#use wml::db.d.o title="LDAP Gateway"
+#use wml::vbar
+
+<dsatoc/>
<p>
The LDAP directory has a PGP secured mail gateway that
which will set the authentication key to the identity you are using.
Multiple keys per user are supported, but they must all be sent at once.
+To retrieve the existing SSH keys in order to merge existing keys
+with new ones, use the 'show' command documented below.
Keys can be exported to a subset of machines by prepending
<b>allowed_hosts=$fqdn,$fqdn2</b> to the specific key. The allowed machines
<b>listtype</b> <b>dns.domain.of.rbl/IP to whitelist</b> where listtype is one of mailRBL,
mailRHSBL, and mailWhitelist
-<li>Debian.net DNS Zone Entry. The only way to get a debian.net address is
-to use the mail gateway. It
-will verify the request and prevent name collisions automatically. Requests
-can take three forms: <tt>'foo in a 1.2.3.4'</tt>, <tt>'foo in cname
-foo.bar.'</tt>, or <tt>'foo in mx 10 foo.bar.'</tt> (note the trailing dot).
-Note that you
-cannot combine CNAME with any other record types. The precise form
-is critical and must not be deviated from.
+<li>The only way to get a dnsZoneEntry record for a debian.net address is to
+use the mail gateway. It will verify the request and prevent name collisions
+automatically. Requests can take several forms:
+ <dl>
+ <dt><tt>foo in a 192.0.2.123</tt></dt>
+ <dd>to create an A record for <tt>foo.debian.net</tt></dd>
+
+ <dt><tt>foo in aaaa 2001:DB8::12:34</tt></dt>
+ <dd>to create an AAAA record for <tt>foo.debian.net</tt></dd>
+
+ <dt><tt>foo in cname example.org.</tt></dt>
+ <dd>to create a CNAME record for <tt>foo.debian.net</tt></dd>
+
+ <dt><tt>'foo in txt plain text here'</tt></dt>
+ <dd>to create a TXT record for <tt>foo.debian.net</tt></dd>
+
+ <dt><tt>foo in mx 10 example.org.</tt></dt>
+ <dd>to create an MX record for <tt>foo.debian.net</tt></dd>
+ </dl>
+
+Please note the trailing dot for the CNAME and MX records.
+Note that you cannot combine CNAME with any other record types.
+The precise form is critical and must not be deviated from.
Like the SSH function above, multiple hosts are supported, but they must all
be sent at once. The debian.net zone is reloaded hourly.
<li>If the single word <b>show</b> appears on a line then a PGP encrypted version
-of the entire record will be attached to the resulting email.
+of the entire record will be attached to the resulting email. For example:
+<pre>echo show | gpg --clearsign | mail changes@db.debian.org</pre>
+
</ul>
After processing the requests the daemon will generate a report which contains
a short while before any changes made take effect.
<p>
If the mail you're sending to the mail robot is too long for your MTA
-and gets split please use a different mail origin or pass the mail to
-the MTA on a debian.org machine, e.g. ravel:
-<pre>cat .ssh/id_rsa.pub | gpg --clearsign | ssh ravel mail changes@db.debian.org</pre>
+and gets split, or if you want something that is more robust while copy pasting
+into a web-mailer, you can try to create a non-clearsigned message and mail
+that to changes@db.debian.org:
+<pre>cat .ssh/id_rsa.pub | gpg --armor --sign</pre>
projects / mirror / userdir-ldap-cgi.git / blobdiff