From e6a41995792ee8b7a3dbce1e763e40447e45755f Mon Sep 17 00:00:00 2001
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Date: Thu, 6 May 2010 11:24:55 -0400
Subject: support x509 anchors for monkeysphere-host, allow shared anchors
 between m-a and mh (closes MS #2288)

---
 man/man8/monkeysphere-authentication.8 | 5 ++++-
 man/man8/monkeysphere-host.8           | 8 ++++++++
 2 files changed, 12 insertions(+), 1 deletion(-)

(limited to 'man')

diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8
index ea9debd..7c12673 100644
--- a/man/man8/monkeysphere-authentication.8
+++ b/man/man8/monkeysphere-authentication.8
@@ -177,10 +177,13 @@ false may expose users to abuse by other users on the system. (true)
 /etc/monkeysphere/monkeysphere\-authentication.conf
 System monkeysphere-authentication config file.
 .TP
-/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt
+/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \
+/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
 If monkeysphere-authentication is configured to query an hkps
 keyserver, it will use X.509 Certificate Authority certificates in
 this file to validate any X.509 certificates used by the keyserver.
+If the monkeysphere-authentication-x509 file is present, the
+monkeysphere-x509 file will be ignored.
 .TP
 /var/lib/monkeysphere/authorized_keys/USER
 Monkeysphere-generated user authorized_keys files.
diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8
index 00ea777..f3e0d43 100644
--- a/man/man8/monkeysphere-host.8
+++ b/man/man8/monkeysphere-host.8
@@ -222,6 +222,14 @@ Monkeysphere\-enabled services on the host.
 /var/lib/monkeysphere/host/
 A locked directory (readable only by the superuser) containing copies
 of all imported secret keys (this is the host's GNUPGHOME directory).
+.TP
+/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \
+/etc/monkeysphere/monkeysphere\-x509\-anchors.crt
+If monkeysphere-host is configured to query an hkps keyserver for
+publish-keys, it will use X.509 Certificate Authority certificates in
+this file to validate any X.509 certificates used by the keyserver.
+If the monkeysphere-host-x509 file is present, the monkeysphere-x509
+file will be ignored.
 
 .SH AUTHOR
 
-- 
cgit v1.2.3