don't use sentence fragments, make the docs searchable

[mirror/userdir-ldap-cgi.git] / html / doc-mail.wml

diff --git a/html/doc-mail.wml b/html/doc-mail.wml
index 1544ad1..99fcb04 100644 (file)
--- a/html/doc-mail.wml
+++ b/html/doc-mail.wml
@@ -108,16 +108,27 @@ which will set the authentication key to the identity you are using.
 
 Multiple keys per user are supported, but they must all be sent at once.
 
 
 Multiple keys per user are supported, but they must all be sent at once.
 

+Keys can be exported to a subset of machines by prepending
+<b>allowed_hosts=$fqdn,$fqdn2</b> to the specific key. The allowed machines
+must only be separated by a comma.
+
+<i>Example:</i>
+<pre>
+# cat .ssh/debian-machines.pub
+allowed_hosts=ravel.debian.org,gluck.debian.org ssh-rsa AAAAB3Nz..mOX/JQ== user@machine
+ssh-rsa AAAAB3Nz..uD0khQ== user@machine
+</pre>
+

 <li>RBL, RHSBL, and whitelists can only be updated via the mail gateway.  Like
 DNS and ssh keys, any list specified must be specified in its enterity.  The format is:
 <b>listtype</b> <b>dns.domain.of.rbl/IP to whitelist</b> where listtype is one of mailRBL,
 mailRHSBL, and mailWhitelist
 
 <li>RBL, RHSBL, and whitelists can only be updated via the mail gateway.  Like
 DNS and ssh keys, any list specified must be specified in its enterity.  The format is:
 <b>listtype</b> <b>dns.domain.of.rbl/IP to whitelist</b> where listtype is one of mailRBL,
 mailRHSBL, and mailWhitelist
 

-<li>Debian.net DNS Zone Entry. The only way to get a debian.net address is
-to use the mail gateway. It
-will verify the request and prevent name collisions automatically. Requests
-can take three forms: <tt>'foo in a 1.2.3.4'</tt>, <tt>'foo in cname
-foo.bar.'</tt>, or <tt>'foo in mx 10 foo.bar.'</tt> (note the trailing dot).
+<li>The only way to get a dnsZoneEntry record for a debian.net address is to
+use the mail gateway. It will verify the request and prevent name collisions
+automatically. Requests can take three forms: <tt>'foo in a 1.2.3.4'</tt>,
+<tt>'foo in cname foo.bar.'</tt>, or <tt>'foo in mx 10 foo.bar.'</tt> (note
+the trailing dot).

 Note that you
 cannot combine CNAME with any other record types. The precise form
 is critical and must not be deviated from.
 Note that you
 cannot combine CNAME with any other record types. The precise form
 is critical and must not be deviated from.


@@ -153,5 +164,5 @@ a short while before any changes made take effect.
 <p>
 If the mail you're sending to the mail robot is too long for your MTA
 and gets split please use a different mail origin or pass the mail to
 <p>
 If the mail you're sending to the mail robot is too long for your MTA
 and gets split please use a different mail origin or pass the mail to

-the MTA on a debian.org machine, e.g. gluck:
-<pre>cat .ssh/id_rsa.pub | gpg --clearsign | ssh gluck mail changes@db.debian.org</pre>
+the MTA on a debian.org machine, e.g. ravel:
+<pre>cat .ssh/id_rsa.pub | gpg --clearsign | ssh ravel mail changes@db.debian.org</pre>