# generate server gpg key
gen_key() {
# set key defaults
- KEY_TYPE=${KEY_TYPE:-RSA}
- KEY_LENGTH=${KEY_LENGTH:-2048}
- KEY_USAGE=${KEY_USAGE:-encrypt,auth}
- SERVICE=${SERVICE:-ssh}
+ KEY_TYPE=${KEY_TYPE:-"RSA"}
+ KEY_LENGTH=${KEY_LENGTH:-"2048"}
+ KEY_USAGE=${KEY_USAGE:-"encrypt,auth"}
+ SERVICE=${SERVICE:-"ssh"}
HOSTNAME_FQDN=${HOSTNAME_FQDN:-$(hostname -f)}
USERID=${USERID:-"$SERVICE"://"$HOSTNAME_FQDN"}
KEYSERVER=${KEYSERVER:-subkeys.pgp.net}
REQUIRED_KEY_CAPABILITY=${REQUIRED_KEY_CAPABILITY:-"e a"}
USER_CONTROLLED_AUTHORIZED_KEYS=${USER_CONTROLLED_AUTHORIZED_KEYS:-%h/.ssh/authorized_keys}
-STAGING_AREA=${STAGING_AREA:-"$LIB"/stage}
export GNUPGHOME
fi
for uname in $unames ; do
+ MODE="authorized_keys"
+
log "----- user: $uname -----"
- MODE="authorized_keys"
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
- cacheDir="$STAGING_AREA"/"$uname"/user_keys
- msAuthorizedKeys="$STAGING_AREA"/"$uname"/authorized_keys
+ msAuthorizedKeys="$CACHE"/"$uname"/authorized_keys
+ cacheDir="$CACHE"/"$uname"/user_keys
# make sure authorized_user_ids file exists
if [ ! -s "$AUTHORIZED_USER_IDS" ] ; then
fi
# update authorized_keys
- update_authorized_keys "$cacheDir" "$msAuthorizedKeys" "$userAuthorizedKeys"
+ update_authorized_keys "$msAuthorizedKeys" "$userAuthorizedKeys" "$cacheDir"
done
+
log "----- done. -----"
;;
failure "you must specify at least one userid."
fi
AUTHORIZED_USER_IDS="$MS_HOME"/authorized_user_ids/"$uname"
- userKeysCacheDir="$STAGING_AREA"/"$uname"/user_keys
+ cacheDir="$CACHE"/"$uname"/user_keys
for userID ; do
- update_userid "$userID" "$userKeysCacheDir"
+ update_userid "$userID" "$cacheDir"
done
;;