X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-authentication.8;h=a687f4efb10a06d40bf6f86faeb5ab8298902aee;hb=70a2eb33f5946ff97bc99a5fd2610ef3c43ee49f;hp=dfa74445347e3ea975f23f59252f19643427dc01;hpb=235f46a482f83ad0531953e77aab50da4d2bdda0;p=monkeysphere.git diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index dfa7444..a687f4e 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -37,6 +37,11 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update\-users'. .TP +.B refresh\-keys +Refresh all keys in the monkeysphere-authentication keyring. If no +accounts are specified, then all accounts on the system are processed. +`r' may be used in place of `refresh\-keys'. +.TP .B add\-id\-certifier KEYID|FILE Instruct system to trust user identity certifications made by KEYID. The key ID will be loaded from the keyserver. A file may be loaded @@ -59,12 +64,14 @@ Instruct system to ignore user identity certifications made by KEYID. List key IDs trusted by the system to certify user identities. `c' may be used in place of `list\-id\-certifiers'. .TP +.B version +Show the monkeysphere version number. `v' may be used in place of +`version'. +.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. -.TP -.B version -show version number + Other commands: .TP @@ -92,7 +99,7 @@ monkeysphere-generated authorized_keys files, the server must be told which keys will act as identity certifiers. This is done with the \fBadd\-id\-certifier\fP command: -$ monkeysphere\-authentication add\-id\-certifier KEYID +# monkeysphere\-authentication add\-id\-certifier KEYID where KEYID is the key ID of the server admin, or whoever's certifications should be acceptable to the system for the purposes of @@ -103,7 +110,7 @@ single OpenPGP public key. Certifiers can be removed with the \fBremove\-id\-certifier\fP command, and listed with the \fBlist\-id\-certifiers\fP command. -Remote users will be granted access to local accounts based on the +A remote user will be granted access to a local account based on the appropriately-signed and valid keys associated with user IDs listed in that account's authorized_user_ids file. By default, the authorized_user_ids file for an account is @@ -111,22 +118,22 @@ authorized_user_ids file for an account is monkeysphere\-authentication.conf file. The \fBupdate\-users\fP command is used to generate authorized_keys -files for local accounts based on the authorized user IDs listed in -the account's authorized_user_ids file: +files for a local account based on the user IDs listed in the +account's authorized_user_ids file: -$ monkeysphere\-authentication update\-users USER +# monkeysphere\-authentication update\-users USER Not specifying USER will cause all accounts on the system to updated. -The ssh server can then use these monkeysphere\-generated -authorized_keys files to grant access to user accounts for remote -users. In order for sshd to look at the monkeysphere\-generated -authorized_keys file for user authentication, the AuthorizedKeysFile -parameter must be set in the sshd_config to point to the -monkeysphere\-generated authorized_keys files: +The ssh server can use these monkeysphere-generated authorized_keys +files to grant access to user accounts for remote users. In order for +sshd to look at the monkeysphere-generated authorized_keys file for +user authentication, the AuthorizedKeysFile parameter must be set in +the sshd_config to point to the monkeysphere\-generated +authorized_keys files: AuthorizedKeysFile /var/lib/monkeysphere/authentication/authorized_keys/%u -It is recommended to add "monkeysphere\-authentication update-users" +It is recommended to add "monkeysphere\-authentication update\-users" to a system crontab, so that user keys are kept up-to-date, and key revocations and expirations can be processed in a timely manner. @@ -167,10 +174,16 @@ System monkeysphere-authentication config file. .TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. +.TP +~/.monkeysphere/authorized_user_ids +A list of OpenPGP user IDs, one per line. OpenPGP keys with an +exactly-matching User ID (calculated valid by the designated identity +certifiers), will have any valid authorization-capable keys or subkeys +added to the given user's authorized_keys file. .SH AUTHOR -Written by: +This man page was written by: Jameson Rollins , Daniel Kahn Gillmor , Matthew Goins @@ -182,4 +195,5 @@ Matthew Goins .BR monkeysphere (7), .BR gpg (1), .BR ssh (1), -.BR sshd (8) +.BR sshd (8), +.BR sshd_config (5)