/mandos/release : revision 109

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-27 01:18:25 UTC
Revision ID: teddy@fukt.bsnet.se-20080827011825-ka3ni6xvy2ehi1y8

* .bzrignore: New.

* clients.conf ([foo]): Remove Radix-64 checksum.

* mandos (AvahiService.rename, server_state_changed,
          entry_group_state_changed): Make Avahi log messages more
                                      clear that they are about
                                      Zeroconf.
  (fingerprint): Use plain "0" instead of "ctypes.c_uint(0)".

files removed:
legalnotice.xml

files modified:
Makefile

TODO

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-09-02">

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

<sbr/>

<arg><option>--servicename

<sbr/>

<arg><option>--configdir

<replaceable>DIRECTORY</replaceable></option></arg>

<sbr/>

<arg><option>--debug</option></arg>

<arg>--interface<arg choice="plain">NAME</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

</group>

</cmdsynopsis>

100

101

<command>&COMMANDNAME;</command>

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

103

</cmdsynopsis>

104

105

<command>&COMMANDNAME;</command>

100

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

101

107

</cmdsynopsis>

102

108

</refsynopsisdiv>

103

109

115

121

Any authenticated client is then given the stored pre-encrypted

116

122

password for that specific client.

117

123

</para>

124

118

125

</refsect1>

119

126

120

127

121

128

<title>PURPOSE</title>

129

122

130

<para>

123

131

The purpose of this is to enable <emphasis>remote and unattended

124

132

rebooting</emphasis> of client host computer with an

125

133

<emphasis>encrypted root file system</emphasis>. See <xref

126

134

linkend="overview"/> for details.

127

135

</para>

136

128

137

</refsect1>

129

138

130

139

131

140

<title>OPTIONS</title>

141

132

142

133

143

134

135

144

136

145

137

146

<para>

138

147

Show a help message and exit

139

148

</para>

140

149

</listitem>

141

150

</varlistentry>

142

151

143

152

144

<term><option>--interface</option>

145

146

147

153

<term><literal>-i</literal>, <literal>--interface <replaceable

154

>NAME</replaceable></literal></term>

148

155

149

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

150

157

</listitem>

151

158

</varlistentry>

152

159

153

160

154

<term><option>--address

155

<replaceable>ADDRESS</replaceable></option></term>

156

<term><option>-a

157

<replaceable>ADDRESS</replaceable></option></term>

161

<term><literal>-a</literal>, <literal>--address <replaceable>

162

ADDRESS</replaceable></literal></term>

158

163

159

164

<xi:include href="mandos-options.xml" xpointer="address"/>

160

165

</listitem>

161

166

</varlistentry>

162

167

163

168

164

<term><option>--port

165

166

<term><option>-p

167

169

170

PORT</replaceable></literal></term>

168

171

169

172

<xi:include href="mandos-options.xml" xpointer="port"/>

170

173

</listitem>

171

174

</varlistentry>

172

175

173

176

174

<term><option>--check</option></term>

177

<term><literal>--check</literal></term>

175

178

176

179

<para>

177

180

Run the server’s self-tests. This includes any unit

179

182

</para>

180

183

</listitem>

181

184

</varlistentry>

182

185

183

186

184

<term><option>--debug</option></term>

187

<term><literal>--debug</literal></term>

185

188

186

189

<xi:include href="mandos-options.xml" xpointer="debug"/>

187

190

</listitem>

188

191

</varlistentry>

189

192

190

193

191

<term><option>--priority <replaceable>

192

PRIORITY</replaceable></option></term>

194

<term><literal>--priority <replaceable>

195

PRIORITY</replaceable></literal></term>

193

196

194

197

<xi:include href="mandos-options.xml" xpointer="priority"/>

195

198

</listitem>

196

199

</varlistentry>

197

200

198

201

199

<term><option>--servicename

200

202

<term><literal>--servicename <replaceable>NAME</replaceable>

203

</literal></term>

201

204

202

205

<xi:include href="mandos-options.xml"

203

206

xpointer="servicename"/>

205

208

</varlistentry>

206

209

207

210

208

<term><option>--configdir

209

<replaceable>DIRECTORY</replaceable></option></term>

211

<term><literal>--configdir <replaceable>DIR</replaceable>

212

</literal></term>

210

213

211

214

<para>

212

215

Directory to search for configuration files. Default is

220

223

</varlistentry>

221

224

222

225

223

<term><option>--version</option></term>

226

<term><literal>--version</literal></term>

224

227

225

228

<para>

226

229

Prints the program version and exit.

236

239

<para>

237

240

This program is the server part. It is a normal server program

238

241

and will run in a normal system environment, not in an initial

239

<acronym>RAM</acronym> disk environment.

242

RAM disk environment.

240

243

</para>

241

244

</refsect1>

242

245

334

337

<title>ENVIRONMENT</title>

335

338

336

339

337

340

338

341

339

342

<para>

340

343

To start the configured checker (see <xref

445

448

Normal invocation needs no options:

446

449

</para>

447

450

<para>

448

<userinput>&COMMANDNAME;</userinput>

451

<userinput>mandos</userinput>

449

452

</para>

450

453

</informalexample>

451

454

458

461

<para>

459

462

460

463

461

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

464

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

462

465

463

466

</para>

464

467

</informalexample>

470

473

<para>

471

474

472

475

473

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

476

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

474

477

475

478

</para>

476

479

</informalexample>

517

520

restarting servers if it is suspected that a client has, in

518

521

fact, been compromised by parties who may now be running a

519

522

fake Mandos client with the keys from the non-encrypted

520

initial <acronym>RAM</acronym> image of the client host. What

521

should be done in that case (if restarting the server program

522

really is necessary) is to stop the server program, edit the

523

initial RAM image of the client host. What should be done in

524

that case (if restarting the server program really is

525

necessary) is to stop the server program, edit the

523

526

configuration file to omit any suspect clients, and restart

524

527

the server program.

525

528

</para>

535

538

536

539

<para>

537

540

541

<refentrytitle>mandos.conf</refentrytitle>

542

538

543

<refentrytitle>mandos-clients.conf</refentrytitle>

539

544

540

<refentrytitle>mandos.conf</refentrytitle>

541

542

545

<refentrytitle>password-request</refentrytitle>

543

546

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

544

547

648

651

</variablelist>

649

652

</refsect1>

650

653

</refentry>

651

652

653

654

655

Older »