diff options
| author | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-05-26 21:46:38 -0400 |
|---|---|---|
| committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2008-05-26 21:46:38 -0400 |
| commit | 56e3a760b8913a4757115d9c0613ff3581c898ff (patch) | |
| tree | f450b0a511e22f1f25fce88b4318058c4e0a09c6 | |
| parent | 4f321fb2967f009b8b3330c62bfec2fcc5475418 (diff) | |
| parent | 2d330bf026a4986e85b65e77fc6bf27df70d02bc (diff) | |
Merge commit 'jrollins/master'
| -rw-r--r-- | doc/README | 9 | ||||
| -rwxr-xr-x | howler/howler | 24 |
2 files changed, 18 insertions, 15 deletions
@@ -61,13 +61,10 @@ that user. However, in order for users to become authenticated, the server must determine that the user keys have "full" validity. This means that the server must fully trust at least one person whose signature on the connecting users key would validate the user. This -would generally be the server admin. If the server admin's userid is +would generally be the server admin. If the server admin's keyid is +XXXXXXXX, then on the server run: -"Alice <alice@foo.com>" - -then the server would run: - -# howler trust-uids "Alice <alice@foo.com>" +# howler trust-key XXXXXXXX To update the ms authorized_keys file for user "bob", the system would then run the following: diff --git a/howler/howler b/howler/howler index d0bb13d..0b67c02 100755 --- a/howler/howler +++ b/howler/howler @@ -17,7 +17,7 @@ usage() { cat <<EOF usage: $PGRM gen-key $PGRM publish-key - $PGRM trust-uids USERID [USERID...] + $PGRM trust-key KEYID [KEYID...] $PGRM help EOF } @@ -78,12 +78,15 @@ publish_key() { echo "gpg --send-keys --keyserver $KEYSERVER $keyID" } -# FIXME: need to figure out how to automate this, in a batch mode -# or something. -trust_uids() { - for userID ; do - gpg --keyserver "$KEYSERVER" --search ="$userID" - gpg --edit-key "$userID" +trust_key() { + for keyID ; do + # get the key from the key server + gpg --keyserver "$KEYSERVER" --recv-key "$keyID" || failure "could not retrieve key '$keyID'" + + # edit the key to change trust + # FIXME: need to figure out how to automate this, + # in a batch mode or something. + gpg --edit-key "$keyID" done } @@ -114,8 +117,11 @@ case $COMMAND in 'publish-key') publish_key ;; - 'trust-uids') - trust_uids "$@" + 'trust-key') + if [ -z "$1" ] ; then + failure "you must specify at least one key to trust." + fi + trust_key "$@" ;; 'help') usage |