NAME

ca-config - the CA Bot rc file


INTRODUCTION

cabot is configured using ~/.cabotrc. This file is executed as Perl script. (So it gives you lots of rope!) It also gives you the possibility to refer to other variable names in new variables, e.g.:

 $CONFIG{'signoff'} = 'CA software running on behalf of ' .
   $CONFIG{'fullname'} .' <'. $CONFIG{'realaddress'}.'>';

The script is expected to define a hash %CONFIG.

All keys should have strings as their values, except for $CONFIG{'keyservers'}, which holds a reference to an array.

The various keys and their meaning are:

cabothome
Used in ca-recv(1). [FIXME: is exporting this variable necesarry? See ca-recv code.]

sendoutdir
A string containing a directoryname where to-get-signed public keys, as well as secret cookies, get stored. Used by ca-createsendout(1) and ca-sendout(1).

sentdir
Where stuff in sendoutdir gets moved to, after challenge is sent. Used by ca-recv(1) and ca-sendout(1). ca-recv(1) removes this directory before exiting.

tosign
A string containing a directoryname where a file LOG as well as a file upload get stored. Used by ca-recv(1), which moves sentdir to tosign and ca-dosign(1), which moves tosign to done.

done
A string containing a directoryname where a file final.mail gets stored. Used by ca-dosign(1), which moves tosign to done.

BCCmail
An email address you'd like to get Bcc's of cabot emails. Used in the mails sent by ca-dosign(1), ca-recv(1) and ca-sendout(1).

bot
An email adress with comment (like
 $CONFIG{'bot'} = "The CA Bot of John Doe <john-cabot@example.com>";

), under which the bot is running. Used in the emails sent by ca-dosign(1), ca-recv(1) and ca-sendout(1).

name
An email address with comment (like
 $CONFIG{'name'} = "John Doe <john-cabot@example.com>";

), used by the person controlling the bot. Used in the emails sent by ca-dosign(1) and ca-recv(1).

signoff
A signature-like blurb, used in the email sent by ca-sendout(1) to define the sender in a human-readable way.

preamble
An explanatory text, used in the email sent by ca-sendout(1). Mailed in clear text.

keyid
The space seperated list of keyids of the keys that should be used to sign keys which have completed the challenge.

sendmail
Pipe for sending mail. Usually '|/usr/lib/sendmail -t'.

keyservers
List of keyservers (IP's and/or hostnames), used by ca-createsendout(1), ca-dosign(1), to fetch and upload public keys. Passed to GnuPG::Interface.

GPG
Override default gpg binary. This setting is used only during the actual signing phase of the process. It lets you use gpg wrapper like q-agent and agpg which saves passphrase typing.

want_recv_notice
Set to no if you don't want to get email notices when you have a new key to sign.

challenge_encrypt_self_to
Set this to the space-separated list of keyids you want the challenge to be encrypted to, in addition to the keyid that the challenge is intended for. This is useful if you want to get a copy of every challenge and be able to decrypt them too. Leave undefined to disable.


EXAMPLE

An example ~/.cabotrc file is installed in /usr[/local]/share/doc/cabot/examples/cabotrc .


FILES

~/.cabotrc


SEE ALSO

ca-bot(7)

Ideas how to setup ca-bot can be found in /usr/[local/]share/doc/cabot/ca-bot-noroot.txt (setup with procmail) and /usr/[local/]share/doc/cabot/cabot-micro-howto.txt.gz (setup with special user cabot). The first method is recommended, as it doesn't require root access.


VERSION

This manpage: $Id: ca-config.pod 190 2005-05-03 18:57:47Z lfousse $


COPYRIGHT

Copyright (c) 2003 Joost van Baal

Cabot is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2, or (at your option) any later version.

Cabot is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with GNU Privacy Guard; if not, write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.