Move to /var/lib/monkeysphere instead of /var/cache/monkeysphere.

Improve ms-server update-user function.  Update/fix config files to
remove some unwanted configs, and clarify some things.

2 files changed, 11 insertions, 42 deletions

diff --git a/etc/monkeysphere-server.conf b/etc/monkeysphere-server.conf
index 85b37c1..defb0f7 100644
--- a/etc/monkeysphere-server.conf
+++ b/etc/monkeysphere-server.conf
@@ -3,23 +3,9 @@
 # This is an sh-style shell configuration file.  Variable names should
 # be separated from their assignements by a single '=' and no spaces.
 
-#FIXME: shouldn't this be in /var by default? These are not text
-#files, and they should generally not be managed directly by the
-#admin:
-# GPG home directory for server
-#GNUPGHOME=/etc/monkeysphere/gnupg
-
 # GPG keyserver to search for keys
 #KEYSERVER=subkeys.pgp.net
 
-# Required user key capabilities
-# Must be quoted, lowercase, space-seperated list of the following:
-#   e = encrypt
-#   s = sign
-#   c = certify
-#   a = authentication
-#REQUIRED_USER_KEY_CAPABILITY="a"
-
 # Path to authorized_user_ids file to process to create
 # authorized_keys file.  '%h' will be replaced by the home directory
 # of the user, and %u will be replaced by the username of the user.
@@ -27,17 +13,10 @@
 # in /etc/monkeysphere/authorized_user_ids/%u
 #AUTHORIZED_USER_IDS="%h/.config/monkeysphere/authorized_user_ids"
 
-#FIXME: why is the following variable named USER_CONTROLLED_...?
-#shouldn't this be something like MONKEYSPHERE_RAW_AUTHORIZED_KEYS
-#instead?  For example, what about a server where the administrator
-#has locked down the authorized_keys file from user control, but still
-#wants to combine raw authorized_keys for some users with the
-#monkeysphere?
-
 # Whether to add user controlled authorized_keys file to
 # monkeysphere-generated authorized_keys file.  Should be path to file
 # where '%h' will be replaced by the home directory of the user or
 # '%u' by the username.  To not add any user-controlled file, put "-"
-#FIXME: this usage of "-" contravenes the normal convention where "-"
-#means standard in/out.  Why not use "none" or "" instead?
-#USER_CONTROLLED_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
+# FIXME: this usage of "-" contravenes the normal convention where "-"
+# means standard in/out.  Why not use "none" or "" instead?
+#RAW_AUTHORIZED_KEYS="%h/.ssh/authorized_keys"
diff --git a/etc/monkeysphere.conf b/etc/monkeysphere.conf
index cce9366..aa3a664 100644
--- a/etc/monkeysphere.conf
+++ b/etc/monkeysphere.conf
@@ -9,16 +9,13 @@
 # GPG keyserver to search for keys
 #KEYSERVER=subkeys.pgp.net
 
-# FIXME: consider removing REQUIRED_*_KEY_CAPABILITY entirely from
-# this example config, given our discussion
-# Required key capabilities
-# Must be quoted, lowercase, space-seperated list of the following:
-#   e = encrypt
-#   s = sign
-#   c = certify
-#   a = authentication
-#REQUIRED_HOST_KEY_CAPABILITY="a"
-#REQUIRED_USER_KEY_CAPABILITY="a"
+# Set whether or not to check keyservers at every monkeysphere
+# interaction, including all ssh connections if you use the
+# monkeysphere-ssh-proxycommand.
+# NOTE: setting CHECK_KEYSERVER to true will leak information about
+# the timing and frequency of your ssh connections to the maintainer
+# of the keyserver.
+#CHECK_KEYSERVER=true
 
 # ssh known_hosts file
 #KNOWN_HOSTS=~/.ssh/known_hosts
@@ -28,11 +25,4 @@
 #HASH_KNOWN_HOSTS=true
 
 # ssh authorized_keys file (FIXME: why is this relevant in this file?)
-#AUTHORIZED_KEYS=~/.ssh/known_hosts
-
-# check keyservers at every ssh connection:
-# This overrides other environment variables (FIXME: what does this mean???)
-# NOTE: setting CHECK_KEYSERVER to true will leak information about
-# the timing and frequency of your ssh connections to the maintainer
-# of the keyserver.
-#CHECK_KEYSERVER=true
+#AUTHORIZED_KEYS=~/.ssh/authorized_keys