\fBmonkeysphere-authentication\fP takes various subcommands.
.TP
.B setup
-Setup the server for Monkeysphere user authentication. `s' may be
-used in place of `setup'.
+Setup the server for Monkeysphere user authentication. This command
+is idempotent, which means it can be run multiple times to make sure
+the setup is correct, without adversely affecting existing setups.
+`s' may be used in place of `setup'.
.TP
.B update-users [ACCOUNT]...
Rebuild the monkeysphere-controlled authorized_keys files. For each
| grep ^fpr: | cut -d: -f10
}
+# fail if authentication has not been setup
+check_no_setup() {
+ # FIXME: what is the right test to do here?
+ [ -d "$MADATADIR" ] \
+ || failure "This host appears to have not yet been set up for Monkeysphere authentication.
+Please run 'monkeysphere-authentication setup' first."
+}
+
# export signatures from core to sphere
gpg_core_sphere_sig_transfer() {
log debug "exporting core local sigs to sphere..."
;;
'update-users'|'update-user'|'u')
+ check_no_setup
source "${MASHAREDIR}/update_users"
update_users "$@"
;;
'add-identity-certifier'|'add-id-certifier'|'add-certifier'|'c+')
+ check_no_setup
source "${MASHAREDIR}/add_certifier"
add_certifier "$@"
;;
'remove-identity-certifier'|'remove-id-certifier'|'remove-certifier'|'c-')
+ check_no_setup
source "${MASHAREDIR}/remove_certifier"
remove_certifier "$@"
;;
'list-identity-certifiers'|'list-id-certifiers'|'list-certifiers'|'list-certifier'|'c')
+ check_no_setup
source "${MASHAREDIR}/list_certifiers"
list_certifiers "$@"
;;
;;
'gpg-cmd')
+ check_no_setup
gpg_sphere "$@"
;;
fi
else
- log verbose "This system has already set up the Monkeysphere authentication trust core."
+ log verbose "Monkeysphere authentication trust core already exists."
fi
# export the core key to the sphere keyring
fi
else
failure "Could not get monkeysphere-authentication trust guidelines."
+ # FIXME: what does this mean? should we suggest how to fix?
fi
# ensure that we're using the extended trust model (1), and that
log debug "sphere trust model: $TRUST_MODEL"
if [ "$TRUST_MODEL" != '1:3:1' ] ; then
failure "monkeysphere-authentication does not have the expected trust model settings."
+ # FIXME: what does this mean? should we suggest how to fix?
fi
}