List contains explicit access rules that have been created for this
user, to server accounts or groups. Access rules that apply through the
user's group memberships are not included (group memberships are
already listed on the page and can be followed for this information),
nor is automatic access to servers with LDAP access included.
The less intrusive options that give most immediate benefit for least
cost are enabled by default:
* Prevent server admins resetting SSH host key
* Block sync if multiple servers have the same SSH host key
An additional option for improved security is included to provide
hostname verification, either based on `hostname -f` or on an explicitly
defined '.hostnames' file.
Resolves: SSH redirection security issue reported by Tobias Josefowitz
of Opera Software
Although our initial assumption is that inactive users would be blocked
by the Apache LDAP configuration, it makes sense to also verify the
status within the application itself (particularly in case the
administrator has not configured LDAP in Apache in this way).
Resolves: #3
PuTTY 0.68 added support for elliptic-curve key types and renamed "SSH-2
RSA" to just "RSA". Updated to reflect this. Also fix the ordering of
our instructions to make more sense.
Moves the automatic changing of account sync status from "proposed" to
"not synced yet" into the add_access function. This prevents the
following sequence from triggering the bug:
1. Request access to non-existent account
2. Grant access manually (not by accepting the access request)
