projects
/
monkeysphere.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
rpm: assign a real shell to user monkeysphere
[monkeysphere.git]
/
man
/
man8
/
monkeysphere-authentication.8
diff --git
a/man/man8/monkeysphere-authentication.8
b/man/man8/monkeysphere-authentication.8
index a687f4efb10a06d40bf6f86faeb5ab8298902aee..ea9debd33d99618ea785c9a1336e3c3545c6abb5 100644
(file)
--- a/
man/man8/monkeysphere-authentication.8
+++ b/
man/man8/monkeysphere-authentication.8
@@
-1,4
+1,4
@@
-.TH MONKEYSPHERE-
SERVER "8" "March 2009" "monkeysphere" "User
Commands"
+.TH MONKEYSPHERE-
AUTHENTICATION "8" "January 2010" "monkeysphere" "System
Commands"
.SH NAME
.SH NAME
@@
-11,9
+11,9
@@
monkeysphere\-authentication - Monkeysphere authentication admin tool.
.SH DESCRIPTION
\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
.SH DESCRIPTION
\fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust
-(WoT) for
OpenSSH authentication. OpenPGP keys are tracked via GnuPG,
-and added to the authorized_keys and known_hosts files used by OpenSSH
-
for
connection authentication.
+(WoT) for
key-based authentication. OpenPGP keys are tracked via
+GnuPG, and added to the authorized_keys files used by OpenSSH for
+connection authentication.
\fBmonkeysphere\-authentication\fP is a Monkeysphere server admin
utility for configuring and managing SSH user authentication through
\fBmonkeysphere\-authentication\fP is a Monkeysphere server admin
utility for configuring and managing SSH user authentication through
@@
-131,7
+131,7
@@
user authentication, the AuthorizedKeysFile parameter must be set in
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
the sshd_config to point to the monkeysphere\-generated
authorized_keys files:
-AuthorizedKeysFile /var/lib/monkeysphere/auth
entication/auth
orized_keys/%u
+AuthorizedKeysFile /var/lib/monkeysphere/authorized_keys/%u
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
It is recommended to add "monkeysphere\-authentication update\-users"
to a system crontab, so that user keys are kept up-to-date, and key
@@
-165,6
+165,11
@@
raw authorized_keys file. %h gets replaced with the user's homedir,
.TP
MONKEYSPHERE_PROMPT
If set to `false', never prompt the user for confirmation. (true)
.TP
MONKEYSPHERE_PROMPT
If set to `false', never prompt the user for confirmation. (true)
+.TP
+MONKEYSPHERE_STRICT_MODES
+If set to `false', ignore too-loose permissions on known_hosts,
+authorized_keys, and authorized_user_ids files. NOTE: setting this to
+false may expose users to abuse by other users on the system. (true)
.SH FILES
.SH FILES
@@
-172,6
+177,11
@@
If set to `false', never prompt the user for confirmation. (true)
/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
/etc/monkeysphere/monkeysphere\-authentication.conf
System monkeysphere-authentication config file.
.TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP
/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP
@@
-184,7
+194,7
@@
added to the given user's authorized_keys file.
.SH AUTHOR
This man page was written by:
.SH AUTHOR
This man page was written by:
-Jameson Rollins <jrollins@fi
fthhorseman
.net>,
+Jameson Rollins <jrollins@fi
nestructure
.net>,
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Matthew Goins <mjgoins@openflows.com>
Daniel Kahn Gillmor <dkg@fifthhorseman.net>,
Matthew Goins <mjgoins@openflows.com>