Separate required key capability variables for users and hosts.

Change default for user to be "a", and host to be "e a".

2 files changed, 11 insertions, 4 deletions

diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index 3c16c5f..82da497 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -1,20 +1,23 @@
 # MonkeySphere server configuration file.
 
+# This is an sh-style shell configuration file.  Variable names should
+# be separated from their assignements by a single '=' and no spaces.
+
 # GPG home directory for server
 #GNUPGHOME=/etc/monkeysphere/gnupg
 
 # GPG keyserver to search for keys
 #KEYSERVER=subkeys.pgp.net
 
-# Required key capabilities
+# Required user key capabilities
 # Must be quoted, lowercase, space-seperated list of the following:
 #   e = encrypt
 #   s = sign
 #   c = certify
 #   a = authentication
-#REQUIRED_KEY_CAPABILITY="e a"
+#REQUIRED_USER_KEY_CAPABILITY="a"
 
 # Whether to add user controlled authorized_keys file to
 # monkeysphere-generated authorized_keys file.  Should be path to file
-# where '%h' will be substituted for the user's home directory.
+# where '%h' will be replaced by the home directory of the user.
 #USER_CONTROLLED_AUTHORIZED_KEYS=%h/.ssh/authorized_keys
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index 385165a..d478b93 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -1,5 +1,8 @@
 # MonkeySphere system-wide client configuration file.
 
+# This is an sh-style shell configuration file.  Variable names should
+# be separated from their assignements by a single '=' and no spaces.
+
 # authorized_user_ids file
 #AUTHORIZED_USER_IDS=~/.config/monkeysphere/authorized_user_ids
 
@@ -15,7 +18,8 @@
 #   s = sign
 #   c = certify
 #   a = authentication
-#REQUIRED_KEY_CAPABILITY="e a"
+#REQUIRED_HOST_KEY_CAPABILITY="e a"
+#REQUIRED_USER_KEY_CAPABILITY="a"
 
 # Path to user-controlled authorized_keys file to add to
 # Monkeysphere-generated authorized_keys file. If empty, then no