diff options
author | Guilhem Moulin <guilhem@fripost.org> | 2021-02-21 18:49:14 +0100 |
---|---|---|
committer | Guilhem Moulin <guilhem@fripost.org> | 2021-02-22 00:14:51 +0100 |
commit | 9898b1877ce2973bbc336921969bd7f16d3698fa (patch) | |
tree | 286901349d8345e204c21bce2b49737cbd72e286 /lacme-accountd.1.md | |
parent | 1bdaeae835b5c9914f9c2107efda150d643cda12 (diff) |
lacme-accountd(1): new setting 'keyid'.
This saves a round trip and provides a safeguard against malicious
clients.
Diffstat (limited to 'lacme-accountd.1.md')
-rw-r--r-- | lacme-accountd.1.md | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/lacme-accountd.1.md b/lacme-accountd.1.md index d0b2c6b..4933a78 100644 --- a/lacme-accountd.1.md +++ b/lacme-accountd.1.md @@ -119,14 +119,28 @@ leading `--`) in the configuration file. Valid settings are: [`gpg`(1)] to use, as well as some default options. Default: `gpg --quiet`. +*socket* + +: See `--socket=`. + *logfile* : An optional file where to log to. The value is subject to [%-specifier expansion](#percent-specifiers). -*socket* +*keyid* -: See `--socket=`. +: The "Key ID", as shown by `` `acme account` ``, to give the [ACME] + client. With an empty *keyid* (the default) the client forwards the + JSON Web Key (JWK) to the [ACME] server to retrieve the correct + value. A non-empty value therefore saves a round-trip. + + A non-empty value also causes `lacme-accountd` to send an empty JWK, + thereby revoking all account management access (status change, + contact address updates etc.) from the client: any `` `acme account` `` + command (or any command from [`lacme`(8)] before version 0.8.0) is + bound to be rejected by the [ACME] server. This provides a + safeguard against malicious clients. *quiet* |