X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=doc%2FREADME;h=f6ea1dd14139494d67e8d598f2da8914ea13be00;hb=58e8aa097b8f3b8a288183d0af4a0a5801fea576;hp=90345193414da1fa4c6306e0fa48068cd634a347;hpb=ec55ca0c26b054a63265947b50e0392060b2a7e0;p=monkeysphere.git diff --git a/doc/README b/doc/README deleted file mode 100644 index 9034519..0000000 --- a/doc/README +++ /dev/null @@ -1,82 +0,0 @@ -Monkeysphere README -=================== - -Default files locations (by variable): - -MS_HOME=~/.config/monkeysphere -MS_CONF=$MS_HOME/monkeysphere.conf -AUTH_HOST_FILE=$MS_HOME/auth_host_ids -AUTH_USER_FILE=$MS_HOME/auth_user_ids -GNUPGHOME=~/.gnupg -STAGING_AREA=$MS_HOME - -$STAGING_AREA/host_keys/KEYHASH -$STAGING_AREA/known_hosts -$STAGING_AREA/user_keys/KEYHASH -$STAGING_AREA/authorized_keys - -user usage ----------- -For a user to update their ms known_hosts file: - -$ rhesus --known_hosts - -For a user to update their ms authorized_keys file: - -$ rhesus --authorized_keys - -server service publication --------------------------- -To publish a server host key use the "howler" component: - -# howler gen-key -# howler publish-key - -This will generate the key for server with the service URI -(ssh://server.hostname). The server admin should now sign the server -key so that people in the admin's web of trust can authenticate the -server without manual host key checking: - -$ gpg --search ='ssh://server.hostname' -$ gpg --sign-key 'ssh://server.hostname' - -server authorized_keys maintenance ----------------------------------- -A system can maintain ms authorized_keys files for it's users. Some -different variables need to be defined to help manage this. The way -this is done is by first defining a new MS_HOME: - -MS_HOME=/etc/monkeysphere - -This directory would then have a monkeysphere.conf which defines the -following variables: - -AUTH_USER_FILE="$MS_HOME"/auth_user_ids/"$USER" -STAGING_AREA=/var/lib/monkeysphere/stage/$USER -GNUPGHOME=$MS_HOME/gnupg - -For each user account on the server, the userids of people authorized -to log into that account would be placed in the AUTH_USER_FILE for -that user. However, in order for users to become authenticated, the -server must determine that the user keys have "full" validity. This -means that the server must fully trust at least one person whose -signature on the connecting users key would validate the user. This -would generally be the server admin. If the server admin's userid is - -"Alice " - -then the server would run: - -# howler trust-uids "Alice " - -To update the ms authorized_keys file for user "bob", the system would -then run the following: - -# USER=bob MS_HOME=/etc/monkeysphere rhesus --authorized_keys - -To update the ms authorized_keys file for all users on the the system: - -MS_HOME=/etc/monkeysphere -for USER in $(ls -1 /etc/monkeysphere/auth_user_ids) ; do - rhesus --authorized_keys -done diff --git a/doc/README b/doc/README new file mode 120000 index 0000000..f6ea1dd --- /dev/null +++ b/doc/README @@ -0,0 +1 @@ +../website/getting-started-user.mdwn \ No newline at end of file