Update Debianization stuff.

[become] / manual / become.texi

diff --git a/manual/become.texi b/manual/become.texi
index 58fbf36..5944e9a 100644 (file)
--- a/manual/become.texi
+++ b/manual/become.texi
@@ -1,34 +1,12 @@
 \input texinfo @c -*-texinfo-*-
 @c
-@c $Id: become.texi,v 1.5 2003/10/12 00:14:49 mdw Exp $
+@c $Id: become.texi,v 1.9 2004/04/17 10:54:21 mdw Exp $
 @c
 @c Documentation for `become'
 @c
 @c (c) 1998 EBI
 @c
 
-@c ----- Revision history ---------------------------------------------------
-@c
-@c $Log: become.texi,v $
-@c Revision 1.5  2003/10/12 00:14:49  mdw
-@c Major overhaul.  Now uses DSA signatures rather than the bogus symmetric
-@c encrypt-and-hope thing.  Integrated with mLib and Catacomb.
-@c
-@c Revision 1.4  1998/04/23 13:16:14  mdw
-@c Include `texinice' to produce decent printed output.  Add documentation
-@c for new `bcquery' program.  Various fixes, including spelling mistakes,
-@c and some factual inaccuracies.
-@c
-@c Revision 1.3  1998/01/20 14:37:43  mdw
-@c Fix typo.  Short form of `--preserve' should be `-e', not `-p'.
-@c
-@c Revision 1.2  1998/01/12 16:41:31  mdw
-@c Tidying for new release versions.  Fix copyright date.
-@c
-@c Revision 1.1  1997/09/18 11:16:34  mdw
-@c Brand new Texinfo manual, with wider scope than the original LaTeX one.
-@c
-
 @c ----- Standard boilerplate -----------------------------------------------
 
 @c %**start of header
@@ -44,9 +22,14 @@
 @end iftex
 @c %**end of header
 
+@dircategory Administration tools
+@direntry
+* Become: (become).        Shared account administration tool
+@end direntry
+
 @c ----- Useful macros ------------------------------------------------------
 
-@set version 1.3
+@set version 1.4
 
 @c ----- Copyright matters --------------------------------------------------
 
@@ -1524,7 +1507,7 @@ The key file can be generated using Catacomb's @code{key} program.  The
 commands
 
 @example
-key -k /etc/become/become.key add -adsa become-dsa
+key -k /etc/become/become.key add -adsa -e"now + 1 year" become
 key -k /etc/become/become.key extract -f -secret /etc/become/become.pubkey
 @end example
 
@@ -1534,6 +1517,17 @@ install the public key on all of your client computers, writable only by
 root.  The private key should be only on the server, and readable or writable
 only by root.
 
+You can also use elliptic-curve DSA.  The key-generation runes are more
+complicated in this case.  For example,
+
+@example
+key -k /etc/become/become.key add -aec -Cnist-p256 -e"now + 1 year" \
+    become sig=ecdsa hash=sha256
+@end example
+The @code{hash=sha256} is not required, but it's good to have a hash function
+as strong as your curve.  See the manpage for @code{key} for more details
+about generating elliptic curve keys, and for the kinds of curves supported.
+
 If you have multiple servers, they can all have different private keys.
 You'll need to put all of the public keys in the
 @file{/etc/become/become.pubkey} file.