From 0fac6a0db5524d6b9824ef205bdd809ad762fd32 Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Mon, 23 Jun 2008 19:09:25 -0400
Subject: [PATCH 1/1] authorized_keys files appear to need to be readable by
 the user logging in.

---
 src/monkeysphere-server | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/monkeysphere-server b/src/monkeysphere-server
index 11e593b..35e0096 100755
--- a/src/monkeysphere-server
+++ b/src/monkeysphere-server
@@ -231,6 +231,13 @@ case $COMMAND in
 		fi
 	    fi
 
+            # openssh appears to check the contents of the
+            # authorized_keys file as the user in question, so the file
+            # must be readable by that user at least.
+            # FIXME: is there a better way to do this?
+            chgrp $(getent passwd "$uname" | cut -f4 -d:) "$AUTHORIZED_KEYS"
+            chmod g+r "$AUTHORIZED_KEYS"
+
 	    # move the temp authorized_keys file into place
 	    mv -f "$AUTHORIZED_KEYS" "${CACHE}/authorized_keys/${uname}"
 
-- 
2.25.1