From e6a41995792ee8b7a3dbce1e763e40447e45755f Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Thu, 6 May 2010 11:24:55 -0400 Subject: support x509 anchors for monkeysphere-host, allow shared anchors between m-a and mh (closes MS #2288) --- man/man8/monkeysphere-authentication.8 | 5 ++++- man/man8/monkeysphere-host.8 | 8 ++++++++ 2 files changed, 12 insertions(+), 1 deletion(-) (limited to 'man') diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index ea9debd..7c12673 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -177,10 +177,13 @@ false may expose users to abuse by other users on the system. (true) /etc/monkeysphere/monkeysphere\-authentication.conf System monkeysphere-authentication config file. .TP -/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt +/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt or\p \ +/etc/monkeysphere/monkeysphere\-x509\-anchors.crt If monkeysphere-authentication is configured to query an hkps keyserver, it will use X.509 Certificate Authority certificates in this file to validate any X.509 certificates used by the keyserver. +If the monkeysphere-authentication-x509 file is present, the +monkeysphere-x509 file will be ignored. .TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. diff --git a/man/man8/monkeysphere-host.8 b/man/man8/monkeysphere-host.8 index 00ea777..f3e0d43 100644 --- a/man/man8/monkeysphere-host.8 +++ b/man/man8/monkeysphere-host.8 @@ -222,6 +222,14 @@ Monkeysphere\-enabled services on the host. /var/lib/monkeysphere/host/ A locked directory (readable only by the superuser) containing copies of all imported secret keys (this is the host's GNUPGHOME directory). +.TP +/etc/monkeysphere/monkeysphere\-host\-x509\-anchors.crt or\p \ +/etc/monkeysphere/monkeysphere\-x509\-anchors.crt +If monkeysphere-host is configured to query an hkps keyserver for +publish-keys, it will use X.509 Certificate Authority certificates in +this file to validate any X.509 certificates used by the keyserver. +If the monkeysphere-host-x509 file is present, the monkeysphere-x509 +file will be ignored. .SH AUTHOR -- cgit v1.2.3