diff options
author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-07-10 19:08:25 -0400 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-07-10 19:08:25 -0400 |
commit | c9260d86968ed2a0ba302ce2a3f9fc6e94f6d39a (patch) | |
tree | 1fc76bd0bd0572a01c11258b7c887c88ad9d2675 /man/man1 | |
parent | 13298a58b39438ae9892194578b8b8f3d3b6013a (diff) |
update proxycommand man page.
Diffstat (limited to 'man/man1')
-rw-r--r-- | man/man1/monkeysphere-ssh-proxycommand.1 | 19 |
1 files changed, 14 insertions, 5 deletions
diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1 index c4196f2..0e6d18d 100644 --- a/man/man1/monkeysphere-ssh-proxycommand.1 +++ b/man/man1/monkeysphere-ssh-proxycommand.1 @@ -32,15 +32,24 @@ The proxy command has a fairly nuanced policy for when keyservers are queried when processing host. If the host userID is not found in either the user's keyring or in the known_hosts file, then the keyserver is queried for the host userID. If the host userID is found -in the user's keyring, then the keyserver is not checked. This is -because... If the host userID is not found in the user's keyring, but -the host is listed in the known_hosts file, then defered check is -scheduled. +in the user's keyring, then the keyserver is not checked. This +assumes that the keyring is kept up-to-date, in a cron job or the +like, so that revokations are properly handled. If the host userID is +not found in the user's keyring, but the host is listed in the +known_hosts file, then the keyserver is not checked. This last policy +might change in the future, possibly by adding a defered check, so +that hosts that go from non-monkeysphere-enabled to +monkeysphere-enabled will be properly checked. .SH ENVIRONMENT VARIABLES +All environment variables defined in monkeysphere(1) can also be used +for the proxycommand, with one note: + .TP -KEYSERVER The keyserver to query. +MONKEYSPHERE_CHECK_KEYSERVER +Setting this variable (to `true' or `false') will override the policy +defined in KEYSERVER CHECKING above. .SH AUTHOR |