From e249ba513bc97b06f7808373294c249aa14bbda1 Mon Sep 17 00:00:00 2001
From: Jamie McClelland <jm@mayfirst.org>
Date: Tue, 29 Mar 2011 22:08:13 -0400
Subject: adding ability for monkeysphere user setup

---
 README | 66 ++++++++++++++++++++++++++++++++++++++++++++++++------------------
 1 file changed, 48 insertions(+), 18 deletions(-)

(limited to 'README')

diff --git a/README b/README
index cc44499..a1d3595 100644
--- a/README
+++ b/README
@@ -1,31 +1,61 @@
 The monkeysphere puppet module is designed to help you manage your servers
-using the monkeysphere[0].
+and users using the monkeysphere[0].
 
-Example usage:
+Example usage for server setup:
 
-  # assuming you are using the sshd puppet module...
+  # Assuming you are using the sshd puppet module...
   $sshd_authorized_keys_file = "/var/lib/monkeysphere/authorized_keys/%u"
   include sshd
 
-  # import the generated ssh key into the server's gpg ring
-  include monkeysphere::import_key
+  # Optionally, indicate your preferred keyserver. You can specify a server
+  # under your control and not accessible to the public or
+  # pool.sks-keyservers.net if you want to publish to the public pool. The
+  # value you specify here will be used for all monkeysphere and gpg commands
+  $monkeysphere_keyserver = "zimmermann.mayfirst.org" 
+  include monkeysphere
 
-  # add host names to the array below if you do not want them published to the
-  # web of trust
-  $monkeysphere_no_publish = [ "animal.mayfirst.org", "test.mayfirst.org" ]
-  include monkeysphere::publish_key
+  # Ensure the server's ssh key is imported into your monkeysphere key ring
+  monkeysphere::import_key { "main": }
 
-  # add the fingerprints of the gpgids that should be certifiers
-  monkeysphere::add_certifiers { dkg:
-	  keyid => "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" 
-  }
-  monkeysphere::add_certifiers { jamie:
+  # Optionally publish the server key to a keyserver (as indicated above)
+  monkeysphere::publish_server_keys { "main": } 
+  
+  # Optionally email the server key to your self
+  monkeysphere::email_server_keys { "we@ourdomain.org": }
+
+  # Be sure to sign the server's key!
+
+  # Indiciate the fingerprint of the gpg key that should be used
+  # to verify user ids. You can repeat this for as many certifiers
+  # as you need
+  monkeysphere::add_id_certifier { "jamie":
 	  keyid => "1CB57C59F2F42470238F53ABBB0B7EE15F2E4935" 
   }
-
-  # add a authorized_user_ids file for the root user
-  monkeysphere::root_authorized_user_ids { main:
-	  file => "puppet:///files/monkeysphere/root/authorized_user_ids" 
+  
+  # Indicate who should have root access on the server 
+  monkeysphere::authorized_user_ids { "root":
+	  user_ids => [ "sarah <sarah@ourgroup.org>" , "jose <josue@ourgroup.org" ] 
   } 
 
+In addition, you may want to create a password-less key for a user to use
+when logging into another server (e.g. if you want automated backups from
+one server to another).
+
+Example usage for user setup:
+
+  # Ensure that the root user has authentication capable
+  # monkeysphere key 
+  monkeysphere::auth_capable_user { "root": }
+
+  # Optionally publish the key
+  monkeysphere::publish_user_key { "root": } 
+
+  # Grant full trust to a gpg key so the root user can properly
+  # authenticate servers to which it connects
+  # You can run this as many times as you want
+  monkeysphere::owner_trust { "jamie":
+	  fingerprint => "0EE5BE979282D80B9F7540F1CCD2ED94D21739E9" 
+  }
+   
+
 0. http://monkeysphere.info/
-- 
cgit v1.2.3