# Author: Jameson Rollins <jrollins@fifthhorseman.net>
# Copyright 2008
+ETC="/etc/monkeysphere"
VARLIB="/var/lib/monkeysphere"
if ! getent passwd monkeysphere >/dev/null ; then
# install host gnupg home directory
install --owner root --group monkeysphere --mode 750 -d "$VARLIB"/gnupg-host
-# install host gpg.conf
-cat <<EOF > "$VARLIB"/gnupg-host/gpg.conf
-list-options show-uid-validity
-EOF
+# link in the gpg.conf
+ln -s "$ETC"/gnupg-host.conf "$VARLIB"/gnupg-host/gpg.conf
# install authentication gnupg home directory
install --owner monkeysphere --group monkeysphere --mode 700 -d "$VARLIB"/gnupg-authentication
-# install authentication gpg.conf
-cat <<EOF > "$VARLIB"/gnupg-authentication/gpg.conf
-list-options show-uid-validity
-primary-keyring $VARLIB/gnupg-authentication/pubring.gpg
-keyring $VARLIB/gnupg-host/pubring.gpg
-EOF
-chown monkeysphere:monkeysphere "$VARLIB"/gnupg-authentication/gpg.conf
+# link in the gpg.conf
+ln -s "$ETC"/gnupg-authentication.conf "$VARLIB"/gnupg-authentication/gpg.conf
--- /dev/null
+# Monkeysphere authentication GNUPG home gpg.conf
+
+primary-keyring /var/lib/monkeysphere/gnupg-authentication/pubring.gpg
+keyring /var/lib/monkeysphere/gnupg-host/pubring.gpg
+
+keyserver hkp://pgp.mit.edu
+
+list-options show-uid-validity
--- /dev/null
+# Monkeysphere host GNUPG home gpg.conf
+
+list-options show-uid-validity
# prefeced by "MONKEYSPHERE_" will take precedence over the values
# specified here.
+# User who controls the monkeysphere authentication keyring.
+#MONKEYSPHERE_USER=monkeysphere
+
# Log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing order
# of verbosity.
#LOG_LEVEL=INFO
-# GPG keyserver to search for keys.
-#KEYSERVER=subkeys.pgp.net
-
# Path to authorized_user_ids file to process to create
# authorized_keys file. '%h' will be replaced by the home directory
# of the user, and %u will be replaced by the username of the user.
# FIXME: this usage of "-" contravenes the normal convention where "-"
# means standard in/out. Why not use "none" or "" instead?
#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
-
-# User who controls the monkeysphere authentication keyring.
-#MONKEYSPHERE_USER=monkeysphere
the monkeysphere-server.conf configuration file (defaults in
parentheses):
.TP
+MONKEYSPHERE_MONKEYSPHERE_USER
+User to control authentication keychain (monkeysphere).
+.TP
MONKEYSPHERE_LOG_LEVEL
Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
increasing order of verbosity.
MONKEYSPHERE_RAW_AUTHORIZED_KEYS
Path to user-controlled authorized_keys file. `-' means not to add
user-controlled file (%h/.ssh/authorized_keys).
-.TP
-MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeysphere).
.SH FILES
/etc/monkeysphere/monkeysphere.conf
System-wide monkeysphere config file.
.TP
+/etc/monkeysphere/gnupg-host.conf
+Monkeysphere host GNUPG home gpg.conf
+.TP
+/etc/monkeysphere/gnupg-authentication.conf
+Monkeysphere authentication GNUPG home gpg.conf
+.TP
/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.TP