+# Path to authorized_user_ids file to process to create
+# authorized_keys file. '%h' will be replaced by the home directory
+# of the user, and %u will be replaced by the username of the user.
+# For purely admin-controlled authorized_user_ids, you might put them
+# in /etc/monkeysphere/authorized_user_ids/%u
+#AUTHORIZED_USER_IDS="%h/.config/monkeysphere/authorized_user_ids"
+
+#FIXME: why is the following variable named USER_CONTROLLED_...?
+#shouldn't this be something like MONKEYSPHERE_RAW_AUTHORIZED_KEYS
+#instead? For example, what about a server where the administrator
+#has locked down the authorized_keys file from user control, but still
+#wants to combine raw authorized_keys for some users with the
+#monkeysphere?
+