X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-authentication.8;h=38df65dbf396d659dfe6efe23ebaad303aba9241;hb=a5d96721e78a06f7dd55071ff3ae61370e00324c;hp=2b0091ebb46743370ea07671030a887d3f2669dd;hpb=44dfeaec9209521ca6a65e85c1276bad4bdf5c01;p=monkeysphere.git diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 2b0091e..38df65d 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -21,11 +21,7 @@ authentication. .SH SUBCOMMANDS -\fBmonkeysphere-authentication\fP takes various subcommands. -.TP -.B setup -Setup the server for Monkeysphere user authentication. `s' may be -used in place of `setup'. +\fBmonkeysphere-authentication\fP takes various subcommands: .TP .B update-users [ACCOUNT]... Rebuild the monkeysphere-controlled authorized_keys files. For each @@ -67,21 +63,24 @@ Output a brief usage summary. `h' or `?' may be used in place of .B version show version number -.SH "EXPERT" SUBCOMMANDS - -Some commands are very unlikely to be needed by most administrators. -These commands must prefaced by the word `expert'. +Other commands: +.TP +.B setup +Setup the server for Monkeysphere user authentication. This command +is idempotent and run automatically by the other commands, and should +therefore not usually need to be run manually. `s' may be used in +place of `setup'. .TP .B diagnostics Review the state of the server with respect to authentication. `d' may be used in place of `diagnostics'. .TP .B gpg-cmd -Execute a gpg command on the gnupg-authentication keyring as the -monkeysphere user. This takes a single command (multiple gpg -arguments need to be quoted). Use this command with caution, as -modifying the gnupg-authentication keyring can affect ssh user -authentication. +Execute a gpg command, as the monkeysphere user, on the monkeysphere +authentication "sphere" keyring. This takes a single argument +(multiple gpg arguments need to be quoted). Use this command with +caution, as modifying the authentication sphere keyring can affect ssh +user authentication. .SH SETUP USER AUTHENTICATION @@ -132,22 +131,29 @@ The following environment variables will override those specified in the config file (defaults in parentheses): .TP MONKEYSPHERE_MONKEYSPHERE_USER -User to control authentication keychain (monkeysphere). +User to control authentication keychain. (monkeysphere) .TP MONKEYSPHERE_LOG_LEVEL -Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in -increasing order of verbosity. +Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in +increasing order of verbosity. (INFO) .TP MONKEYSPHERE_KEYSERVER -OpenPGP keyserver to use (pool.sks-keyservers.net). +OpenPGP keyserver to use. (pool.sks-keyservers.net) .TP MONKEYSPHERE_AUTHORIZED_USER_IDS -Path to user authorized_user_ids file -(%h/.monkeysphere/authorized_user_ids). +Path to user's authorized_user_ids file. %h gets replaced with the +user's homedir, %u with the username. +(%h/.monkeysphere/authorized_user_ids) .TP MONKEYSPHERE_RAW_AUTHORIZED_KEYS -Path to user-controlled authorized_keys file. `-' means not to add -user-controlled file (%h/.ssh/authorized_keys). +Path to regular ssh-style authorized_keys file to append to +monkeysphere-generated authorized_keys. `none' means not to add any +raw authorized_keys file. %h gets replaced with the user's homedir, +%u with the username. (%h/.ssh/authorized_keys) +.TP +MONKEYSPHERE_PROMPT +If set to `false', never prompt the user for confirmation. (true) + .SH FILES @@ -155,7 +161,7 @@ user-controlled file (%h/.ssh/authorized_keys). /etc/monkeysphere/monkeysphere-authentication.conf System monkeysphere-authentication config file. .TP -/var/lib/monkeysphere/authentication/authorized_keys/USER +/var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .SH AUTHOR