added FIXMEs to the configuration documentation: there are some pieces that need...

[monkeysphere.git] / etc / monkeysphere.conf

diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index 17c1a14f64927efde45d7b157416523a523d2f63..cce936665830de5992f40e37f5d47bbf84406481 100644 (file)
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -9,13 +9,15 @@
 # GPG keyserver to search for keys
 #KEYSERVER=subkeys.pgp.net
 
+# FIXME: consider removing REQUIRED_*_KEY_CAPABILITY entirely from
+# this example config, given our discussion
 # Required key capabilities
 # Must be quoted, lowercase, space-seperated list of the following:
 #   e = encrypt
 #   s = sign
 #   c = certify
 #   a = authentication
-#REQUIRED_HOST_KEY_CAPABILITY="e a"
+#REQUIRED_HOST_KEY_CAPABILITY="a"
 #REQUIRED_USER_KEY_CAPABILITY="a"
 
 # ssh known_hosts file
@@ -25,5 +27,12 @@
 # Should be "true" or "false"
 #HASH_KNOWN_HOSTS=true
 
-# ssh authorized_keys file
+# ssh authorized_keys file (FIXME: why is this relevant in this file?)
 #AUTHORIZED_KEYS=~/.ssh/known_hosts
+
+# check keyservers at every ssh connection:
+# This overrides other environment variables (FIXME: what does this mean???)
+# NOTE: setting CHECK_KEYSERVER to true will leak information about
+# the timing and frequency of your ssh connections to the maintainer
+# of the keyserver.
+#CHECK_KEYSERVER=true