/mandos/release : revision 102

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2008-08-24 23:33:02 UTC
mfrom: (24.1.65 mandos)
Revision ID: teddy@fukt.bsnet.se-20080824233302-kfu4g2pkozg7xrmz

* plugin-runner.c (process): Set "completed" and "status" as volatile.
(handle_sigchld): Bug fix: reset proc to process_list every time.

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

.bzrignore

INSTALL

README

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.config

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.config

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/sv.po

debian/rules

default-mandos

init.d-mandos

legalnotice.xml

plugin-runner.conf

plugins.d/splashy

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/usplash

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-20">

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<refname><command>&COMMANDNAME;</command></refname>

Generate key and password for Mandos client and server.

Generate keys for <citerefentry><refentrytitle>password-request

</refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--dir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--type

<replaceable>KEYTYPE</replaceable></option></arg>

<arg choice="plain"><option>-t

<replaceable>KEYTYPE</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--length

<arg choice="plain"><option>-l

</group>

<sbr/>

<group>

<arg choice="plain"><option>--subtype

<replaceable>KEYTYPE</replaceable></option></arg>

<arg choice="plain"><option>-s

<replaceable>KEYTYPE</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--sublength

<arg choice="plain"><option>-L

</group>

<sbr/>

<group>

<arg choice="plain"><option>--name

<arg choice="plain"><option>-n

</group>

<sbr/>

<group>

<arg choice="plain"><option>--email

<replaceable>ADDRESS</replaceable></option></arg>

100

<arg choice="plain"><option>-e

101

<replaceable>ADDRESS</replaceable></option></arg>

102

</group>

103

<sbr/>

104

<group>

105

<arg choice="plain"><option>--comment

106

107

<arg choice="plain"><option>-c

108

109

</group>

110

<sbr/>

111

<group>

112

<arg choice="plain"><option>--expire

113

114

<arg choice="plain"><option>-x

115

116

</group>

117

<sbr/>

118

<arg><option>--force</option></arg>

<replaceable>directory</replaceable></arg>

</group>

</group>

<arg choice="plain"><option>--length</option>

</group>

<arg choice="plain"><option>--subtype</option>

</group>

<arg choice="plain"><option>--sublength</option>

</group>

</group>

100

101

<arg choice="plain"><option>--email</option>

102

<replaceable>EMAIL</replaceable></arg>

103

</group>

104

105

<arg choice="plain"><option>--comment</option>

106

<replaceable>COMMENT</replaceable></arg>

107

</group>

108

109

<arg choice="plain"><option>--expire</option>

110

111

</group>

112

113

<arg choice="plain"><option>--force</option></arg>

114

</group>

115

</cmdsynopsis>

116

117

<command>&COMMANDNAME;</command>

118

119

120

<replaceable>directory</replaceable></arg>

121

</group>

122

123

124

125

</group>

126

127

128

129

</group>

130

131

132

133

</group>

134

135

136

137

</group>

138

139

140

141

</group>

142

143

144

<replaceable>EMAIL</replaceable></arg>

145

</group>

146

147

148

<replaceable>COMMENT</replaceable></arg>

149

</group>

150

151

152

153

</group>

154

155

156

</group>

119

157

</cmdsynopsis>

120

158

121

159

<command>&COMMANDNAME;</command>

122

160

161

123

162

<arg choice="plain"><option>--password</option></arg>

124

125

<arg choice="plain"><option>--passfile

126

127

128

129

</group>

130

<sbr/>

131

<group>

132

<arg choice="plain"><option>--dir

133

<replaceable>DIRECTORY</replaceable></option></arg>

134

<arg choice="plain"><option>-d

135

<replaceable>DIRECTORY</replaceable></option></arg>

136

</group>

137

<sbr/>

138

<group>

139

<arg choice="plain"><option>--name

140

141

<arg choice="plain"><option>-n

142

163

</group>

164

165

166

<replaceable>directory</replaceable></arg>

167

</group>

168

169

170

143

171

</group>

144

172

</cmdsynopsis>

145

173

146

174

<command>&COMMANDNAME;</command>

147

175

176

148

177

149

150

178

</group>

151

179

</cmdsynopsis>

152

180

153

181

<command>&COMMANDNAME;</command>

154

182

183

155

184

<arg choice="plain"><option>--version</option></arg>

156

157

185

</group>

158

186

</cmdsynopsis>

159

187

</refsynopsisdiv>

160

188

161

189

162

190

<title>DESCRIPTION</title>

163

191

<para>

164

192

<command>&COMMANDNAME;</command> is a program to generate the

165

OpenPGP key used by

166

<citerefentry><refentrytitle>mandos-client</refentrytitle>

167

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

193

OpenPGP keys used by

194

<citerefentry><refentrytitle>password-request</refentrytitle>

195

<manvolnum>8mandos</manvolnum></citerefentry>. The keys are

168

196

normally written to /etc/mandos for later installation into the

169

initrd image, but this, and most other things, can be changed

170

with command line options.

197

initrd image, but this, like most things, can be changed with

198

command line options.

171

199

</para>

172

200

<para>

173

This program can also be used with the

174

<option>--password</option> or <option>--passfile</option>

175

options to generate a ready-made section for

176

<filename>clients.conf</filename> (see

201

It can also be used to generate ready-made sections for

177

202

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

178

<manvolnum>5</manvolnum></citerefentry>).

203

<manvolnum>5</manvolnum></citerefentry> using the

204

<option>--password</option> option.

179

205

</para>

180

206

</refsect1>

181

207

182

208

183

209

<title>PURPOSE</title>

210

184

211

<para>

185

212

The purpose of this is to enable <emphasis>remote and unattended

186

213

rebooting</emphasis> of client host computer with an

187

214

<emphasis>encrypted root file system</emphasis>. See <xref

188

215

linkend="overview"/> for details.

189

216

</para>

217

190

218

</refsect1>

191

219

192

220

193

221

<title>OPTIONS</title>

194

222

195

223

196

224

197

198

225

199

226

200

227

<para>

201

228

Show a help message and exit

202

229

</para>

203

230

</listitem>

204

231

</varlistentry>

205

232

206

233

207

<term><option>--dir

208

<replaceable>DIRECTORY</replaceable></option></term>

209

<term><option>-d

210

<replaceable>DIRECTORY</replaceable></option></term>

234

<term><literal>-d</literal>, <literal>--dir

235

<replaceable>directory</replaceable></literal></term>

211

236

212

237

<para>

213

238

Target directory for key files. Default is

215

240

</para>

216

241

</listitem>

217

242

</varlistentry>

218

243

219

244

220

<term><option>--type

221

222

<term><option>-t

223

245

<term><literal>-t</literal>, <literal>--type

246

224

247

225

248

<para>

226

249

Key type. Default is <quote>DSA</quote>.

227

250

</para>

228

251

</listitem>

229

252

</varlistentry>

230

253

231

254

232

<term><option>--length

233

234

<term><option>-l

235

255

<term><literal>-l</literal>, <literal>--length

256

236

257

237

258

<para>

238

Key length in bits. Default is 2048.

259

Key length in bits. Default is 1024.

239

260

</para>

240

261

</listitem>

241

262

</varlistentry>

242

263

243

264

244

<term><option>--subtype

245

<replaceable>KEYTYPE</replaceable></option></term>

246

<term><option>-s

247

<replaceable>KEYTYPE</replaceable></option></term>

265

<term><literal>-s</literal>, <literal>--subtype

266

248

267

249

268

<para>

250

269

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

252

271

</para>

253

272

</listitem>

254

273

</varlistentry>

255

274

256

275

257

<term><option>--sublength

258

259

<term><option>-L

260

276

<term><literal>-L</literal>, <literal>--sublength

277

261

278

262

279

<para>

263

280

Subkey length in bits. Default is 2048.

264

281

</para>

265

282

</listitem>

266

283

</varlistentry>

267

284

268

285

269

<term><option>--email

270

<replaceable>ADDRESS</replaceable></option></term>

271

<term><option>-e

272

<replaceable>ADDRESS</replaceable></option></term>

286

<term><literal>-e</literal>, <literal>--email</literal>

287

<replaceable>address</replaceable></term>

273

288

274

289

<para>

275

290

Email address of key. Default is empty.

276

291

</para>

277

292

</listitem>

278

293

</varlistentry>

279

294

280

295

281

<term><option>--comment

282

283

<term><option>-c

284

296

<term><literal>-c</literal>, <literal>--comment</literal>

297

<replaceable>comment</replaceable></term>

285

298

286

299

<para>

287

300

Comment field for key. The default value is

289

302

</para>

290

303

</listitem>

291

304

</varlistentry>

292

305

293

306

294

<term><option>--expire

295

296

<term><option>-x

297

307

<term><literal>-x</literal>, <literal>--expire</literal>

308

298

309

299

310

<para>

300

311

Key expire time. Default is no expiration. See

303

314

</para>

304

315

</listitem>

305

316

</varlistentry>

306

317

307

318

308

<term><option>--force</option></term>

309

319

<term><literal>-f</literal>, <literal>--force</literal></term>

310

320

311

321

<para>

312

Force overwriting old key.

322

Force overwriting old keys.

313

323

</para>

314

324

</listitem>

315

325

</varlistentry>

316

326

317

<term><option>--password</option></term>

318

327

<term><literal>-p</literal>, <literal>--password</literal

328

></term>

319

329

320

330

<para>

321

331

Prompt for a password and encrypt it with the key already

327

337

>8</manvolnum></citerefentry>. The host name or the name

328

338

specified with the <option>--name</option> option is used

329

339

for the section header. All other options are ignored,

330

and no key is created.

331

</para>

332

</listitem>

333

</varlistentry>

334

335

<term><option>--passfile

336

337

<term><option>-F

338

339

340

<para>

341

The same as <option>--password</option>, but read from

342

<replaceable>FILE</replaceable>, not the terminal.

340

and no keys are created.

343

341

</para>

344

342

</listitem>

345

343

</varlistentry>

346

344

</variablelist>

347

345

</refsect1>

348

346

349

347

350

348

<title>OVERVIEW</title>

351

349

<xi:include href="overview.xml"/>

352

350

<para>

353

351

This program is a small utility to generate new OpenPGP keys for

354

new Mandos clients, and to generate sections for inclusion in

355

<filename>clients.conf</filename> on the server.

352

new Mandos clients.

356

353

</para>

357

354

</refsect1>

358

355

359

356

360

357

<title>EXIT STATUS</title>

361

358

<para>

362

The exit status will be 0 if a new key (or password, if the

363

<option>--password</option> option was used) was successfully

364

created, otherwise not.

359

The exit status will be 0 if new keys were successfully created,

360

otherwise not.

365

361

</para>

366

362

</refsect1>

367

363

369

365

<title>ENVIRONMENT</title>

370

366

371

367

372

<term><envar>TMPDIR</envar></term>

368

<term><varname>TMPDIR</varname></term>

373

369

374

370

<para>

375

371

If set, temporary files will be created here. See

418

414

</varlistentry>

419

415

</variablelist>

420

416

</refsect1>

421

422

423

424

425

426

427

417

418

419

420

<para>

421

None are known at this time.

422

</para>

423

</refsect1>

424

428

425

429

426

<title>EXAMPLE</title>

430

427

432

429

Normal invocation needs no options:

433

430

</para>

434

431

<para>

435

<userinput>&COMMANDNAME;</userinput>

432

<userinput>mandos-keygen</userinput>

436

433

</para>

437

434

</informalexample>

438

435

439

436

<para>

440

Create key in another directory and of another type. Force

437

Create keys in another directory and of another type. Force

441

438

overwriting old key files:

442

439

</para>

443

440

<para>

444

441

445

442

446

<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>

447

448

</para>

449

</informalexample>

450

451

<para>

452

Prompt for a password, encrypt it with the key in

453

<filename>/etc/mandos</filename> and output a section suitable

454

for <filename>clients.conf</filename>.

455

</para>

456

<para>

457

<userinput>&COMMANDNAME; --password</userinput>

458

</para>

459

</informalexample>

460

461

<para>

462

Prompt for a password, encrypt it with the key in the

463

<filename>client-key</filename> directory and output a section

464

suitable for <filename>clients.conf</filename>.

465

</para>

466

<para>

467

468

469

<userinput>&COMMANDNAME; --password --dir client-key</userinput>

443

<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>

470

444

471

445

</para>

472

446

</informalexample>

473

447

</refsect1>

474

448

475

449

476

450

<title>SECURITY</title>

477

451

<para>

478

452

The <option>--type</option>, <option>--length</option>,

479

453

<option>--subtype</option>, and <option>--sublength</option>

480

options can be used to create keys of low security. If in

481

doubt, leave them to the default values.

454

options can be used to create keys of insufficient security. If

455

in doubt, leave them to the default values.

482

456

</para>

483

457

<para>

484

The key expire time is <emphasis>not</emphasis> guaranteed to be

485

honored by <citerefentry><refentrytitle>mandos</refentrytitle>

458

The key expire time is not guaranteed to be honored by

459

<citerefentry><refentrytitle>mandos</refentrytitle>

486

460

<manvolnum>8</manvolnum></citerefentry>.

487

461

</para>

488

462

</refsect1>

489

463

490

464

491

465

492

466

<para>

467

<citerefentry><refentrytitle>password-request</refentrytitle>

468

<manvolnum>8mandos</manvolnum></citerefentry>,

469

<citerefentry><refentrytitle>mandos</refentrytitle>

470

<manvolnum>8</manvolnum></citerefentry>,

493

471

494

<manvolnum>1</manvolnum></citerefentry>,

495

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

496

<manvolnum>5</manvolnum></citerefentry>,

497

<citerefentry><refentrytitle>mandos</refentrytitle>

498

<manvolnum>8</manvolnum></citerefentry>,

499

<citerefentry><refentrytitle>mandos-client</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

472

501

473

</para>

502

474

</refsect1>

503

475

504

476

</refentry>

505

506

507

508

509

Older »