Using ssh-updatekeys, you can set up and maintain ~/.ssh/authorized_keys with specific sets on the fly.
You just have to put your public keys on a public git repository. The script will fetch the keys, either by git + SSH (for write access) or just git + https (for read access).
It can handle different sets of keys (for instance you may want to differenciate keys with or without passphrares). In the git repository, any directory with a name starting by set (set0, setA, setTest, etc) will be treated as a set.
(ssh-updatekeys.sh is part of my -utils package).
Update : you can now grab it with the command
wget ssh.rien.pl -O ssh-updatekeys.sh
I’m still using SquirrelMail, even though it looks a bit old. It’s robust and just works – and when I’m using a webmail, that’s mandatory.
SquirrelMail does not use CardDav but some sort of .abook format (that I hope is the same abook as mutt).
I just wrote carddav2abook.pl, a wrapper that requires an ~/.carddav2abookrc with the following:
carddav = https://HOST/remote.php/carddav/addressbooks/USER/contacts_shared_by_USER?export
user = USER
password = PASSWORD
abook = /var/lib/squirrelmail/data/USER.abook
wget_args = --no-check-certificate
As you notice, I’m using a specific export account that has been given only read access to this file. Otherwise the CardDav url would not include the _shared_by_USER part.
I configured it to directly write .abook in SquirrelMail data directly. Obviously, it means you need to adjust read write access for the relevant user (or use www-data, but I would not recommend to store password in an rcfile given to this user).
Once it works, just put up a cronjob (with 2>/dev/null since the perl vCard module tends to print some garbage).
(carddav2abook.pl is part of my -utils-webmail package).