34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
37
<xi:include href="legalnotice.xml"/>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
41
63
<refentrytitle>&COMMANDNAME;</refentrytitle>
42
64
<manvolnum>8</manvolnum>
46
68
<refname><command>&COMMANDNAME;</command></refname>
48
Gives encrypted passwords to authenticated Mandos clients
70
Sends encrypted passwords to authenticated Mandos clients
54
76
<command>&COMMANDNAME;</command>
56
<arg choice="plain"><option>--interface
57
<replaceable>NAME</replaceable></option></arg>
58
<arg choice="plain"><option>-i
59
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>--address
64
<replaceable>ADDRESS</replaceable></option></arg>
65
<arg choice="plain"><option>-a
66
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>--port
71
<replaceable>PORT</replaceable></option></arg>
72
<arg choice="plain"><option>-p
73
<replaceable>PORT</replaceable></option></arg>
76
<arg><option>--priority
77
<replaceable>PRIORITY</replaceable></option></arg>
79
<arg><option>--servicename
80
<replaceable>NAME</replaceable></option></arg>
82
<arg><option>--configdir
83
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg><option>--debug</option></arg>
77
<arg>--interface<arg choice="plain">NAME</arg></arg>
78
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
79
<arg>--port<arg choice="plain">PORT</arg></arg>
80
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
81
<arg>--servicename<arg choice="plain">NAME</arg></arg>
82
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
86
<command>&COMMANDNAME;</command>
87
<arg>-i<arg choice="plain">NAME</arg></arg>
88
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
89
<arg>-p<arg choice="plain">PORT</arg></arg>
90
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
91
<arg>--servicename<arg choice="plain">NAME</arg></arg>
92
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
88
96
<command>&COMMANDNAME;</command>
89
97
<group choice="req">
90
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
98
<arg choice="plain">-h</arg>
99
<arg choice="plain">--help</arg>
95
103
<command>&COMMANDNAME;</command>
96
<arg choice="plain"><option>--version</option></arg>
104
<arg choice="plain">--version</arg>
99
107
<command>&COMMANDNAME;</command>
100
<arg choice="plain"><option>--check</option></arg>
108
<arg choice="plain">--check</arg>
102
110
</refsynopsisdiv>
104
112
<refsect1 id="description">
105
113
<title>DESCRIPTION</title>
115
123
Any authenticated client is then given the stored pre-encrypted
116
124
password for that specific client.
120
129
<refsect1 id="purpose">
121
130
<title>PURPOSE</title>
123
133
The purpose of this is to enable <emphasis>remote and unattended
124
134
rebooting</emphasis> of client host computer with an
125
135
<emphasis>encrypted root file system</emphasis>. See <xref
126
136
linkend="overview"/> for details.
130
141
<refsect1 id="options">
131
142
<title>OPTIONS</title>
134
<term><option>--help</option></term>
135
<term><option>-h</option></term>
146
<term><literal>-h</literal>, <literal>--help</literal></term>
138
149
Show a help message and exit
144
<term><option>--interface</option>
145
<replaceable>NAME</replaceable></term>
146
<term><option>-i</option>
147
<replaceable>NAME</replaceable></term>
155
<term><literal>-i</literal>, <literal>--interface <replaceable
156
>NAME</replaceable></literal></term>
149
158
<xi:include href="mandos-options.xml" xpointer="interface"/>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
163
<term><literal>-a</literal>, <literal>--address <replaceable>
164
ADDRESS</replaceable></literal></term>
159
166
<xi:include href="mandos-options.xml" xpointer="address"/>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
171
<term><literal>-p</literal>, <literal>--port <replaceable>
172
PORT</replaceable></literal></term>
169
174
<xi:include href="mandos-options.xml" xpointer="port"/>
174
<term><option>--check</option></term>
179
<term><literal>--check</literal></term>
177
182
Run the server’s self-tests. This includes any unit
184
<term><option>--debug</option></term>
189
<term><literal>--debug</literal></term>
186
191
<xi:include href="mandos-options.xml" xpointer="debug"/>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
196
<term><literal>--priority <replaceable>
197
PRIORITY</replaceable></literal></term>
194
199
<xi:include href="mandos-options.xml" xpointer="priority"/>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
204
<term><literal>--servicename <replaceable>NAME</replaceable>
202
207
<xi:include href="mandos-options.xml"
203
208
xpointer="servicename"/>
208
<term><option>--configdir
209
<replaceable>DIRECTORY</replaceable></option></term>
213
<term><literal>--configdir <replaceable>DIR</replaceable>
212
217
Directory to search for configuration files. Default is
504
505
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
505
506
<manvolnum>5</manvolnum></citerefentry>)
506
507
<emphasis>must</emphasis> be made non-readable by anyone
507
except the user starting the server (usually root).
508
except the user running the server.
510
511
As detailed in <xref linkend="checking"/>, the status of all
521
522
restarting servers if it is suspected that a client has, in
522
523
fact, been compromised by parties who may now be running a
523
524
fake Mandos client with the keys from the non-encrypted
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
525
initial RAM image of the client host. What should be done in
526
that case (if restarting the server program really is
527
necessary) is to stop the server program, edit the
527
528
configuration file to omit any suspect clients, and restart
528
529
the server program.
531
532
For more details on client-side security, see
532
<citerefentry><refentrytitle>mandos-client</refentrytitle>
533
<citerefentry><refentrytitle>password-request</refentrytitle>
533
534
<manvolnum>8mandos</manvolnum></citerefentry>.
538
539
<refsect1 id="see_also">
539
540
<title>SEE ALSO</title>
543
<refentrytitle>mandos.conf</refentrytitle>
544
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
542
545
<refentrytitle>mandos-clients.conf</refentrytitle>
543
546
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
544
<refentrytitle>mandos.conf</refentrytitle>
545
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
546
<refentrytitle>mandos-client</refentrytitle>
547
<refentrytitle>password-request</refentrytitle>
547
548
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
548
549
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>