about summary refs log tree commit diff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--pounce.144
1 files changed, 42 insertions, 2 deletions
diff --git a/pounce.1 b/pounce.1
index 5edbbfa..96ae985 100644
--- a/pounce.1
+++ b/pounce.1
@@ -1,4 +1,4 @@
-.Dd January 12, 2020
+.Dd January 17, 2020
 .Dt POUNCE 1
 .Os
 .
@@ -75,6 +75,8 @@ Require clients to authenticate
 using a TLS client certificate
 signed by the certificate authority loaded from
 .Ar path .
+See
+.Sx Generating Client Certificates .
 If
 .Fl W
 is also set,
@@ -297,7 +299,13 @@ If
 .Fl W
 is used,
 clients must send a server password.
-Clients should not attempt SASL.
+If
+.Fl A
+is used,
+clients must connect with a client certificate
+and may request SASL EXTERNAL.
+If both are used,
+clients may authenticate with either method.
 .
 .Pp
 Clients should register with unique usernames,
@@ -336,6 +344,38 @@ sent to the user's own nickname
 are relayed only to other clients,
 not to the server.
 .
+.Ss Generating Client Certificates
+.Bl -enum
+.It
+Generate a self-signed certificate authority (CA):
+.Bd -literal -offset indent
+pounce -g auth.pem
+.Ed
+.It
+Generate and sign client certificates
+using the CA:
+.Bd -literal -offset indent
+pounce -A auth.pem -g client1.pem
+pounce -A auth.pem -g client2.pem
+.Ed
+.It
+Since only the public key is needed
+for certificate verification,
+extract it from the CA:
+.Bd -literal -offset indent
+openssl x509 -in auth.pem -out auth.crt
+.Ed
+.It
+Configure
+.Nm
+to verify client certificates
+against the CA:
+.Bd -literal -offset indent
+local-ca = auth.crt
+# or: pounce -A auth.crt
+.Ed
+.El
+.
 .Ss Configuring SASL EXTERNAL
 .Bl -enum
 .It
generated by cgit-pink 1.4.1 (git 2.36.1) at 2025-05-17 14:06:40 +0000
class='nohover-highlight'> 2024-10-12Add photos from October 5June McEnroe 2024-10-09Add photos from October 1June McEnroe Ok the first 3 are from September 29 but I didn't want to spoil the black and white roll. 2024-10-07Add photos from September 29June McEnroe 2024-10-07Add photos from September 28June McEnroe 2024-10-07Add photos from September 22June McEnroe 2024-09-25Add photos from September 15June McEnroe 2024-09-24Add photos from September 14June McEnroe 2024-09-24Add photos from September 12June McEnroe 2024-09-24Add photos from September 7June McEnroe 2024-09-24Allow not having descriptionsJune McEnroe I'm sorry, I can't keep writing descriptions. It makes posting photos take too long, I often don't know the words for what I'm looking at, and a good description is an entirely different work of art than the photo I took, and I'm just a photographer. It's visual art. 2024-09-23Automatically select the last used lens for a bodyJune McEnroe 2024-09-19Add photos from September 5June McEnroe Had to prefix the folder number onto these file names manually because they must have come out of a different scanner or something. 2024-09-15Add some more film stocks to the listJune McEnroe 2024-09-13Add photos from September 2June McEnroe 2024-09-13Add Fomapan 200 to films listJune McEnroe 2024-09-10Add August 29 picnic photosJune McEnroe 2024-09-08Apply some bold to trips renderingJune McEnroe This seems easier to visually scan. The only other thing I'd like is a nicer date rendering but JavaScript is useless for that. 2024-09-08Render trips hopefully more efficientlyJune McEnroe 2024-09-08Allow removing bodies and lensesJune McEnroe 2024-09-08Limit body width so it looks less silly on desktopJune McEnroe 2024-09-07Handle no film being loadedJune McEnroe 2024-09-07Fancy up the text a littleJune McEnroe