[rt-users] Question about User->PGPKey

Jan Hudec bulb at ucw.cz
Tue Aug 23 17:12:22 EDT 2005


On Tue, Aug 23, 2005 at 16:58:01 -0400, Jesse Vincent wrote:
> 
> 
> 
> On Mon, Aug 22, 2005 at 10:26:31PM +0200, Jan Hudec wrote:
> > Hello,
> > 
> > During debugging of Auth::GnuPG enahncement I've noticed that there is
> > User->PGPKey defined, but is does not seem to be possible to set it anywhere
> > in the web interface. What was the plan with this field?
> 
> The field has been there for a couple years. We've never used it ;)
> 
> 
> > 
> > That is I currently have a modified Auth::GnuPG, that, after veryfying the
> > signature looks for "Keys" custom field of the user and compares the key-id
> > (unfortunately it only returns the short key-id) to values of that field. If
> > it matches, that user is authenticated. Otherwise, the mail is rejected. My
> > keydir contains gpg.conf with 'keyserver' option, so the actual keys are
> > downloaded and the IDs are then verified.
> 
> What we've generally recommended was that you not use a keyserver and
> _DO_ keep all your trusted keys in the keyring. It just feels easier to
> maintain for us.

Well, I think in many cases one can let the users provide their keys
themselves. They have to provide the keys if they want to use the mail gate
and they would be against themselves to provide key ids they don't control.
In such cases, letting users to provide the keys makes things easier.

I don't claim it's always the case, but there is certainly a use for it.

Note, that I had to add custom fields to preferences too, so users with
ModifySelf and ModifyCustomField for a field can modify that field on
themselves (that is even if they don't have config tab visible).

--
						 Jan 'Bulb' Hudec <bulb at ucw.cz>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <http://lists.bestpractical.com/pipermail/rt-users/attachments/20050823/ccfdf7a4/attachment.sig>


More information about the rt-users mailing list