Comment 0 for bug 2031942

Versions of OpenSSH from 8.7p1 to 9.3p1 contain the following code:

                if (*activep && options->authorized_keys_command == NULL)
                        *charptr = xstrdup(str + len);

However, this is executed for both authorized_keys_command and authorized_principals_command. As a result, if authorized_keys_command is set (for instance, if using ec2-instance-connect), any AuthorizedPrincipalsCommand configuration in sshd_config is ignored. This is fixed in 9.4p1 with the attached patch.