=== modified file 'Makefile'
--- Makefile	2008-09-05 07:15:46 +0000
+++ Makefile	2008-09-05 08:38:30 +0000
@@ -21,6 +21,9 @@
 KEYDIR=$(DESTDIR)/etc/keys/mandos
 # MANDIR=/usr/local/man
 MANDIR=$(DESTDIR)/usr/share/man
+PIDDIR=/var/run/mandos
+USER=nobody
+GROUP=nogroup
 
 GNUTLS_CFLAGS=$(shell libgnutls-config --cflags)
 GNUTLS_LIBS=$(shell libgnutls-config --libs)
@@ -135,10 +138,16 @@
 install-server: doc
 	install --directory $(CONFDIR) $(MANDIR)/man5 \
 		$(MANDIR)/man8
+	install --mode=u=rwx,go=rx --owner=$(USER) --group=$(GROUP) \
+		--directory $(PIDDIR)
 	install --mode=u=rwx,go=rx mandos $(PREFIX)/sbin/mandos
-	install --mode=u=rw,go=r --target-directory=$(CONFDIR) mandos.conf
+	install --mode=u=rw,go=r --target-directory=$(CONFDIR) \
+		mandos.conf
 	install --mode=u=rw,g=r --target-directory=$(CONFDIR) \
 		clients.conf
+	install --mode=u=rwx,go=rx init.d-mandos /etc/init.d/mandos
+	install --mode=u=rw,go=r default-mandos /etc/default/mandos
+	update-rc.d mandos defaults
 	gzip --best --to-stdout mandos.8 \
 		> $(MANDIR)/man8/mandos.8.gz
 	gzip --best --to-stdout mandos.conf.5 \
@@ -150,13 +159,14 @@
 	install --directory $(PREFIX)/lib/mandos $(CONFDIR) \
 		$(MANDIR)/man8
 	install --directory --mode=u=rwx $(KEYDIR)
-	install --directory --mode=u=rwx $(PREFIX)/lib/mandos/plugins.d
+	install --directory --mode=u=rwx \
+		$(PREFIX)/lib/mandos/plugins.d
 	if [ "$(CONFDIR)/plugins.d" \
 			!= "$(PREFIX)/lib/mandos/plugins.d" ]; then \
 			install --directory "$(CONFDIR)/plugins.d"; \
 		fi
-	install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/lib/mandos \
-		plugin-runner
+	install --mode=u=rwx,go=rx \
+		--target-directory=$(PREFIX)/lib/mandos plugin-runner
 	install --mode=u=rwx,go=rx --target-directory=$(PREFIX)/sbin \
 		mandos-keygen
 	install --mode=u=rwx,go=rx \
@@ -194,7 +204,8 @@
 		$(MANDIR)/man8/mandos.8.gz \
 		$(MANDIR)/man5/mandos.conf.5.gz \
 		$(MANDIR)/man5/mandos-clients.conf.5.gz
-	-rmdir $(CONFDIR)
+	update-rc.d -f mandos remove
+	-rmdir $(CONFDIR) $(PIDDIR)
 
 uninstall-client:
 # Refuse to uninstall client if /etc/crypttab is explicitly configured
@@ -218,7 +229,8 @@
 purge: purge-server purge-client
 
 purge-server: uninstall-server
-	-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf
+	-rm --force $(CONFDIR)/mandos.conf $(CONFDIR)/clients.conf \
+		/etc/default/mandos /etc/init.d/mandos
 	-rmdir $(CONFDIR)
 
 purge-client: uninstall-client

=== added file 'default-mandos'
--- default-mandos	1970-01-01 00:00:00 +0000
+++ default-mandos	2008-09-05 08:38:30 +0000
@@ -0,0 +1,4 @@
+# Directory where configuration files are located.  Default is
+# "/etc/mandos".
+# 
+#CONFIGDIR=/etc/mandos

=== added file 'init.d-mandos'
--- init.d-mandos	1970-01-01 00:00:00 +0000
+++ init.d-mandos	2008-09-05 08:38:30 +0000
@@ -0,0 +1,159 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          mandos
+# Required-Start:    $remote_fs
+# Required-Stop:     $remote_fs
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: Mandos server
+# Description:       Gives encrypted passwords to Mandos clients
+### END INIT INFO
+
+# Author: Teddy Hogeborn <teddy@fukt.bsnet.se>
+# Author: Björn Påhlsson <belorn@fukt.bsnet.se>
+#
+# Please remove the "Author" lines above and replace them
+# with your own name if you copy and modify this script.
+
+# Do NOT "set -e"
+
+# PATH should only include /usr/* if it runs after the mountnfs.sh script
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="Gives encrypted passwords to Mandos clients"
+NAME=mandos
+DAEMON=/usr/sbin/$NAME
+DAEMON_ARGS=""
+PIDFILE=/var/run/mandos/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+if [ -n "$CONFIGDIR" ]; then
+   DAEMON_ARGS="$DAEMON_ARGS --configdir $CONFIGDIR"
+fi
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.0-6) to ensure that this file is present.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+	# Return
+	#   0 if daemon has been started
+	#   1 if daemon was already running
+	#   2 if daemon could not be started
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
+		|| return 1
+	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -- \
+		$DAEMON_ARGS \
+		|| return 2
+	# Add code here, if necessary, that waits for the process to be ready
+	# to handle requests from services started subsequently which depend
+	# on this one.  As a last resort, sleep for some time.
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+	# Return
+	#   0 if daemon has been stopped
+	#   1 if daemon was already stopped
+	#   2 if daemon could not be stopped
+	#   other if a failure occurred
+	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
+	RETVAL="$?"
+	[ "$RETVAL" = 2 ] && return 2
+	# Wait for children to finish too if this is a daemon that forks
+	# and if the daemon is only ever run from this initscript.
+	# If the above conditions are not satisfied then add some other code
+	# that waits for the process to drop all resources that could be
+	# needed by services started subsequently.  A last resort is to
+	# sleep for some time.
+	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
+	[ "$?" = 2 ] && return 2
+	# Many daemons don't delete their pidfiles when they exit.
+	rm -f $PIDFILE
+	return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+	#
+	# If the daemon can reload its configuration without
+	# restarting (for example, when it is sent a SIGHUP),
+	# then implement that here.
+	#
+	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
+	return 0
+}
+
+case "$1" in
+  start)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+	do_start
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  stop)
+	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+	do_stop
+	case "$?" in
+		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+	esac
+	;;
+  #reload|force-reload)
+	#
+	# If do_reload() is not implemented then leave this commented out
+	# and leave 'force-reload' as an alias for 'restart'.
+	#
+	#log_daemon_msg "Reloading $DESC" "$NAME"
+	#do_reload
+	#log_end_msg $?
+	#;;
+  restart|force-reload)
+	#
+	# If the "reload" option is implemented then remove the
+	# 'force-reload' alias
+	#
+	log_daemon_msg "Restarting $DESC" "$NAME"
+	do_stop
+	case "$?" in
+	  0|1)
+		do_start
+		case "$?" in
+			0) log_end_msg 0 ;;
+			1) log_end_msg 1 ;; # Old process is still running
+			*) log_end_msg 1 ;; # Failed to start
+		esac
+		;;
+	  *)
+	  	# Failed to stop
+		log_end_msg 1
+		;;
+	esac
+	;;
+  *)
+	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
+	echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2
+	exit 3
+	;;
+esac
+
+: