From 22ef303cdc7b6d5f7de35d3189fbf157093c258e Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Sat, 12 Dec 2020 11:29:02 +0100
Subject: README: use 'restrict' option in authorized_keys(5) snippet.

This is shorter and more future-proof.  Quoting the manual:

    restrict

        Enable all restrictions, i.e. disable port, agent and X11
        forwarding, as well as disabling PTY allocation and execution of
        ~/.ssh/rc.  If any future restriction capabilities are added to
        authorized_keys files they will be included in this set.

Note that this won't work with Jessie's OpenSSH server.
---
 Changelog | 2 ++
 1 file changed, 2 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index 43fbf8f..196c01d 100644
--- a/Changelog
+++ b/Changelog
@@ -23,6 +23,8 @@ interimap (0.5.5) upstream;
    configuration file (the default as of 2.3.11.3), hence running TLS
    tests now require Dovecot 2.3 or later.
  - documentation: simplify SSL options in the sample configuration files.
+ - README: suggest 'restrict,command="/usr/bin/doveadm exec imap"' as
+   authorized_keys(5) options.
 
  -- Guilhem Moulin <guilhem@fripost.org>  Fri, 11 Dec 2020 14:55:53 +0100
 
-- 
cgit v1.2.3