From 24da4d0207c8d3c7586871dac3eea9d2a0b864c3 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sun, 14 Mar 2010 03:06:32 -0400 Subject: [PATCH] enable use of hkps (closes: MS #1749) --- man/man8/monkeysphere-authentication.8 | 5 +++++ src/share/ma/setup | 1 + 2 files changed, 6 insertions(+) diff --git a/man/man8/monkeysphere-authentication.8 b/man/man8/monkeysphere-authentication.8 index 8732157..ea9debd 100644 --- a/man/man8/monkeysphere-authentication.8 +++ b/man/man8/monkeysphere-authentication.8 @@ -177,6 +177,11 @@ false may expose users to abuse by other users on the system. (true) /etc/monkeysphere/monkeysphere\-authentication.conf System monkeysphere-authentication config file. .TP +/etc/monkeysphere/monkeysphere\-authentication\-x509\-anchors.crt +If monkeysphere-authentication is configured to query an hkps +keyserver, it will use X.509 Certificate Authority certificates in +this file to validate any X.509 certificates used by the keyserver. +.TP /var/lib/monkeysphere/authorized_keys/USER Monkeysphere-generated user authorized_keys files. .TP diff --git a/src/share/ma/setup b/src/share/ma/setup index 6c75fef..f965487 100644 --- a/src/share/ma/setup +++ b/src/share/ma/setup @@ -43,6 +43,7 @@ EOF # Edits will be overwritten. no-greeting list-options show-uid-validity +keyserver-options ca-cert-file=${SYSCONFIGDIR}/monkeysphere-authentication-x509-anchors.crt EOF # make sure the monkeysphere user owns everything in the sphere -- 2.26.2