Document `lacme-accountd --stdio`.

It's an internal flag, but can be useful for authorized_keys(5) restrictions.
author: Guilhem Moulin <guilhem@fripost.org> 2021-02-20 19:56:15 +0100
committer: Guilhem Moulin <guilhem@fripost.org> 2021-02-20 22:13:46 +0100
commit: 8e612e071b8c0fc99ebf91673f53ca5f0d6bdd11 (patch)
tree: b88adeda669b47aac436671f7fee608c2deee8ae /lacme.8.md
parent: 0ef94d85e58497dcb2c4c954cadcac918032467a (diff)
1 files changed, 4 insertions, 2 deletions
diff --git a/lacme.8.md b/lacme.8.md
index aab448f..9a14d75 100644
--- a/lacme.8.md
+++ b/lacme.8.md
@@ -493,8 +493,10 @@ following in the [`[accountd]` section](#accountd-section):
 If the user running `lacme` can connect to `lacme@account.example.net`
 using (passwordless) key authentication, this setting will spawn a
 remote [`lacme-accountd`(1)] and use it to sign [ACME] requests.
-Further hardening can be achieved my means of [`authorized_keys`(5)]
-restrictions.
+Further hardening can be achieved by means of [`authorized_keys`(5)]
+restrictions:
+
+    restrict,from="…",command="/usr/bin/lacme-accountd --stdio" ssh-rsa …
 
 See also
 ========
author	Guilhem Moulin <guilhem@fripost.org>	2021-02-20 19:56:15 +0100
committer	Guilhem Moulin <guilhem@fripost.org>	2021-02-20 22:13:46 +0100
commit	8e612e071b8c0fc99ebf91673f53ca5f0d6bdd11 (patch)
tree	b88adeda669b47aac436671f7fee608c2deee8ae /lacme.8.md
parent	0ef94d85e58497dcb2c4c954cadcac918032467a (diff)