were found but none were acceptable. `a' may be used in place of
`update-authorized_keys'.
.TP
-.B gen-subkey KEYID
-Generate an authentication subkey. For the primary key with the
-specified key ID, generate a subkey with "authentication" capability
-that can be used for monkeysphere transactions. An expiration length
-can be specified with the `-e' or `--expire' option (prompt
-otherwise). `g' may be used in place of `gen-subkey'.
+.B gen-subkey [KEYID]
+Generate an authentication subkey for a private key in your GnuPG
+keyring. For the primary key with the specified key ID, generate a
+subkey with "authentication" capability that can be used for
+monkeysphere transactions. An expiration length can be specified with
+the `-e' or `--expire' option (prompt otherwise). If no key ID is
+specified, but only one key exists in the secret keyring, that key
+will be used. `g' may be used in place of `gen-subkey'.
.TP
.B help
Output a brief usage summary. `h' or `?' may be used in place of
subcommands:
update-known_hosts (k) [HOST]... update known_hosts file
update-authorized_keys (a) update authorized_keys file
- gen-subkey (g) KEYID generate an 'a' capable subkey
+ gen-subkey (g) [KEYID] generate an authentication subkey
--length (-l) BITS key length in bits (2048)
--expire (-e) EXPIRE date to expire
help (h,?) this help
gen_subkey "$@"
;;
- 'help'|'h'|'?')
+ '--help'|'help'|'-h'|'h'|'?')
usage
;;
show_server_key
- echo "NOTE: User ID revoked, but revokation not published."
+ echo "NOTE: User ID revoked, but revocation not published."
echo "Run '$PGRM publish-key' to publish the revocation."
else
failure "Problem revoking user ID."
--- /dev/null
+[[meta title="Add man pages to web site"]]
+
+We should publish the various monkeysphere man pages in browsable form
+somewhere under http://monkeysphere.info/. Ideally, this would be
+updated automatically from the sources for the official man pages
+themselves.
+
+This strikes me as an ikiwiki subproject (implementing a man2html wiki
+compilation language perhaps?).
+
+Interestingly, [ikiwiki's own man page](http://ikiwiki.info/usage/)
+appears to be written in markdown and then converted to nroff.
interested, you can run this hacky script but we make no guarantees.
-- Sir Jam Jam
+
+---
+
+I just realized that i think i can test for the presence of [GNU-dummy
+support in
+GnuTLS](http://lists.gnu.org/archive/html/gnutls-devel/2008-08/msg00005.html),
+which means that we can cleanly test whether the proposed [handling of
+passphrase-locked secret
+keys](bugs/handle-passphrase-locked-secret-keys/) is functional. With
+that in mind, I'd like to propose that we could resolve this bug
+simply by adding a new subcommand: `monkeysphere authkey-to-agent`,
+which would fail in the absence of a functionally-patched GnuTLS.
+
+Would this proposal be sufficient to resolve this bug?
+
+--dkg
option to get the output. Or - maybe these should be environmental variables?
In any event - someway to suppress informational output would be a useful
improvement.
+
+------
+
+I'd be fine with silent mode as a default, with a more verbose mode
+accessible to the user who desires it.
+
+I'd prefer an environment variable (e.g. `MONKEYSPHERE_VERBOSE` or
+`MONKEYSPHERE_DEBUG`) over a command-line (e.g. `--verbose`) option,
+personally. It's more in keeping with the model we've used in general
+so far.
+
+--dkg
are tracked via GnuPG, and managed in the `known_hosts` and
`authorized_keys` files used by OpenSSH for connection authentication.
-[why you should be interested](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
+[why?](/why) | [[bugs]] | [[download]] | [[news]] | [[documentation|doc]]
## Conceptual overview ##
Have you ever wanted to allow a colleague key-based access to a
machine, *without* needing to have a copy of their public key on hand?
-Have you ever wanted to be able to revoke the ability of a key to
-authenticate across the entire infrastructure you manage, without
+Have you ever wanted to be able to revoke the ability of a user's key
+to authenticate across the entire infrastructure you manage, without
touching each host by hand?
## What's the connection? ##