Hello,
During debugging of Auth::GnuPG enahncement I’ve noticed that there is
User->PGPKey defined, but is does not seem to be possible to set it anywhere
in the web interface. What was the plan with this field?
That is I currently have a modified Auth::GnuPG, that, after veryfying the
signature looks for “Keys” custom field of the user and compares the key-id
(unfortunately it only returns the short key-id) to values of that field. If
it matches, that user is authenticated. Otherwise, the mail is rejected. My
keydir contains gpg.conf with ‘keyserver’ option, so the actual keys are
downloaded and the IDs are then verified.
So I wanted to know, if the ‘PGPKey’ field was meant to be used like this, or
how it was meant to be used.
Jan 'Bulb' Hudec <bulb@ucw.cz>
signature.asc (189 Bytes)
Hello,
During debugging of Auth::GnuPG enahncement I’ve noticed that there is
User->PGPKey defined, but is does not seem to be possible to set it anywhere
in the web interface. What was the plan with this field?
The field has been there for a couple years. We’ve never used it 
That is I currently have a modified Auth::GnuPG, that, after veryfying the
signature looks for “Keys” custom field of the user and compares the key-id
(unfortunately it only returns the short key-id) to values of that field. If
it matches, that user is authenticated. Otherwise, the mail is rejected. My
keydir contains gpg.conf with ‘keyserver’ option, so the actual keys are
downloaded and the IDs are then verified.
What we’ve generally recommended was that you not use a keyserver and
DO keep all your trusted keys in the keyring. It just feels easier to
maintain for us.
Jesse
Hello,
During debugging of Auth::GnuPG enahncement I’ve noticed that there is
User->PGPKey defined, but is does not seem to be possible to set it anywhere
in the web interface. What was the plan with this field?
The field has been there for a couple years. We’ve never used it
That is I currently have a modified Auth::GnuPG, that, after veryfying the
signature looks for “Keys” custom field of the user and compares the key-id
(unfortunately it only returns the short key-id) to values of that field. If
it matches, that user is authenticated. Otherwise, the mail is rejected. My
keydir contains gpg.conf with ‘keyserver’ option, so the actual keys are
downloaded and the IDs are then verified.
What we’ve generally recommended was that you not use a keyserver and
DO keep all your trusted keys in the keyring. It just feels easier to
maintain for us.
Well, I think in many cases one can let the users provide their keys
themselves. They have to provide the keys if they want to use the mail gate
and they would be against themselves to provide key ids they don’t control.
In such cases, letting users to provide the keys makes things easier.
I don’t claim it’s always the case, but there is certainly a use for it.
Note, that I had to add custom fields to preferences too, so users with
ModifySelf and ModifyCustomField for a field can modify that field on
themselves (that is even if they don’t have config tab visible).
Jan 'Bulb' Hudec <bulb@ucw.cz>
signature.asc (189 Bytes)
Well, I think in many cases one can let the users provide their keys
themselves. They have to provide the keys if they want to use the mail gate
and they would be against themselves to provide key ids they don’t control.
In such cases, letting users to provide the keys makes things easier.
I don’t claim it’s always the case, but there is certainly a use for it.
Fair enough. I’d love to hear how it works out for you. I bet other
folks would too 
Jesse