-.TH MONKEYSPHERE-SERVER "1" "June 2008" "monkeysphere" "User Commands"
+.TH MONKEYSPHERE-SERVER "8" "June 2008" "monkeysphere" "User Commands"
.SH NAME
.TP
.B add-identity-certifier KEYID
Instruct system to trust user identity certifications made by KEYID.
-A certifier domain can be specified with the `-n' or `--domain'
-option. A certifier trust level can be specified with the `-t' or
-`--trust' option (default is `full'). A certifier trust depth can be
-specified with the `-d' or `--depth' option (default is 1). `a' may
-be used in place of `add-identity-certifier'.
+Using the `-n' or `--domain' option allows you to indicate that you
+only trust the given KEYID to make identifications within a specific
+domain (e.g. "trust KEYID to certify user identities within the
+@example.org domain"). A certifier trust level can be specified with
+the `-t' or `--trust' option (possible values are `marginal' and
+`full' (default is `full')). A certifier trust depth can be specified
+with the `-d' or `--depth' option (default is 1). `a' may be used in
+place of `add-identity-certifier'.
.TP
.B remove-identity-certifier KEYID
Instruct system to ignore user identity certifications made by KEYID.
List key IDs trusted by the system to certify user identities. `l'
may be used in place of `list-identity-certifiers'.
.TP
+.B gpg-authentication-cmd
+Execute a gpg command on the gnupg-authentication keyring as the
+monkeysphere user. This takes a single command (multiple gpg
+arguments need to be quoted). Use this command with caution, as
+modifying the gnupg-authentication keyring can affect ssh user
+authentication.
+.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
`help'.
HostKey /var/lib/monkeysphere/ssh_host_rsa_key
In order for users logging into the system to be able to verify the
-host via the monkeysphere, at least one person (ie. a server admin)
+host via the monkeysphere, at least one person (i.e. a server admin)
will need to sign the host's key. This is done in the same way that
key signing is usually done, by pulling the host's key from the
keyserver, signing the key, and re-publishing the signature. Once
It is recommended to add "monkeysphere-server update-users" to a
system crontab, so that user keys are kept up-to-date, and key
-revokations and expirations can be processed in a timely manor.
+revocations and expirations can be processed in a timely manor.
.SH ENVIRONMENT
user-controlled file (%h/.ssh/authorized_keys).
.TP
MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeypshere).
+User to control authentication keychain (monkeysphere).
.SH FILES