3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY TIMESTAMP "2008-09-01">
8
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
<title>&COMMANDNAME;</title>
11
<title>Mandos Manual</title>
11
12
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
12
<productname>&COMMANDNAME;</productname>
13
<productname>Mandos</productname>
13
14
<productnumber>&VERSION;</productnumber>
15
<date>&TIMESTAMP;</date>
16
18
<firstname>Björn</firstname>
32
34
<holder>Teddy Hogeborn</holder>
33
35
<holder>Björn Påhlsson</holder>
37
This manual page is free software: you can redistribute it
38
and/or modify it under the terms of the GNU General Public
39
License as published by the Free Software Foundation,
40
either version 3 of the License, or (at your option) any
45
This manual page is distributed in the hope that it will
46
be useful, but WITHOUT ANY WARRANTY; without even the
47
implied warranty of MERCHANTABILITY or FITNESS FOR A
48
PARTICULAR PURPOSE. See the GNU General Public License
53
You should have received a copy of the GNU General Public
54
License along with this program; If not, see
55
<ulink url="http://www.gnu.org/licenses/"/>.
37
<xi:include href="legalnotice.xml"/>
66
46
<refname><command>&COMMANDNAME;</command></refname>
68
Sends encrypted passwords to authenticated Mandos clients
48
Gives encrypted passwords to authenticated Mandos clients
74
54
<command>&COMMANDNAME;</command>
75
<arg>--interface<arg choice="plain">NAME</arg></arg>
76
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
77
<arg>--port<arg choice="plain">PORT</arg></arg>
78
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
79
<arg>--servicename<arg choice="plain">NAME</arg></arg>
80
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
84
<command>&COMMANDNAME;</command>
85
<arg>-i<arg choice="plain">NAME</arg></arg>
86
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
87
<arg>-p<arg choice="plain">PORT</arg></arg>
88
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
89
<arg>--servicename<arg choice="plain">NAME</arg></arg>
90
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
56
<arg choice="plain"><option>--interface
57
<replaceable>NAME</replaceable></option></arg>
58
<arg choice="plain"><option>-i
59
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>--address
64
<replaceable>ADDRESS</replaceable></option></arg>
65
<arg choice="plain"><option>-a
66
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>--port
71
<replaceable>PORT</replaceable></option></arg>
72
<arg choice="plain"><option>-p
73
<replaceable>PORT</replaceable></option></arg>
76
<arg><option>--priority
77
<replaceable>PRIORITY</replaceable></option></arg>
79
<arg><option>--servicename
80
<replaceable>NAME</replaceable></option></arg>
82
<arg><option>--configdir
83
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg><option>--debug</option></arg>
94
88
<command>&COMMANDNAME;</command>
95
89
<group choice="req">
96
<arg choice="plain">-h</arg>
97
<arg choice="plain">--help</arg>
90
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
101
95
<command>&COMMANDNAME;</command>
102
<arg choice="plain">--version</arg>
96
<arg choice="plain"><option>--version</option></arg>
105
99
<command>&COMMANDNAME;</command>
106
<arg choice="plain">--check</arg>
100
<arg choice="plain"><option>--check</option></arg>
108
102
</refsynopsisdiv>
133
127
<emphasis>encrypted root file system</emphasis>. See <xref
134
128
linkend="overview"/> for details.
139
133
<refsect1 id="options">
140
134
<title>OPTIONS</title>
144
<term><literal>-h</literal>, <literal>--help</literal></term>
138
<term><option>--help</option></term>
139
<term><option>-h</option></term>
147
142
Show a help message and exit
153
<term><literal>-i</literal>, <literal>--interface <replaceable
154
>NAME</replaceable></literal></term>
148
<term><option>--interface</option>
149
<replaceable>NAME</replaceable></term>
150
<term><option>-i</option>
151
<replaceable>NAME</replaceable></term>
156
153
<xi:include href="mandos-options.xml" xpointer="interface"/>
161
<term><literal>-a</literal>, <literal>--address <replaceable>
162
ADDRESS</replaceable></literal></term>
158
<term><option>--address
159
<replaceable>ADDRESS</replaceable></option></term>
161
<replaceable>ADDRESS</replaceable></option></term>
164
163
<xi:include href="mandos-options.xml" xpointer="address"/>
169
<term><literal>-p</literal>, <literal>--port <replaceable>
170
PORT</replaceable></literal></term>
169
<replaceable>PORT</replaceable></option></term>
171
<replaceable>PORT</replaceable></option></term>
172
173
<xi:include href="mandos-options.xml" xpointer="port"/>
177
<term><literal>--check</literal></term>
178
<term><option>--check</option></term>
180
181
Run the server’s self-tests. This includes any unit
187
<term><literal>--debug</literal></term>
188
<term><option>--debug</option></term>
189
190
<xi:include href="mandos-options.xml" xpointer="debug"/>
194
<term><literal>--priority <replaceable>
195
PRIORITY</replaceable></literal></term>
195
<term><option>--priority <replaceable>
196
PRIORITY</replaceable></option></term>
197
198
<xi:include href="mandos-options.xml" xpointer="priority"/>
202
<term><literal>--servicename <replaceable>NAME</replaceable>
203
<term><option>--servicename
204
<replaceable>NAME</replaceable></option></term>
205
206
<xi:include href="mandos-options.xml"
206
207
xpointer="servicename"/>
520
521
restarting servers if it is suspected that a client has, in
521
522
fact, been compromised by parties who may now be running a
522
523
fake Mandos client with the keys from the non-encrypted
523
initial RAM image of the client host. What should be done in
524
that case (if restarting the server program really is
525
necessary) is to stop the server program, edit the
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
526
527
configuration file to omit any suspect clients, and restart
527
528
the server program.
538
539
<title>SEE ALSO</title>
542
<refentrytitle>mandos-clients.conf</refentrytitle>
543
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
541
544
<refentrytitle>mandos.conf</refentrytitle>
542
545
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
543
<refentrytitle>mandos-clients.conf</refentrytitle>
544
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
546
<refentrytitle>password-request</refentrytitle>
546
547
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
547
548
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
588
<citation>RFC 4291: <citetitle>IP Version 6 Addressing
589
Architecture</citetitle>, section 2.5.6, Link-Local IPv6
590
Unicast Addresses</citation>
589
RFC 4291: <citetitle>IP Version 6 Addressing
590
Architecture</citetitle>
594
The clients use IPv6 link-local addresses, which are
595
immediately usable since a link-local addresses is
596
automatically assigned to a network interfaces when it is
595
<term>Section 2.2: <citetitle>Text Representation of
596
Addresses</citetitle></term>
597
<listitem><para/></listitem>
600
<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
601
Address</citetitle></term>
602
<listitem><para/></listitem>
605
<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
606
Addresses</citetitle></term>
609
The clients use IPv6 link-local addresses, which are
610
immediately usable since a link-local addresses is
611
automatically assigned to a network interfaces when it
603
<citation>RFC 4346: <citetitle>The Transport Layer Security
604
(TLS) Protocol Version 1.1</citetitle></citation>
621
RFC 4346: <citetitle>The Transport Layer Security (TLS)
622
Protocol Version 1.1</citetitle>