diff options
-rw-r--r-- | man/man8/monkeysphere-server.8 | 10 | ||||
-rwxr-xr-x | src/monkeysphere-server | 17 |
2 files changed, 19 insertions, 8 deletions
diff --git a/man/man8/monkeysphere-server.8 b/man/man8/monkeysphere-server.8 index e9784b6..3a50aac 100644 --- a/man/man8/monkeysphere-server.8 +++ b/man/man8/monkeysphere-server.8 @@ -54,10 +54,12 @@ place of `publish-key'. .TP .B add-identity-certifier KEYID Instruct system to trust user identity certifications made by KEYID. -A certifier domain can be specified with the `-n' or `--domain' -option. A certifier trust level can be specified with the `-t' or -`--trust' option (possible values are `1' for `marginal' and `2' for -`full' (default is `2')). A certifier trust depth can be specified +Using the `-n' or `--domain' option allows you to indicate that you +only trust the given KEYID to make identifications within a specific +domain (e.g. "trust KEYID to certify user identities within the +@example.org domain"). A certifier trust level can be specified with +the `-t' or `--trust' option (possible values are `marginal' and +`full' (default is `full')). A certifier trust depth can be specified with the `-d' or `--depth' option (default is 1). `a' may be used in place of `add-identity-certifier'. .TP diff --git a/src/monkeysphere-server b/src/monkeysphere-server index 6534fa1..4d7acc6 100755 --- a/src/monkeysphere-server +++ b/src/monkeysphere-server @@ -47,8 +47,8 @@ subcommands: publish-key (p) publish server's host key to keyserver add-identity-certifier (a) KEYID import and tsign a certification key - -n|--domain DOMAIN domain of certifier () - -t|--trust TRUST trust level of certifier (2) + -n|--domain DOMAIN limit ID certifications to IDs in DOMAIN () + -t|--trust TRUST trust level of certifier (full) -d|--depth DEPTH trust depth for certifier (1) remove-identity-certifier (r) KEYID remove a certification key list-identity-certifiers (l) list certification keys @@ -383,10 +383,11 @@ add_certifier() { local keyID local fingerprint local ltsignCommand + local trustval # set default values for trust depth and domain domain= - trust=2 + trust=full depth=1 # get options @@ -450,12 +451,20 @@ add_certifier() { # export the key to the host keyring gpg_authentication "--export $keyID" | gpg_host --import + if [ "$trust" == marginal ]; then + trustval=1 + elif [ "$trust" == full ]; then + trustval=2 + else + failure "trust value requested ('$trust') was unclear (only 'marginal' or 'full' are supported)" + fi + # ltsign command # NOTE: *all* user IDs will be ltsigned ltsignCommand=$(cat <<EOF ltsign y -$trust +$trustval $depth $domain y |