Remove {update,remove}-userids functions, since we decided they

weren't worth it.  Updated man pages as well.

3 files changed, 24 insertions, 38 deletions

diff --git a/man/man1/monkeysphere-ssh-proxycommand.1 b/man/man1/monkeysphere-ssh-proxycommand.1
index 5fabb91..c4196f2 100644
--- a/man/man1/monkeysphere-ssh-proxycommand.1
+++ b/man/man1/monkeysphere-ssh-proxycommand.1
@@ -18,17 +18,29 @@ or by adding the following line to your ~/.ssh/config script:
 
 .B ProxyCommand monkeysphere-ssh-proxycommand %h %p
 
-The script is very simple, and can easily be incorporated into other
-ProxyCommand scripts.  It first tests to see if the host is in the
-known_hosts file.  If it's not, the CHECK_KEYSERVER variable is set to
-true and "update-known_hosts" is run for the host to check for a host
-key for that host.  If the host is found in the known_hosts file,
-CHECK_KEYSERVER is set to false and "update-known_hosts" is run to
-update from the local keychain.
+The script can easily be incorporated into other ProxyCommand scripts
+by calling it with the "--no-connect" option, ie:
 
-Run the following command for more info:
+.B monkeysphere-ssh-proxycommand --no-connect "$HOST" "$PORT"
 
-.B less $(which monkeysphere-ssh-proxycommand)
+This will run everything but will not exec netcat to make the tcp
+connection to the host.
+
+.SH KEYSERVER CHECKING
+
+The proxy command has a fairly nuanced policy for when keyservers are
+queried when processing host.  If the host userID is not found in
+either the user's keyring or in the known_hosts file, then the
+keyserver is queried for the host userID.  If the host userID is found
+in the user's keyring, then the keyserver is not checked.  This is
+because...  If the host userID is not found in the user's keyring, but
+the host is listed in the known_hosts file, then defered check is
+scheduled.
+
+.SH ENVIRONMENT VARIABLES
+
+.TP
+KEYSERVER The keyserver to query.
 
 .SH AUTHOR
 
diff --git a/man/man1/monkeysphere.1 b/man/man1/monkeysphere.1
index f36d69e..30e35bb 100644
--- a/man/man1/monkeysphere.1
+++ b/man/man1/monkeysphere.1
@@ -33,20 +33,6 @@ is done.  If no hosts are specified, all hosts listed in the
 known_hosts file will be processed.  `k' may be used in place of
 `update-known_hosts'.
 .TP
-.B update-userids [USERID]...
-Add/update a user ID to the authorized_user_ids file.  The user IDs
-specified should be exact matches to OpenPGP user IDs.  For each
-specified user ID, gpg will be queried for a key associated with that
-user ID, querying a keyserver if specified.  If a key is found, the
-user ID will be added to the user's authorized_user_ids file (if it
-wasn't already present).  `u' may be used in place of
-`update-userids'.
-.TP
-.B remove-userids [USERID]...
-Remove a user ID from the authorized_user_ids file.  The user IDs
-specified should be exact matches to OpenPGP user IDs.  `r' may be
-used in place of `remove-userids'.
-.TP
 .B update-authorized_keys
 Update the monkeysphere authorized_keys file.  For each user ID in the
 user's authorized_user_ids file, gpg will be queried for keys
@@ -78,9 +64,7 @@ specification for the host, ie. "ssh://host.full.domain".
 GPG keys are considered acceptable if the following criteria are met:
 .TP
 .B capability
-For host keys, the key must have both the "authentication" ("a") and
-"encrypt" ("e") capability flags.  For user keys, the key must have
-the "authentication" ("a") capability flag.
+The key must have the "authentication" ("a") usage flag set.
 .TP
 .B validity
 The key must be "fully" valid, and must not be expired or revoked.
@@ -97,9 +81,6 @@ System-wide monkeysphere config file.
 ~/.config/monkeysphere/authorized_user_ids
 OpenPGP user IDs associated with keys that will be checked for
 addition to the authorized_keys file.
-.TP
-~/.config/monkeysphere/authorized_keys
-Monkeysphere generated authorized_keys file.
 
 .SH AUTHOR
 
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8
index 28149fb..3073adc 100644
--- a/man/man8/monkeysphere-server.8
+++ b/man/man8/monkeysphere-server.8
@@ -23,7 +23,8 @@ be used for authentication of ssh connections.
 .TP
 .B update-users [USER]...
 Update the admin-controlled authorized_keys files for user.  For each
-user specified, update the user's authorized_keys file in
+user specified, user ID's listed in the user's authorized_user_ids
+file are processed, and the user's authorized_keys file in
 /var/cache/monkeysphere/authorized_keys/USER.  See `man monkeysphere'
 for more info.  If the USER_CONTROLLED_AUTHORIZED_KEYS variable is
 set, then a user-controlled authorized_keys file (usually
@@ -46,14 +47,6 @@ of `publish-key'.
 Mark key specified with key IDs with full owner trust.  `t' may be used
 in place of `trust-keys'.
 .TP
-.B update-user-userids USER USERID...
-Add/update a user ID to the authorized_user_ids file for USER.  `u' may
-be used in place of `update-user-userids'.
-.TP
-.B remove-user-userids USER USERID...
-Remove a user ID from the authorized_user_ids file for USER.  `r' may
-be used in place of `remove-user-userids'.
-.TP
 .B help
 Output a brief usage summary.  `h' or `?' may be used in place of
 `help'.