.SH SUBCOMMANDS
-\fBmonkeysphere-authentication\fP takes various subcommands.
-.TP
-.B setup
-Setup the server for Monkeysphere user authentication. `s' may be
-used in place of `setup'.
+\fBmonkeysphere-authentication\fP takes various subcommands:
.TP
.B update-users [ACCOUNT]...
Rebuild the monkeysphere-controlled authorized_keys files. For each
.B version
show version number
-.SH "EXPERT" SUBCOMMANDS
-
-Some commands are very unlikely to be needed by most administrators.
-These commands must prefaced by the word `expert'.
+Other commands:
+.TP
+.B setup
+Setup the server for Monkeysphere user authentication. This command
+is idempotent and run automatically by the other commands, and should
+therefore not usually need to be run manually. `s' may be used in
+place of `setup'.
.TP
.B diagnostics
Review the state of the server with respect to authentication. `d'
may be used in place of `diagnostics'.
.TP
.B gpg-cmd
-Execute a gpg command on the gnupg-authentication keyring as the
-monkeysphere user. This takes a single command (multiple gpg
-arguments need to be quoted). Use this command with caution, as
-modifying the gnupg-authentication keyring can affect ssh user
-authentication.
+Execute a gpg command, as the monkeysphere user, on the monkeysphere
+authentication "sphere" keyring. This takes a single argument
+(multiple gpg arguments need to be quoted). Use this command with
+caution, as modifying the authentication sphere keyring can affect ssh
+user authentication.
.SH SETUP USER AUTHENTICATION
the config file (defaults in parentheses):
.TP
MONKEYSPHERE_MONKEYSPHERE_USER
-User to control authentication keychain (monkeysphere).
+User to control authentication keychain. (monkeysphere)
.TP
MONKEYSPHERE_LOG_LEVEL
-Set the log level (INFO). Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
-increasing order of verbosity.
+Set the log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+increasing order of verbosity. (INFO)
.TP
MONKEYSPHERE_KEYSERVER
-OpenPGP keyserver to use (pool.sks-keyservers.net).
+OpenPGP keyserver to use. (pool.sks-keyservers.net)
.TP
MONKEYSPHERE_AUTHORIZED_USER_IDS
-Path to user authorized_user_ids file
-(%h/.monkeysphere/authorized_user_ids).
+Path to user's authorized_user_ids file. %h gets replaced with the
+user's homedir, %u with the username.
+(%h/.monkeysphere/authorized_user_ids)
.TP
MONKEYSPHERE_RAW_AUTHORIZED_KEYS
-Path to user-controlled authorized_keys file. `-' means not to add
-user-controlled file (%h/.ssh/authorized_keys).
+Path to regular ssh-style authorized_keys file to append to
+monkeysphere-generated authorized_keys. `none' means not to add any
+raw authorized_keys file. %h gets replaced with the user's homedir,
+%u with the username. (%h/.ssh/authorized_keys)
+.TP
+MONKEYSPHERE_PROMPT
+If set to `false', never prompt the user for confirmation. (true)
+
.SH FILES
/etc/monkeysphere/monkeysphere-authentication.conf
System monkeysphere-authentication config file.
.TP
-/var/lib/monkeysphere/authentication/authorized_keys/USER
+/var/lib/monkeysphere/authorized_keys/USER
Monkeysphere-generated user authorized_keys files.
.SH AUTHOR
projects / monkeysphere.git / blobdiff