diff options
author | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-09 01:45:31 -0400 |
---|---|---|
committer | Jameson Graef Rollins <jrollins@phys.columbia.edu> | 2008-06-09 01:45:31 -0400 |
commit | d89dfcbf8f15e50f807a1aa133e967ff06cb37fb (patch) | |
tree | d5526bb5f6fcc85f76d77a5a80f02d38198cca01 /monkeysphere.conf | |
parent | 241be7ab4a86d3d578de9b5499824a6e34bfd64c (diff) |
more work on rhesus
- known_hosts processing know processes known_hosts file directly
- uses "ssh-keygen -R" to remove keys as necessary
- known_hosts lines can be hashed if requested
- added ability to specify required key capability
- added ability to specify if user authorized_keys file is added
Diffstat (limited to 'monkeysphere.conf')
-rw-r--r-- | monkeysphere.conf | 17 |
1 files changed, 16 insertions, 1 deletions
diff --git a/monkeysphere.conf b/monkeysphere.conf index cd5e3b2..6401203 100644 --- a/monkeysphere.conf +++ b/monkeysphere.conf @@ -4,7 +4,7 @@ # rhesus shell script when run in administrative mode to maintain # authorized_keys files for users. -AUTH_USER_FILE=/etc/monkeysphere/auth_user_ids/"$USER" +AUTHORIZED_USER_IDS=/etc/monkeysphere/authorized_user_ids/"$USER" STAGING_AREA=/var/lib/monkeysphere/stage/"$USER" @@ -13,3 +13,18 @@ GNUPGHOME=/etc/monkeysphere/gnupg # gpg keyserver to search for keys KEYSERVER=subkeys.pgp.net + +# required capabilities of keys +# must be quoted, lowercase, space-seperated list of the following: +# e = encrypt +# s = sign +# c = certify +# a = authentication +REQUIRED_KEY_CAPABILITY="e a" + +# Path to user-controlled authorized_keys file to add to +# Monkeysphere-generated authorized_keys file. If empty, then no +# user-controlled file will be added. To specify the user's home +# directory, use the string "~${USER}" +USER_CONTROLLED_AUTHORIZED_KEYS="~${USER}/.ssh/authorized_keys" + |