X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=rhesus%2FREADME;h=4d383d524fdacd15e63c2656afe7694d84f10648;hb=60b8c51d6772a1bd8ba9b2416968a74c09000f3b;hp=226361c86484b80ebf196dd673c084ab4f537b3e;hpb=f047b198433a0781e35b5ca0cea0bc532d9a64ce;p=monkeysphere.git

diff --git a/rhesus/README b/rhesus/README
index 226361c..4d383d5 100644
--- a/rhesus/README
+++ b/rhesus/README
@@ -1,7 +1,30 @@
-rhesus is the monkeysphere authorized_keys generator.
+rhesus is the monkeysphere authorized_keys/known_hosts generator.
 
-It's goal is to take a user's auth_user_ids file, which contains gpg
-user ids (and possibly authorized_keys options), use gpg to fetch the
-keys of the specified users, do a monkeysphere policy check on each
-id, and generate authorized_keys lines for verified id.
+In authorized_keys mode, rhesus takes an auth_user_ids file, which
+contains gpg user ids, uses gpg to fetch the keys of the specified
+users, does a monkeysphere policy check on each id, and uses gpg2ssh
+to generate authorized_keys lines for each verified id.  The lines are
+then combined with a user's traditional authorized_keys file to create
+a new authorized_keys file.
 
+In known_hosts mode, rhesus takes an auth_host_ids file, which
+contains gpg user ids of the form ssh://URL, uses gpg to fetch the
+keys of the specified hosts, does a monkeysphere policy check on each
+id, and uses gpg2ssh to generate a known_hosts lines for each verified
+id.  The lines are then combined with a user's traditional known_hosts
+file to create a new known_hosts file.
+
+When run as a normal user, no special configuration is needed.
+
+When run as an administrator to update system-maintained
+authorized_keys files for each user, the following environment
+variables should be defined first:
+
+ MS_CONF=/etc/monkeysphere/monkeysphere.conf
+ USER=foo
+
+For example, the command might be run like this:
+
+ for USER in $(ls -1 /home) ; do
+   MS_CONF=/etc/monkeysphere/monkeysphere.conf rhesus --authorized_keys
+ done