summaryrefslogtreecommitdiff
path: root/man/man1
diff options
context:
space:
mode:
authorJameson Graef Rollins <jrollins@phys.columbia.edu>2008-07-10 19:08:25 -0400
committerJameson Graef Rollins <jrollins@phys.columbia.edu>2008-07-10 19:08:25 -0400
commitc9260d86968ed2a0ba302ce2a3f9fc6e94f6d39a (patch)
tree1fc76bd0bd0572a01c11258b7c887c88ad9d2675 /man/man1
parent13298a58b39438ae9892194578b8b8f3d3b6013a (diff)
update proxycommand man page.
Diffstat (limited to 'man/man1')
-rw-r--r--man/man1/monkeysphere-ssh-proxycommand.119
1 files changed, 14 insertions, 5 deletions
diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1
index c4196f2..0e6d18d 100644
--- a/man/man1/monkeysphere-ssh-proxycommand.1
+++ b/man/man1/monkeysphere-ssh-proxycommand.1
@@ -32,15 +32,24 @@ The proxy command has a fairly nuanced policy for when keyservers are
queried when processing host. If the host userID is not found in
either the user's keyring or in the known_hosts file, then the
keyserver is queried for the host userID. If the host userID is found
-in the user's keyring, then the keyserver is not checked. This is
-because... If the host userID is not found in the user's keyring, but
-the host is listed in the known_hosts file, then defered check is
-scheduled.
+in the user's keyring, then the keyserver is not checked. This
+assumes that the keyring is kept up-to-date, in a cron job or the
+like, so that revokations are properly handled. If the host userID is
+not found in the user's keyring, but the host is listed in the
+known_hosts file, then the keyserver is not checked. This last policy
+might change in the future, possibly by adding a defered check, so
+that hosts that go from non-monkeysphere-enabled to
+monkeysphere-enabled will be properly checked.
.SH ENVIRONMENT VARIABLES
+All environment variables defined in monkeysphere(1) can also be used
+for the proxycommand, with one note:
+
.TP
-KEYSERVER The keyserver to query.
+MONKEYSPHERE_CHECK_KEYSERVER
+Setting this variable (to `true' or `false') will override the policy
+defined in KEYSERVER CHECKING above.
.SH AUTHOR