X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=html%2Fdoc-mail.wml;h=c55b085036fe66fd2ec562ee85bb4caafd23331a;hb=712882bed03f34294430475147c296e66bfb315a;hp=1544ad1d48e84cf4a380507de91aaa1820162fb9;hpb=67b97e55d95a26cfbc551c7f87fc233fb00bb7e2;p=mirror%2Fuserdir-ldap-cgi.git

diff --git a/html/doc-mail.wml b/html/doc-mail.wml
index 1544ad1..c55b085 100644
--- a/html/doc-mail.wml
+++ b/html/doc-mail.wml
@@ -1,4 +1,7 @@
 #use wml::db.d.o title="LDAP Gateway"
+#use wml::vbar
+
+<dsatoc/>
 
 <p>
 The LDAP directory has a PGP secured mail gateway that
@@ -108,16 +111,27 @@ which will set the authentication key to the identity you are using.
 
 Multiple keys per user are supported, but they must all be sent at once.
 
+Keys can be exported to a subset of machines by prepending
+<b>allowed_hosts=$fqdn,$fqdn2</b> to the specific key. The allowed machines
+must only be separated by a comma.
+
+<i>Example:</i>
+<pre>
+# cat .ssh/debian-machines.pub
+allowed_hosts=ravel.debian.org,gluck.debian.org ssh-rsa AAAAB3Nz..mOX/JQ== user@machine
+ssh-rsa AAAAB3Nz..uD0khQ== user@machine
+</pre>
+
 <li>RBL, RHSBL, and whitelists can only be updated via the mail gateway.  Like
 DNS and ssh keys, any list specified must be specified in its enterity.  The format is:
 <b>listtype</b> <b>dns.domain.of.rbl/IP to whitelist</b> where listtype is one of mailRBL,
 mailRHSBL, and mailWhitelist
 
-<li>Debian.net DNS Zone Entry. The only way to get a debian.net address is
-to use the mail gateway. It
-will verify the request and prevent name collisions automatically. Requests
-can take three forms: <tt>'foo in a 1.2.3.4'</tt>, <tt>'foo in cname
-foo.bar.'</tt>, or <tt>'foo in mx 10 foo.bar.'</tt> (note the trailing dot).
+<li>The only way to get a dnsZoneEntry record for a debian.net address is to
+use the mail gateway. It will verify the request and prevent name collisions
+automatically. Requests can take three forms: <tt>'foo in a 1.2.3.4'</tt>,
+<tt>'foo in cname foo.bar.'</tt>, or <tt>'foo in mx 10 foo.bar.'</tt> (note
+the trailing dot).
 Note that you
 cannot combine CNAME with any other record types. The precise form
 is critical and must not be deviated from.
@@ -153,5 +167,5 @@ a short while before any changes made take effect.
 <p>
 If the mail you're sending to the mail robot is too long for your MTA
 and gets split please use a different mail origin or pass the mail to
-the MTA on a debian.org machine, e.g. gluck:
-<pre>cat .ssh/id_rsa.pub | gpg --clearsign | ssh gluck mail changes@db.debian.org</pre>
+the MTA on a debian.org machine, e.g. ravel:
+<pre>cat .ssh/id_rsa.pub | gpg --clearsign | ssh ravel mail changes@db.debian.org</pre>
