=== modified file 'Makefile'
--- Makefile	2008-08-07 21:45:41 +0000
+++ Makefile	2008-08-08 23:28:55 +0000
@@ -11,11 +11,23 @@
 CFLAGS=$(WARN) $(DEBUG) $(FORTIFY) $(COVERAGE) $(OPTIMIZE) $(LANGUAGE)
 LDFLAGS=$(COVERAGE)
 
+DOCBOOKTOMAN=xsltproc --nonet --param man.charmap.use.subset "0" --param make.year.ranges "1" --param make.single.year.ranges "1" --param man.output.quietly "1"
+
 PROGS=mandos-client plugins.d/password-request plugins.d/password-prompt
+DOCS=mandos.8 mandos-client.8mandos plugins.d/password-request.8mandos plugins.d/password-prompt.8mandos mandos.conf.5 mandos-clients.conf.5
 
 objects=$(shell for p in $(PROGS); do echo $${p}.o; done)
 
-all: $(PROGS)
+all: $(PROGS) $(DOCS)
+
+%.5: %.xml
+	cd $(shell dirname $^); $(DOCBOOKTOMAN) $(shell basename $^)
+
+%.8: %.xml
+	cd $(shell dirname $^); $(DOCBOOKTOMAN) $(shell basename $^)
+
+%.8mandos: %.xml
+	cd $(shell dirname $^); $(DOCBOOKTOMAN) $(shell basename $^)
 
 mandos-client: mandos-client.o
 	$(LINK.o) -lgnutls $(COMMON) $^ $(LOADLIBES) $(LDLIBS) -o $@
@@ -29,7 +41,7 @@
 .PHONY : all clean distclean run-client run-server
 
 clean:
-	-rm --force $(PROGS) $(objects) core
+	-rm --force $(PROGS) $(objects) $(DOCS) core
 
 distclean: clean
 mostlyclean: clean

=== modified file 'TODO'
--- TODO	2008-08-07 21:45:41 +0000
+++ TODO	2008-08-08 23:28:55 +0000
@@ -55,6 +55,8 @@
 * Installer
 ** [#A] Change initrd.img file to not be publically readable
 ** [#A] Create GPG key ring files in initrd
+** [#A] Create mandos user and group for server
+** [#A] Create /var/run/mandos directory with perm and ownership
 
 
 #+STARTUP: showall

=== modified file 'clients.conf'
--- clients.conf	2008-07-29 03:35:39 +0000
+++ clients.conf	2008-08-08 01:51:58 +0000
@@ -15,19 +15,21 @@
 [braxen_client]
 fingerprint =  7788 2722 5BA7 DE53 9C5A  7CFA 59CF F7CD BD9A 5920
 secret =
-        hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234REJMVv
-        7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+NXl89vGvdU1Xf
-        hKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz3Z20erVNbdcvyBnuoj
-        coWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGITb8A/ar0tVA5crSQmaSotm6K
-        mNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqWQHC7OASxK5E6RXPBuFH5IohUA2Qbk5
-        AHt99pYvsIPX88j2rWauOokoiKZot/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nq
-        h4uwGNbCgKMyT+AnvH7kMJ3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr
-        /at8/NSLe2OhLchzdC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21Lpi
-        XqXHV2mIgqWnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3
-        +bFszYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/vJ
-        M2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW5MHdW9AY
-        sNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm4T2zw4dxS5NswX
-        WU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2OQlnHIvPzEArRQLo=
+        hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234
+        REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N
+        Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz
+        3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI
+        Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW
+        QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo
+        t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ
+        3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz
+        dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq
+        WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs
+        zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/
+        vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW
+        5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm
+        4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
+        QlnHIvPzEArRQLo=
         =iHhv
 fqdn = localhost
 interval = 5m

=== modified file 'mandos'
--- mandos	2008-08-08 01:17:17 +0000
+++ mandos	2008-08-08 23:28:55 +0000
@@ -761,6 +761,17 @@
     
     if not debug:
         daemon()
+
+    pidfilename = "/var/run/mandos/mandos.pid"
+    pid = os.getpid()
+    try:
+        pidfile = open(pidfilename, "w")
+        pidfile.write(str(pid) + "\n")
+        pidfile.close()
+        del pidfile
+    except IOError, err:
+        logger.error("Could not write %s file with PID %d",
+                     pidfilename, os.getpid())
     
     def cleanup():
         "Cleanup function; run on exit"

=== added file 'mandos-client.xml'
--- mandos-client.xml	1970-01-01 00:00:00 +0000
+++ mandos-client.xml	2008-08-08 01:31:58 +0000
@@ -0,0 +1,194 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY COMMANDNAME "mandos-client">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&COMMANDNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&COMMANDNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&COMMANDNAME;</refentrytitle>
+    <manvolnum>8mandos</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><command>&COMMANDNAME;</command></refname>
+    <refpurpose>
+      get password for encrypted rootdisk
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&COMMANDNAME;</command>
+      <arg choice='opt' rep='repeat'>OPTION</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      <command>&COMMANDNAME;</command> is a plugin runner that waits
+      for any of its plugins to return sucessfull with a password, and
+      passes it to cryptsetup. plugins is defined as any executables
+      in the plugins directory will by default will be
+      /conf/conf.d/mandos/plugins.d.  to stdout.
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><literal>-g</literal>,<literal>--global-options
+	<replaceable>OPTIONS</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Global options given to all plugins as additional start
+	    arguments.  Options are specified with a -o flag followed
+	    by a comma separated string of options.
+	  </para>	  
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-o</literal>,<literal> --options-for
+	<replaceable>PLUGIN</replaceable>:<replaceable>OPTION</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Plugin specific options given to the plugin as additional
+	    start arguments.  Options are specified with a -o flag
+	    followed by a comma separated string of options.
+	  </para>	  
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>-d</literal>,<literal> --disable
+	<replaceable>PLUGIN</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Disable a specific plugin
+	  </para>	  
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>--groupid <replaceable>ID</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Group ID the plugins will run as
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>--userid <replaceable>ID</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    User ID the plugins will run as
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>--plugin-dir <replaceable>DIRECTORY</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Specify a different plugin directory
+	  </para>
+	</listitem>
+      </varlistentry>       
+      
+      <varlistentry>
+	<term><literal>--debug</literal></term>
+	<listitem>
+	  <para>
+	    Debug mode
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>-?</literal>, <literal>--help</literal></term>
+	<listitem>
+	  <para>
+	    Gives a help message
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>--usage</literal></term>
+	<listitem>
+	  <para>
+	    Gives a short usage message
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-V</literal>, <literal>--version</literal></term>
+	<listitem>
+	  <para>
+	    Prints the program version
+	  </para>
+	</listitem>
+      </varlistentry>            
+    </variablelist>
+  </refsect1>
+</refentry>

=== added file 'mandos-clients.conf.xml'
--- mandos-clients.conf.xml	1970-01-01 00:00:00 +0000
+++ mandos-clients.conf.xml	2008-08-08 02:33:41 +0000
@@ -0,0 +1,250 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY CONFNAME "mandos-clients.conf">
+<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&CONFNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&CONFNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&CONFNAME;</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><filename>&CONFNAME;</filename></refname>
+    <refpurpose>
+      Configuration file for Mandos clients
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <synopsis>
+      &CONFPATH;
+    </synopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      The file &CONFPATH; is the configuration file for mandos where
+      each client that will be abel to use the service need to be
+      specified. The configuration file is looked on at the startup of
+      the service, so to reenable timedout clients one need to only
+      restart the server. The format starts with a section under []
+      which is eather <literal>[DEFAULT]</literal> or a client
+      name. Values is set through the use of VAR = VALUE pair. Values
+      may not be empty.
+    </para>
+  </refsect1>
+
+  <refsect1 id="default">
+    <title>DEFAULTS</title>
+    <para>
+      The paramters for <literal>[DEFAULT]</literal> are:
+    </para>
+
+    <variablelist>
+      
+      <varlistentry>
+	<term><literal>timeout</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default timeout
+	    that clients will get. By default mandos will use 1hr.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>interval</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default interval
+	    used between checkups for disconnected clients. By default
+	    mandos will use 5m.
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>checker</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default shell
+	    command that the server will use to check up if the client
+	    is still up. By default mandos will "fping -q -- %%(fqdn)s"
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="clients">
+    <title>CLIENTS</title>
+    <para>
+      The paramters for clients are:
+    </para>
+
+    <variablelist>
+      
+      <varlistentry>
+	<term><literal>fingerprint</literal></term>
+	<listitem>
+	  <para>
+	    This option sets the openpgp fingerprint that identifies
+	    the public certificate that clients authenticates themself
+	    through gnutls. The string need to be in hex-decimal form.
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>secret</literal></term>
+	<listitem>
+	  <para>
+	    Base 64 encoded OpenPGP encrypted password encrypted by
+	    the clients openpgp certificate.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>secfile</literal></term>
+	<listitem>
+	  <para>
+	    Base 64 encoded OpenPGP encrypted password encrypted by
+	    the clients openpgp certificate as a binary file.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>fqdn</literal></term>
+	<listitem>
+	  <para>
+	    FQDN, that can be used in for checking that the client is up.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>checker</literal></term>
+	<listitem>
+	  <para>
+	    Shell command that the server will use to check up if a
+	    client is still up.
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>timeout</literal></term>
+	<listitem>
+	  <para>
+	    Duration that a client can be down whitout be removed from
+	    the client list.
+	  </para>
+	</listitem>
+      </varlistentry> 
+      
+    </variablelist>
+  </refsect1>  
+
+  <refsect1 id="examples">
+    <title>EXAMPLES</title>
+    <informalexample>
+      <programlisting>
+[DEFAULT]
+timeout = 1h
+interval = 5m
+checker = fping -q -- %%(fqdn)s
+
+[example_client]
+fingerprint =  7788 2722 5BA7 DE53 9C5A  7CFA 59CF F7CD BD9A 5920
+
+secret =
+        hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234
+        REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N
+        Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz
+        3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI
+        Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW
+        QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo
+        t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ
+        3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz
+        dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq
+        WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs
+        zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/
+        vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW
+        5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm
+        4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
+        QlnHIvPzEArRQLo=
+        =iHhv
+
+fqdn = localhost
+interval = 5m
+      </programlisting>
+    </informalexample>
+  </refsect1>  
+  
+  <refsect1 id="files">
+    <title>FILES</title>
+    <para>
+      The file described here is &CONFPATH;
+    </para>
+  </refsect1>
+</refentry>

=== added file 'mandos.conf.xml'
--- mandos.conf.xml	1970-01-01 00:00:00 +0000
+++ mandos.conf.xml	2008-08-08 01:31:58 +0000
@@ -0,0 +1,189 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY CONFNAME "mandos.conf">
+<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&CONFNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&CONFNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&CONFNAME;</refentrytitle>
+    <manvolnum>5</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><filename>&CONFNAME;</filename></refname>
+    <refpurpose>
+      Configuration file for Mandos
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <synopsis>
+      &CONFPATH;
+    </synopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      The file &CONFPATH; is a simple configuration file for mandos
+      and is looked on at startup of the service. The configuration
+      file must start with <literal>[server]</literal>. The format for
+      the rest is a simple VAR = VALUE pair. Values may not be empty.
+    </para>
+
+    <para>
+      The paramters are:
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><literal>interface</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default network
+	    interfaces. By default mandos will not bind to any
+	    specific interface but instead use default avahi-server
+	    behaviour.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>address</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default network
+	    address. By default mandos will not bind to any
+	    specific address but instead use default avahi-server
+	    behaviour.
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>port</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default port to
+	    listen on. By default mandos will not specify any specific
+	    port and instead use a random port given by the OS from
+	    the use of INADDR_ANY.
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>debug</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to modify debug mode with a true/false
+	    boolean value. By default is debug set to <literal>false</literal>.
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>priority</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default gnutls
+	    priority that will be used in gnutls session. See
+	    <citerefentry><refentrytitle>gnutls_priority_init
+	    </refentrytitle><manvolnum>3</manvolnum></citerefentry>for
+	    more information on gnutls priority strings.
+	  </para>	  
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>servicename</literal></term>
+	<listitem>
+	  <para>
+	    This option allows you to override the default Zeroconf
+	    service name use to announce mandos as a avahi service. By
+	    default mandos will use "Mandos".
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+    </variablelist>
+  </refsect1>
+
+  <refsect1 id="examples">
+    <title>EXAMPLES</title>
+    <informalexample>
+      <programlisting>
+	[server]
+	# A configuration example
+	interface = eth0 
+	address = 2001:DB8:
+	port = 1025 
+	debug = true 
+	priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
+	servicename = Mandos
+      </programlisting>
+    </informalexample>
+  </refsect1>  
+  
+  <refsect1 id="files">
+    <title>FILES</title>
+    <para>
+      The file described here is &CONFPATH;
+    </para>
+  </refsect1>
+</refentry>

=== added file 'mandos.xml'
--- mandos.xml	1970-01-01 00:00:00 +0000
+++ mandos.xml	2008-08-08 01:51:58 +0000
@@ -0,0 +1,182 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY COMMANDNAME "mandos">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&COMMANDNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&COMMANDNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&COMMANDNAME;</refentrytitle>
+    <manvolnum>8</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><command>&COMMANDNAME;</command></refname>
+    <refpurpose>
+      Sends encrypted passwords to authenticated mandos clients
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&COMMANDNAME;</command>
+      <arg choice='opt' rep='repeat'>OPTION</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      <command>&COMMANDNAME;</command> is a server daemon that handels
+      incomming passwords request for passwords. Mandos use avahi to
+      announce the service, and through gnutls authenticates
+      clients. Any authenticated client is then given its encrypted
+      password.
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><literal>-h</literal>, <literal>--help</literal></term>
+	<listitem>
+	  <para>
+	    show a help message and exit
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-i</literal>, <literal>--interface <replaceable>
+	IF</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Bind to interface IF
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>-a</literal>, <literal>--address <replaceable>
+	ADDRESS</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Address to listen for requests on
+	  </para>
+	</listitem>
+      </varlistentry>          
+
+      <varlistentry>
+	<term><literal>-p</literal>, <literal>--port <replaceable>
+	PORT</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Port number to receive requests on
+	  </para>
+	</listitem>
+      </varlistentry>          
+
+      <varlistentry>
+	<term><literal>--check</literal></term>
+	<listitem>
+	  <para>
+	    Run self-test on the server
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>--debug</literal></term>
+	<listitem>
+	  <para>
+	    Debug mode
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>--priority <replaceable>
+	PRIORITY</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    GnuTLS priority string. See <citerefentry>
+	    <refentrytitle>gnutls_priority_init</refentrytitle>
+	    <manvolnum>3</manvolnum></citerefentry>
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>--servicename <replaceable>NAME</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Zeroconf service name
+	  </para>
+	</listitem>
+      </varlistentry>     
+
+      <varlistentry>
+	<term><literal>--configdir <replaceable>DIR</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    Directory to search for configuration files
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+    </variablelist>
+  </refsect1>
+</refentry>

=== added file 'plugins.d/password-prompt.xml'
--- plugins.d/password-prompt.xml	1970-01-01 00:00:00 +0000
+++ plugins.d/password-prompt.xml	2008-08-08 01:31:58 +0000
@@ -0,0 +1,140 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY COMMANDNAME "password-prompt">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&COMMANDNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&COMMANDNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&COMMANDNAME;</refentrytitle>
+    <manvolnum>8mandos</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><command>&COMMANDNAME;</command></refname>
+    <refpurpose>
+      Passprompt for luks during boot sequence
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&COMMANDNAME;</command>
+      <arg choice='opt' rep='repeat'>OPTION</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      <command>&COMMANDNAME;</command> is a terminal program that ask for
+      passwords during boot sequence. It is a plugin to
+      <firstterm>mandos</firstterm>, and is used as a fallback and
+      alternative to retriving passwords from a mandos server. During
+      boot sequence the user is prompted for the disk password, and
+      when a password is given it then gets forwarded to
+      <acronym>LUKS</acronym>.
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><literal>-p</literal>, <literal>--prefix=<replaceable>PREFIX
+	</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Prefix used before the passprompt
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>--debug</literal></term>
+	<listitem>
+	  <para>
+	    Debug mode
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>-?</literal>, <literal>--help</literal></term>
+	<listitem>
+	  <para>
+	    Gives a help message
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>--usage</literal></term>
+	<listitem>
+	  <para>
+	    Gives a short usage message
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-V</literal>, <literal>--version</literal></term>
+	<listitem>
+	  <para>
+	    Prints the program version
+	  </para>
+	</listitem>
+      </varlistentry>            
+    </variablelist>
+  </refsect1>
+</refentry>

=== added file 'plugins.d/password-request.xml'
--- plugins.d/password-request.xml	1970-01-01 00:00:00 +0000
+++ plugins.d/password-request.xml	2008-08-08 01:31:58 +0000
@@ -0,0 +1,198 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<?xml-stylesheet type="text/xsl"
+	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY VERSION "1.0">
+<!ENTITY COMMANDNAME "password-request">
+]>
+
+<refentry>
+  <refentryinfo>
+    <title>&COMMANDNAME;</title>
+    <!-- NWalsh's docbook scripts use this to generate the footer: -->
+    <productname>&COMMANDNAME;</productname>
+    <productnumber>&VERSION;</productnumber>
+    <authorgroup>
+      <author>
+	<firstname>Björn</firstname>
+	<surname>Påhlsson</surname>
+	<address>
+	  <email>belorn@fukt.bsnet.se</email>
+	</address>
+      </author>
+      <author>
+	<firstname>Teddy</firstname>
+	<surname>Hogeborn</surname>
+	<address>
+	  <email>teddy@fukt.bsnet.se</email>
+	</address>
+      </author>
+    </authorgroup>
+    <copyright>
+      <year>2008</year>
+      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
+    </copyright>
+    <legalnotice>
+      <para>
+	This manual page is free software: you can redistribute it
+	and/or modify it under the terms of the GNU General Public
+	License as published by the Free Software Foundation,
+	either version 3 of the License, or (at your option) any
+	later version.
+      </para>
+
+      <para>
+	This manual page is distributed in the hope that it will
+	be useful, but WITHOUT ANY WARRANTY; without even the
+	implied warranty of MERCHANTABILITY or FITNESS FOR A
+	PARTICULAR PURPOSE.  See the GNU General Public License
+	for more details.
+      </para>
+
+      <para>
+	You should have received a copy of the GNU General Public
+	License along with this program; If not, see
+	<ulink url="http://www.gnu.org/licenses/"/>.
+      </para>
+    </legalnotice>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>&COMMANDNAME;</refentrytitle>
+    <manvolnum>8mandos</manvolnum>
+  </refmeta>
+  
+  <refnamediv>
+    <refname><command>&COMMANDNAME;</command></refname>
+    <refpurpose>
+      Client for mandos
+    </refpurpose>
+  </refnamediv>
+
+  <refsynopsisdiv>
+    <cmdsynopsis>
+      <command>&COMMANDNAME;</command>
+      <arg choice='opt' rep='repeat'>OPTION</arg>
+    </cmdsynopsis>
+  </refsynopsisdiv>
+
+  <refsect1 id="description">
+    <title>DESCRIPTION</title>
+    <para>
+      <command>&COMMANDNAME;</command> is a mandos plugin that works
+      like a client program that through avahi detects mandos servers,
+      sets up a gnutls connect and request a encrypted password. Any
+      passwords given is automaticly decrypted and passed to
+      cryptsetup.
+    </para>
+
+    <variablelist>
+      <varlistentry>
+	<term><literal>-c</literal>, <literal>--connect=<replaceable>
+	IP</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Connect directly to a sepcified mandos server
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-d</literal>, <literal>--keydir=<replaceable>
+	KEYDIR</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Directory where the openpgp keyring is
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>-i</literal>, <literal>--interface=
+	<replaceable>INTERFACE</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Interface that Avahi will conntect through
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>-p</literal>, <literal>--pubkey=<replaceable>
+	PUBKEY</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Public openpgp key for gnutls authentication
+	  </para>
+	</listitem>
+      </varlistentry>      
+
+      <varlistentry>
+	<term><literal>-s</literal>, <literal>--seckey=<replaceable>
+	SECKEY</replaceable></literal></term>
+	<listitem>
+	  <para>
+	    Secret openpgp key for gnutls authentication
+	  </para>
+	</listitem>
+      </varlistentry>            
+      
+      <varlistentry>
+	<term><literal>--priority=<replaceable>PRIORITY</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    GNUTLS priority
+	  </para>
+	</listitem>
+      </varlistentry>            
+
+      <varlistentry>
+	<term><literal>--dh-bits=<replaceable>BITS</replaceable>
+	</literal></term>
+	<listitem>
+	  <para>
+	    dh-bits to use in gnutls communication
+	  </para>
+	</listitem>
+      </varlistentry>      
+      
+      <varlistentry>
+	<term><literal>--debug</literal></term>
+	<listitem>
+	  <para>
+	    Debug mode
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>-?</literal>, <literal>--help</literal></term>
+	<listitem>
+	  <para>
+	    Gives a help message
+	  </para>
+	</listitem>
+      </varlistentry>
+      
+      <varlistentry>
+	<term><literal>--usage</literal></term>
+	<listitem>
+	  <para>
+	    Gives a short usage message
+	  </para>
+	</listitem>
+      </varlistentry>
+
+      <varlistentry>
+	<term><literal>-V</literal>, <literal>--version</literal></term>
+	<listitem>
+	  <para>
+	    Prints the program version
+	  </para>
+	</listitem>
+      </varlistentry>            
+    </variablelist>
+  </refsect1>
+</refentry>