* Fix some bugs in, and cleanup, authorized_keys file creation in
monkeysphere-server update-users.
+ * Move to using the empty string for not adding a user-controlled
+ authorized_keys file in the RAW_AUTHORIZED_KEYS variable.
- -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Sun, 26 Oct 2008 21:49:17 -0400
+ -- Jameson Graef Rollins <jrollins@phys.columbia.edu> Mon, 27 Oct 2008 07:39:10 -0400
monkeysphere (0.16-1) experimental; urgency=low
-# MonkeySphere server configuration file.
+# Monkeysphere server configuration file.
# This is an sh-style shell configuration file. Variable names should
-# be separated from their assignements by a single '=' and no spaces.
-# Environement variables with the same names as these variables but
-# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# be separated from their assignments by a single '=' and no spaces.
+# Environment variables with the same names as these variables but
+# prefaced by "MONKEYSPHERE_" will take precedence over the values
# specified here.
# User who controls the monkeysphere authentication keyring.
#MONKEYSPHERE_USER=monkeysphere
-# Log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing order
-# of verbosity.
+# Log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+# increasing order of verbosity.
#LOG_LEVEL=INFO
# Path to authorized_user_ids file to process to create
# authorized_keys file. '%h' will be replaced by the home directory
-# of the user, and %u will be replaced by the username of the user.
+# of the user, and '%u' will be replaced by the username of the user.
# For purely admin-controlled authorized_user_ids, you might put them
-# in /etc/monkeysphere/authorized_user_ids/%u
+# in /etc/monkeysphere/authorized_user_ids/%u, for instance.
#AUTHORIZED_USER_IDS="%h/.monkeysphere/authorized_user_ids"
-# Whether to add user controlled authorized_keys file to
-# monkeysphere-generated authorized_keys file. Should be path to file
-# where '%h' will be replaced by the home directory of the user or
-# '%u' by the username. To not add any user-controlled file, put "-"
-# FIXME: this usage of "-" contravenes the normal convention where "-"
-# means standard in/out. Why not use "none" or "" instead?
+# Path to a user controlled authorized_keys file to be added to the
+# monkeysphere-generated authorized_keys file. '%h' will be replaced
+# by the home directory of the user, and '%u' will by replaced by the
+# username of the user. To not add any user-controlled file set this
+# variable to be the empty string, "".
#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
-# MonkeySphere system-wide client configuration file.
+# Monkeysphere system-wide client configuration file.
# This is an sh-style shell configuration file. Variable names should
-# be separated from their assignements by a single '=' and no spaces.
-# Environement variables with the same names as these variables but
-# prefeced by "MONKEYSPHERE_" will take precedence over the values
+# be separated from their assignments by a single '=' and no spaces.
+# Environment variables with the same names as these variables but
+# prefaced by "MONKEYSPHERE_" will take precedence over the values
# specified here.
-# Log level. Can be SILENT, ERROR, INFO, DEBUG, in increasing order
-# of verbosity.
+# Log level. Can be SILENT, ERROR, INFO, VERBOSE, DEBUG, in
+# increasing order of verbosity.
#LOG_LEVEL=INFO
# GPG home directory. If not specified either here or in the
# add user-controlled authorized_keys file if specified
# translate ssh-style path variables
rawAuthorizedKeys=$(translate_ssh_variables "$uname" "$RAW_AUTHORIZED_KEYS")
- if [ "$rawAuthorizedKeys" != '-' -a -s "$rawAuthorizedKeys" ] ; then
+ if [ "$rawAuthorizedKeys" -a -s "$rawAuthorizedKeys" ] ; then
# check permissions on the authorized_keys file path
if check_key_file_permissions "$uname" "$rawAuthorizedKeys" ; then
log verbose "adding raw authorized_keys file... "
configuration after verifying its
integrity](http://wiki.debian.org/SecureApt).
+To use the `monkeysphere subkey-to-ssh-agent` subcommand, you will
+also need [version 2.6 of GnuTLS](/news/gnutls-2.6-enables-monkeysphere),
+which is available in Debian experimental.
+
Once you've installed the packages, you might want to read up on how
to get started [as a regular user](/getting-started-user) or [as a
systems administrator](/getting-started-admin).
-## Enhancements ##
-
-As of 2008-08-22, If you run debian lenny you're very close to being
-able to run a fully monkeysphere-enabled system. One gap in the
-system is that lenny's GnuTLS can't support the `monkeysphere
-subkey-to-ssh-agent` subcommand.
-
-You can install a patched version of GnuTLS to enable this feature of
-the Monkeysphere by adjusting the monkeysphere `sources.list` lines to
-include the `gnutls` component. So they'd look like this instead:
-
- deb http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
- deb-src http://archive.monkeysphere.info/debian experimental monkeysphere gnutls
-
-You can [read more about this offering](/news/modified-gnutls-2.4.x-available).
-
## Source ##
For people who can't use the debian package, or folks who just want to