enable use of hkps (closes: MS #1749)

author: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2010-03-14 03:06:32 -0400
committer: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2010-03-14 03:06:32 -0400
commit: 24da4d0207c8d3c7586871dac3eea9d2a0b864c3 (patch)
tree: 01306d12c1ca586120a47bb144d4422e8b0a80ae
parent: 8ab97c9c35f502005c23eb7adb3a8a0177f11630 (diff)
2 files changed, 6 insertions, 0 deletions
diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index 8732157..ea9debd 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+If monkeysphere-authentication is configured to query an hkps
+keyserver, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+.TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
 .TP
diff --git a/src/share/ma/setup b/src/share/ma/setup
index 6c75fef..f965487 100644
--- a/src/share/ma/setup
+++ b/src/share/ma/setup
@@ -43,6 +43,7 @@ EOF
 # Edits will be overwritten.
 no-greeting
 list-options show-uid-validity
+keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt
 EOF
 
     # make sure the monkeysphere user owns everything in the sphere
author	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2010-03-14 03:06:32 -0400
committer	Daniel Kahn Gillmor <dkg@fifthhorseman.net>	2010-03-14 03:06:32 -0400
commit	24da4d0207c8d3c7586871dac3eea9d2a0b864c3 (patch)
tree	01306d12c1ca586120a47bb144d4422e8b0a80ae
parent	8ab97c9c35f502005c23eb7adb3a8a0177f11630 (diff)