt
index f41fa10bb..dcaeef4f8 100644
--- a/doc/server/plugins/generators/cfg.txt
+++ b/doc/server/plugins/generators/cfg.txt
@@ -545,6 +545,20 @@ Example
       </Allow>
     </AuthorizedKeys>
 
+.. note::
+
+    ``authorized_keys.xml`` allows you to specify the group whose
+    public key should be allowed.  This retrieves the public key
+    specific to that group (if it exists), *not* the public key for
+    all hosts in that group.  This is due to the performance penalties
+    that would be imposed by that approach.
+
+    Similarly, it is not possible to allow access from all keys for a
+    given user (i.e., at a given path).
+
+    Hopefully, the performance concerns can be resolved in a future
+    release and these features can be added.
+
 Configuration
 -------------
author	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-01-16 06:46:27 -0500
committer	Chris St. Pierre <chris.a.st.pierre@gmail.com>	2013-01-16 08:01:17 -0500
commit	ef9e257c192e1b67c0a769e51b6b2209fa03a39b (patch)
tree	308eb94937937082c2791389753ef71d399d887d
parent	d36c663737b3bac277ec8106937cf922775dd0cd (diff)
download	bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.tar.gz bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.tar.bz2 bcfg2-ef9e257c192e1b67c0a769e51b6b2209fa03a39b.zip