X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman8%2Fmonkeysphere-authentication.8;h=d891edaa9af7d92973bf0f0eee9f1aaf3e03efe2;hb=d670eab60c0ce98bb9f4dc439f9bbd0452ee0d0a;hp=a28922c7cb071887661b52691eacde97781be1f8;hpb=0dc0bc5817f4eb4a0e996d4dfed97b0822a29216;p=monkeysphere.git diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index a28922c..d891eda 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -1,4 +1,4 @@ -.TH MONKEYSPHERE-SERVER "8" "March 2009" "monkeysphere" "User Commands" +.TH MONKEYSPHERE-AUTHENTICATION "8" "January 2010" "monkeysphere" "System Commands" .SH NAME @@ -11,9 +11,9 @@ monkeysphere\-authentication - Monkeysphere authentication admin tool. .SH DESCRIPTION \fBMonkeysphere\fP is a framework to leverage the OpenPGP Web of Trust -(WoT) for OpenSSH authentication. OpenPGP keys are tracked via GnuPG, -and added to the authorized_keys and known_hosts files used by OpenSSH -for connection authentication. +(WoT) for key-based authentication. OpenPGP keys are tracked via +GnuPG, and added to the authorized_keys files used by OpenSSH for +connection authentication. \fBmonkeysphere\-authentication\fP is a Monkeysphere server admin utility for configuring and managing SSH user authentication through @@ -37,6 +37,11 @@ monkeysphere-controlled authorized_keys file. If no accounts are specified, then all accounts on the system are processed. `u' may be used in place of `update\-users'. .TP +.B refresh\-keys +Refresh all keys in the monkeysphere-authentication keyring. If no +accounts are specified, then all accounts on the system are processed. +`r' may be used in place of `refresh\-keys'. +.TP .B add\-id\-certifier KEYID|FILE Instruct system to trust user identity certifications made by KEYID. The key ID will be loaded from the keyserver. A file may be loaded @@ -59,12 +64,14 @@ Instruct system to ignore user identity certifications made by KEYID. List key IDs trusted by the system to certify user identities. `c' may be used in place of `list\-id\-certifiers'. .TP +.B version +Show the monkeysphere version number. `v' may be used in place of +`version'. +.TP .B help Output a brief usage summary. `h' or `?' may be used in place of `help'. -.TP -.B version -show version number + Other commands: .TP @@ -158,6 +165,11 @@ raw authorized_keys file. %h gets replaced with the user's homedir, .TP MONKEYSPHERE_PROMPT If set to `false', never prompt the user for confirmation. (true) +.TP +MONKEYSPHERE_STRICT_MODES +If set to `false', ignore too-loose permissions on known_hosts, +authorized_keys, and authorized_user_ids files. NOTE: setting this to +false may expose users to abuse by other users on the system. (true) .SH FILES @@ -167,6 +179,12 @@ System monkeysphere-authentication config file. .TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. +.TP +~/.monkeysphere/authorized_user_ids +A list of OpenPGP user IDs, one per line. OpenPGP keys with an +exactly-matching User ID (calculated valid by the designated identity +certifiers), will have any valid authorization-capable keys or subkeys +added to the given user's authorized_keys file. .SH AUTHOR