Merge commit 'jrollins/master'

[monkeysphere.git] / man / man8 / monkeysphere-authentication.8

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 4d453d377337ed74452cad84b6eab9a13e7d9a43..a52e9ab6813a2822f40d5deb80c80f54909ca19e 100644 (file)
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -7,8 +7,6 @@ monkeysphere-authentication \- Monkeysphere authentication admin tool.
 .SH SYNOPSIS
 
 .B monkeysphere-authentication \fIsubcommand\fP [\fIargs\fP]
-.br
-.B monkeysphere-authentication expert \fIexpert-subcommand\fP [\fIargs\fP]
 
 .SH DESCRIPTION
 
@@ -37,8 +35,11 @@ monkeysphere-controlled authorized_keys file.  If no accounts are
 specified, then all accounts on the system are processed.  `u' may be
 used in place of `update-users'.
 .TP
-.B add-id-certifier KEYID
+.B add-id-certifier KEYID|FILE
 Instruct system to trust user identity certifications made by KEYID.
+The key ID will be loaded from the keyserver.  A file may be loaded
+instead of pulling the key from the keyserver by specifying the path
+to the file as the argument, or by specifying `-` to load from stdin.
 Using the `-n' or `--domain' option allows you to indicate that you
 only trust the given KEYID to make identifications within a specific
 domain (e.g. "trust KEYID to certify user identities within the
@@ -131,22 +132,29 @@ The following environment variables will override those specified in
 the config file (defaults in parentheses):
 .TP
 MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeysphere).
+User to control authentication keychain. (monkeysphere)
 .TP
 MONKEYSPHERE_LOG_LEVEL
-Set the log level (INFO).  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
-increasing order of verbosity.
+Set the log level.  Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+increasing order of verbosity. (INFO)
 .TP
 MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (pool.sks-keyservers.net).
+OpenPGP keyserver to use. (pool.sks-keyservers.net)
 .TP
 MONKEYSPHERE_AUTHORIZED_USER_IDS
-Path to user authorized_user_ids file
-(%h/.monkeysphere/authorized_user_ids).
+Path to user's authorized_user_ids file. %h gets replaced with the
+user's homedir, %u with the username.
+(%h/.monkeysphere/authorized_user_ids)
 .TP
 MONKEYSPHERE_RAW_AUTHORIZED_KEYS
-Path to user-controlled authorized_keys file.  `-' means not to add
-user-controlled file (%h/.ssh/authorized_keys).
+Path to regular ssh-style authorized_keys file to append to
+monkeysphere-generated authorized_keys.  `none' means not to add any
+raw authorized_keys file.  %h gets replaced with the user's homedir,
+%u with the username. (%h/.ssh/authorized_keys)
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
 
 .SH FILES
 
@@ -154,7 +162,7 @@ user-controlled file (%h/.ssh/authorized_keys).
 /etc/monkeysphere/monkeysphere-authentication.conf
 System monkeysphere-authentication config file.
 .TP
-/var/lib/monkeysphere/authentication/authorized_keys/USER
+/var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 
 .SH AUTHOR