# MonkeySphere server configuration file.

# This is an sh-style shell configuration file.  Variable names should
# be separated from their assignements by a single '=' and no spaces.

#FIXME: shouldn't this be in /var by default? These are not text
#files, and they should generally not be managed directly by the
#admin:
# GPG home directory for server
#GNUPGHOME=/etc/monkeysphere/gnupg

# GPG keyserver to search for keys
#KEYSERVER=subkeys.pgp.net

# Required user key capabilities
# Must be quoted, lowercase, space-seperated list of the following:
#   e = encrypt
#   s = sign
#   c = certify
#   a = authentication
#REQUIRED_USER_KEY_CAPABILITY="a"

# Path to authorized_user_ids file to process to create
# authorized_keys file.  '%h' will be replaced by the home directory
# of the user, and %u will be replaced by the username of the user.
# For purely admin-controlled authorized_user_ids, you might put them
# in /etc/monkeysphere/authorized_user_ids/%u
#AUTHORIZED_USER_IDS="%h/.config/monkeysphere/authorized_user_ids"

#FIXME: why is the following variable named USER_CONTROLLED_...?
#shouldn't this be something like MONKEYSPHERE_RAW_AUTHORIZED_KEYS
#instead?  For example, what about a server where the administrator
#has locked down the authorized_keys file from user control, but still
#wants to combine raw authorized_keys for some users with the
#monkeysphere?

# Whether to add user controlled authorized_keys file to
# monkeysphere-generated authorized_keys file.  Should be path to file
# where '%h' will be replaced by the home directory of the user or
# '%u' by the username.  To not add any user-controlled file, put "-"
#FIXME: this usage of "-" contravenes the normal convention where "-"
#means standard in/out.  Why not use "none" or "" instead?
#USER_CONTROLLED_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"