.SH SUBCOMMANDS
-\fBmonkeysphere-authentication\fP takes various subcommands.
-.TP
-.B setup
-Setup the server for Monkeysphere user authentication. `s' may be
-used in place of `setup'.
+\fBmonkeysphere-authentication\fP takes various subcommands:
.TP
.B update-users [ACCOUNT]...
Rebuild the monkeysphere-controlled authorized_keys files. For each
List key IDs trusted by the system to certify user identities. `c'
may be used in place of `list-id-certifiers'.
.TP
+.B help
+Output a brief usage summary. `h' or `?' may be used in place of
+`help'.
+.TP
+.B version
+show version number
+
+Other commands:
+.TP
+.B setup
+Setup the server for Monkeysphere user authentication. This command
+is idempotent and run automatically by the other commands, and should
+therefore not usually need to be run manually. `s' may be used in
+place of `setup'.
+.TP
.B diagnostics
Review the state of the server with respect to authentication. `d'
may be used in place of `diagnostics'.
(multiple gpg arguments need to be quoted). Use this command with
caution, as modifying the authentication sphere keyring can affect ssh
user authentication.
-.TP
-.B help
-Output a brief usage summary. `h' or `?' may be used in place of
-`help'.
-.TP
-.B version
-show version number
.SH SETUP USER AUTHENTICATION
the config file (defaults in parentheses):
.TP
MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeysphere).
+User to control authentication keychain. (monkeysphere)
.TP
MONKEYSPHERE_LOG_LEVEL
-Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
-increasing order of verbosity.
+Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+increasing order of verbosity. (INFO)
.TP
MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (pool.sks-keyservers.net).
+OpenPGP keyserver to use. (pool.sks-keyservers.net)
.TP
MONKEYSPHERE_AUTHORIZED_USER_IDS
-Path to user authorized_user_ids file
-(%h/.monkeysphere/authorized_user_ids).
+Path to user's authorized_user_ids file. %h gets replaced with the
+user's homedir, %u with the username.
+(%h/.monkeysphere/authorized_user_ids)
.TP
MONKEYSPHERE_RAW_AUTHORIZED_KEYS
-Path to user-controlled authorized_keys file. `-' means not to add
-user-controlled file (%h/.ssh/authorized_keys).
+Path to regular ssh-style authorized_keys file to append to
+monkeysphere-generated authorized_keys. `none' means not to add any
+raw authorized_keys file. %h gets replaced with the user's homedir,
+%u with the username. (%h/.ssh/authorized_keys)
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
.SH FILES
/etc/monkeysphere/monkeysphere-authentication.conf
System monkeysphere-authentication config file.
.TP
-/var/lib/monkeysphere/authentication/authorized_keys/USER
+/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.SH AUTHOR