Google ya buga lambar tushe na aikin HIBA (Babban izini na Mai watsa shiri), wanda ke ba da shawarar aiwatar da ƙarin hanyar ba da izini don tsara hanyar samun mai amfani ta hanyar SSH dangane da runduna (duba ko an ba da damar samun takamaiman albarkatu ko a'a lokacin da ake tabbatarwa). ta amfani da maɓallan jama'a). Ana ba da haɗin kai tare da OpenSSH ta hanyar tantance mai kula da HIBA a cikin Umurnin izini na PrincipalsCommand a /etc/ssh/sshd_config. An rubuta lambar aikin a cikin C kuma an rarraba a ƙarƙashin lasisin BSD.
HIBA tana amfani da daidaitattun hanyoyin tantancewa dangane da takaddun shaida na OpenSSH don sassauƙa da daidaita tsarin ikon mai amfani dangane da runduna, amma baya buƙatar canje-canje na lokaci-lokaci zuwa fayilolin_keys da masu izini_users masu izini a gefen runduna waɗanda aka haɗa haɗin. Maimakon adana jerin ingantattun maɓallai na jama'a da damar shiga cikin fayiloli_(maɓallai | masu amfani) masu izini, HIBA tana haɗa bayanai game da ɗaurin mai amfani kai tsaye cikin takaddun shaida da kansu. Musamman, an gabatar da kari don takaddun shaida da takaddun shaida na mai amfani, waɗanda ke adana sigogin runduna da yanayin ba da damar mai amfani.
Ana fara dubawa a gefen mai masaukin baki ta hanyar kiran mai kula da hiba-chk da aka ƙayyade a cikin umarnin da aka ba da izini na PrincipalsCommand. Wannan na'ura mai sarrafawa yana ƙaddamar da haɓakawa da aka haɗa cikin takaddun shaida kuma, bisa su, yana yanke shawara game da bayarwa ko toshe damar shiga. Dokokin shiga an ƙaddara su a tsakiya a matakin takaddun shaida (CA) kuma an haɗa su cikin takaddun shaida a matakin tsarar su.
A gefen cibiyar ba da takaddun shaida, ana kiyaye cikakken jerin abubuwan iko ( runduna waɗanda aka ba da izinin haɗin kai) da jerin masu amfani waɗanda aka ba su izinin amfani da waɗannan ikon. Don samar da takaddun takaddun shaida tare da hadedde bayanai game da takaddun shaida, ana ba da shawarar amfanin hiba-gen, kuma ana haɗa ayyukan da ake buƙata don ƙirƙirar ikon takaddun shaida a cikin rubutun iba-ca.sh.
Lokacin da mai amfani ya haɗa, ikon da aka kayyade a cikin takaddun shaida yana tabbatar da sa hannun dijital na hukumar ba da takaddun shaida, wanda ke ba da damar yin duk cak ɗin gaba ɗaya a gefen mahaɗin da aka yi niyya da shi, ba tare da yin amfani da sabis na waje ba. Jerin maɓallan jama'a na ikon ba da takaddun shaida wanda ke ba da takaddun shaida na SSH an ƙayyade ta hanyar TrustedUserCAKeys umarnin.
Baya ga haɗa masu amfani kai tsaye zuwa runduna, HIBA tana ba ku damar ayyana ƙarin ƙa'idodin samun sauƙi. Misali, ana iya haɗa bayanai kamar wuri da nau'in sabis tare da runduna, kuma lokacin da aka bayyana ƙa'idodin samun damar mai amfani, ana iya ba da haɗin kai ga duk runduna tare da nau'in sabis ɗin da aka bayar ko zuwa ga runduna a ƙayyadadden wuri.
source: budenet.ru