blob: 20e568a07cfee87e047a2fe2aded857a7c926446 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
<xsd:schema xmlns:xsd="http://www.w3.org/2001/XMLSchema"
xmlns:py="http://genshi.edgewall.org/" xml:lang="en">
<xsd:annotation>
<xsd:documentation>
Schema for :ref:`server-plugins-generators-cfg-sshkeys`
``authorizedkeys.xml``
</xsd:documentation>
</xsd:annotation>
<xsd:import namespace="http://genshi.edgewall.org/"
schemaLocation="genshi.xsd"/>
<xsd:complexType name="AuthorizedKeysGroupType">
<xsd:annotation>
<xsd:documentation>
An **AuthorizedKeysGroupType** is a tag used to provide logic.
Child entries of an AuthorizedKeysGroupType tag only apply to
machines that match the condition specified -- either
membership in a group, or a matching client name.
:xml:attribute:`AuthorizedKeysGroupType:negate` can be set to
negate the sense of the match.
</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="1" maxOccurs="unbounded">
<xsd:group ref="py:genshiElements"/>
<xsd:element name="Allow" type="AllowType"/>
<xsd:element name="Group" type="AuthorizedKeysGroupType"/>
<xsd:element name="Client" type="AuthorizedKeysGroupType"/>
<xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/>
</xsd:choice>
<xsd:attribute name='name' type='xsd:string'>
<xsd:annotation>
<xsd:documentation>
The name of the client or group to match on. Child entries
will only apply to this client or group (unless
:xml:attribute:`AuthorizedKeysGroupType:negate` is set).
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name='negate' type='xsd:boolean'>
<xsd:annotation>
<xsd:documentation>
Negate the sense of the match, so that child entries only
apply to a client if it is not a member of the given group
or does not have the given name.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attributeGroup ref="py:genshiAttrs"/>
</xsd:complexType>
<xsd:complexType name="AllowType" mixed="true">
<xsd:annotation>
<xsd:documentation>
Allow access from a public key, given either as text content,
or described by the attributes.
</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:group ref="py:genshiElements"/>
<xsd:element name="Params" type="AuthorizedKeysParamsType"/>
</xsd:choice>
<xsd:attribute name="from" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
The path of the public key to allow.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="group" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Use a public key specific to the given group, instead of the
public key specific to the appropriate category group of the
current client.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="host" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
Use a public key specific to the given host.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attributeGroup ref="py:genshiAttrs"/>
</xsd:complexType>
<xsd:complexType name="AuthorizedKeysParamsType">
<xsd:annotation>
<xsd:documentation>
Specify parameters for public key authentication and
connection. See :manpage:`sshd(8)` for details on allowable
parameters.
</xsd:documentation>
</xsd:annotation>
<xsd:attributeGroup ref="py:genshiAttrs"/>
<xsd:anyAttribute processContents="lax"/>
</xsd:complexType>
<xsd:complexType name="AuthorizedKeysType">
<xsd:annotation>
<xsd:documentation>
Top-level tag for describing a generated SSH key pair.
</xsd:documentation>
</xsd:annotation>
<xsd:choice minOccurs="1" maxOccurs="unbounded">
<xsd:group ref="py:genshiElements"/>
<xsd:element name="Allow" type="AllowType"/>
<xsd:element name="Group" type="AuthorizedKeysGroupType"/>
<xsd:element name="Client" type="AuthorizedKeysGroupType"/>
<xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/>
</xsd:choice>
<xsd:attribute name="lax_decryption" type="xsd:boolean">
<xsd:annotation>
<xsd:documentation>
Override the global lax_decryption setting in
``bcfg2.conf``.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attributeGroup ref="py:genshiAttrs"/>
</xsd:complexType>
<xsd:element name="AuthorizedKeys" type="AuthorizedKeysType"/>
</xsd:schema>
|