/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-01 16:19:32 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080901161932-ostp7tulh9aijulh
* plugin-runner.c (add_environment): Never insert existing environment
                                     variables.
  (main): Rename "--global-envs" to "--global-env" and "--envs-for" to
          "--env-for".

* plugin-runner.xml (SYNOPSIS): Rename "--global-envs" to
                                "--global-env" and "--envs-for" to
                                "--env-for".
  (OPTIONS): Added "--global-env" and "--env-for".
  (FALLBACK): Add id attribute.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): New section.
  (FILES): Document configuration file.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
 
6
<!ENTITY TIMESTAMP "2008-09-01">
6
7
]>
7
8
 
8
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
9
10
  <refentryinfo>
10
 
    <title>&COMMANDNAME;</title>
 
11
    <title>Mandos Manual</title>
11
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
12
 
    <productname>&COMMANDNAME;</productname>
 
13
    <productname>Mandos</productname>
13
14
    <productnumber>&VERSION;</productnumber>
 
15
    <date>&TIMESTAMP;</date>
14
16
    <authorgroup>
15
17
      <author>
16
18
        <firstname>Björn</firstname>
32
34
      <holder>Teddy Hogeborn</holder>
33
35
      <holder>Björn Påhlsson</holder>
34
36
    </copyright>
35
 
    <legalnotice>
36
 
      <para>
37
 
        This manual page is free software: you can redistribute it
38
 
        and/or modify it under the terms of the GNU General Public
39
 
        License as published by the Free Software Foundation,
40
 
        either version 3 of the License, or (at your option) any
41
 
        later version.
42
 
      </para>
43
 
 
44
 
      <para>
45
 
        This manual page is distributed in the hope that it will
46
 
        be useful, but WITHOUT ANY WARRANTY; without even the
47
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
48
 
        PARTICULAR PURPOSE.  See the GNU General Public License
49
 
        for more details.
50
 
      </para>
51
 
 
52
 
      <para>
53
 
        You should have received a copy of the GNU General Public
54
 
        License along with this program; If not, see
55
 
        <ulink url="http://www.gnu.org/licenses/"/>.
56
 
      </para>
57
 
    </legalnotice>
 
37
    <xi:include href="legalnotice.xml"/>
58
38
  </refentryinfo>
59
39
 
60
40
  <refmeta>
65
45
  <refnamediv>
66
46
    <refname><command>&COMMANDNAME;</command></refname>
67
47
    <refpurpose>
68
 
      Sends encrypted passwords to authenticated Mandos clients
 
48
      Gives encrypted passwords to authenticated Mandos clients
69
49
    </refpurpose>
70
50
  </refnamediv>
71
51
 
72
52
  <refsynopsisdiv>
73
53
    <cmdsynopsis>
74
54
      <command>&COMMANDNAME;</command>
75
 
      <arg>--interface<arg choice="plain">NAME</arg></arg>
76
 
      <arg>--address<arg choice="plain">ADDRESS</arg></arg>
77
 
      <arg>--port<arg choice="plain">PORT</arg></arg>
78
 
      <arg>--priority<arg choice="plain">PRIORITY</arg></arg>
79
 
      <arg>--servicename<arg choice="plain">NAME</arg></arg>
80
 
      <arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
81
 
      <arg>--debug</arg>
82
 
    </cmdsynopsis>
83
 
    <cmdsynopsis>
84
 
      <command>&COMMANDNAME;</command>
85
 
      <arg>-i<arg choice="plain">NAME</arg></arg>
86
 
      <arg>-a<arg choice="plain">ADDRESS</arg></arg>
87
 
      <arg>-p<arg choice="plain">PORT</arg></arg>
88
 
      <arg>--priority<arg choice="plain">PRIORITY</arg></arg>
89
 
      <arg>--servicename<arg choice="plain">NAME</arg></arg>
90
 
      <arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
91
 
      <arg>--debug</arg>
 
55
      <group>
 
56
        <arg choice="plain"><option>--interface
 
57
        <replaceable>NAME</replaceable></option></arg>
 
58
        <arg choice="plain"><option>-i
 
59
        <replaceable>NAME</replaceable></option></arg>
 
60
      </group>
 
61
      <sbr/>
 
62
      <group>
 
63
        <arg choice="plain"><option>--address
 
64
        <replaceable>ADDRESS</replaceable></option></arg>
 
65
        <arg choice="plain"><option>-a
 
66
        <replaceable>ADDRESS</replaceable></option></arg>
 
67
      </group>
 
68
      <sbr/>
 
69
      <group>
 
70
        <arg choice="plain"><option>--port
 
71
        <replaceable>PORT</replaceable></option></arg>
 
72
        <arg choice="plain"><option>-p
 
73
        <replaceable>PORT</replaceable></option></arg>
 
74
      </group>
 
75
      <sbr/>
 
76
      <arg><option>--priority
 
77
      <replaceable>PRIORITY</replaceable></option></arg>
 
78
      <sbr/>
 
79
      <arg><option>--servicename
 
80
      <replaceable>NAME</replaceable></option></arg>
 
81
      <sbr/>
 
82
      <arg><option>--configdir
 
83
      <replaceable>DIRECTORY</replaceable></option></arg>
 
84
      <sbr/>
 
85
      <arg><option>--debug</option></arg>
92
86
    </cmdsynopsis>
93
87
    <cmdsynopsis>
94
88
      <command>&COMMANDNAME;</command>
95
89
      <group choice="req">
96
 
        <arg choice="plain">-h</arg>
97
 
        <arg choice="plain">--help</arg>
 
90
        <arg choice="plain"><option>--help</option></arg>
 
91
        <arg choice="plain"><option>-h</option></arg>
98
92
      </group>
99
93
    </cmdsynopsis>
100
94
    <cmdsynopsis>
101
95
      <command>&COMMANDNAME;</command>
102
 
      <arg choice="plain">--version</arg>
 
96
      <arg choice="plain"><option>--version</option></arg>
103
97
    </cmdsynopsis>
104
98
    <cmdsynopsis>
105
99
      <command>&COMMANDNAME;</command>
106
 
      <arg choice="plain">--check</arg>
 
100
      <arg choice="plain"><option>--check</option></arg>
107
101
    </cmdsynopsis>
108
102
  </refsynopsisdiv>
109
103
 
133
127
      <emphasis>encrypted root file system</emphasis>.  See <xref
134
128
      linkend="overview"/> for details.
135
129
    </para>
136
 
 
 
130
    
137
131
  </refsect1>
138
132
  
139
133
  <refsect1 id="options">
140
134
    <title>OPTIONS</title>
141
 
 
 
135
    
142
136
    <variablelist>
143
137
      <varlistentry>
144
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
138
        <term><option>--help</option></term>
 
139
        <term><option>-h</option></term>
145
140
        <listitem>
146
141
          <para>
147
142
            Show a help message and exit
148
143
          </para>
149
144
        </listitem>
150
145
      </varlistentry>
151
 
 
 
146
      
152
147
      <varlistentry>
153
 
        <term><literal>-i</literal>, <literal>--interface <replaceable
154
 
        >NAME</replaceable></literal></term>
 
148
        <term><option>--interface</option>
 
149
        <replaceable>NAME</replaceable></term>
 
150
        <term><option>-i</option>
 
151
        <replaceable>NAME</replaceable></term>
155
152
        <listitem>
156
153
          <xi:include href="mandos-options.xml" xpointer="interface"/>
157
154
        </listitem>
158
155
      </varlistentry>
159
 
 
 
156
      
160
157
      <varlistentry>
161
 
        <term><literal>-a</literal>, <literal>--address <replaceable>
162
 
        ADDRESS</replaceable></literal></term>
 
158
        <term><option>--address
 
159
        <replaceable>ADDRESS</replaceable></option></term>
 
160
        <term><option>-a
 
161
        <replaceable>ADDRESS</replaceable></option></term>
163
162
        <listitem>
164
163
          <xi:include href="mandos-options.xml" xpointer="address"/>
165
164
        </listitem>
166
165
      </varlistentry>
167
 
 
 
166
      
168
167
      <varlistentry>
169
 
        <term><literal>-p</literal>, <literal>--port <replaceable>
170
 
        PORT</replaceable></literal></term>
 
168
        <term><option>--port
 
169
        <replaceable>PORT</replaceable></option></term>
 
170
        <term><option>-p
 
171
        <replaceable>PORT</replaceable></option></term>
171
172
        <listitem>
172
173
          <xi:include href="mandos-options.xml" xpointer="port"/>
173
174
        </listitem>
174
175
      </varlistentry>
175
 
 
 
176
      
176
177
      <varlistentry>
177
 
        <term><literal>--check</literal></term>
 
178
        <term><option>--check</option></term>
178
179
        <listitem>
179
180
          <para>
180
181
            Run the server’s self-tests.  This includes any unit
182
183
          </para>
183
184
        </listitem>
184
185
      </varlistentry>
185
 
 
 
186
      
186
187
      <varlistentry>
187
 
        <term><literal>--debug</literal></term>
 
188
        <term><option>--debug</option></term>
188
189
        <listitem>
189
190
          <xi:include href="mandos-options.xml" xpointer="debug"/>
190
191
        </listitem>
191
192
      </varlistentry>
192
193
 
193
194
      <varlistentry>
194
 
        <term><literal>--priority <replaceable>
195
 
        PRIORITY</replaceable></literal></term>
 
195
        <term><option>--priority <replaceable>
 
196
        PRIORITY</replaceable></option></term>
196
197
        <listitem>
197
198
          <xi:include href="mandos-options.xml" xpointer="priority"/>
198
199
        </listitem>
199
200
      </varlistentry>
200
201
 
201
202
      <varlistentry>
202
 
        <term><literal>--servicename <replaceable>NAME</replaceable>
203
 
        </literal></term>
 
203
        <term><option>--servicename
 
204
        <replaceable>NAME</replaceable></option></term>
204
205
        <listitem>
205
206
          <xi:include href="mandos-options.xml"
206
207
                      xpointer="servicename"/>
208
209
      </varlistentry>
209
210
 
210
211
      <varlistentry>
211
 
        <term><literal>--configdir <replaceable>DIR</replaceable>
212
 
        </literal></term>
 
212
        <term><option>--configdir
 
213
        <replaceable>DIRECTORY</replaceable></option></term>
213
214
        <listitem>
214
215
          <para>
215
216
            Directory to search for configuration files.  Default is
223
224
      </varlistentry>
224
225
 
225
226
      <varlistentry>
226
 
        <term><literal>--version</literal></term>
 
227
        <term><option>--version</option></term>
227
228
        <listitem>
228
229
          <para>
229
230
            Prints the program version and exit.
239
240
    <para>
240
241
      This program is the server part.  It is a normal server program
241
242
      and will run in a normal system environment, not in an initial
242
 
      RAM disk environment.
 
243
      <acronym>RAM</acronym> disk environment.
243
244
    </para>
244
245
  </refsect1>
245
246
 
337
338
    <title>ENVIRONMENT</title>
338
339
    <variablelist>
339
340
      <varlistentry>
340
 
        <term><varname>PATH</varname></term>
 
341
        <term><envar>PATH</envar></term>
341
342
        <listitem>
342
343
          <para>
343
344
            To start the configured checker (see <xref
448
449
        Normal invocation needs no options:
449
450
      </para>
450
451
      <para>
451
 
        <userinput>mandos</userinput>
 
452
        <userinput>&COMMANDNAME;</userinput>
452
453
      </para>
453
454
    </informalexample>
454
455
    <informalexample>
461
462
      <para>
462
463
 
463
464
<!-- do not wrap this line -->
464
 
<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>
 
465
<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>
465
466
 
466
467
      </para>
467
468
    </informalexample>
473
474
      <para>
474
475
 
475
476
<!-- do not wrap this line -->
476
 
<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
 
477
<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
477
478
 
478
479
      </para>
479
480
    </informalexample>
520
521
        restarting servers if it is suspected that a client has, in
521
522
        fact, been compromised by parties who may now be running a
522
523
        fake Mandos client with the keys from the non-encrypted
523
 
        initial RAM image of the client host.  What should be done in
524
 
        that case (if restarting the server program really is
525
 
        necessary) is to stop the server program, edit the
 
524
        initial <acronym>RAM</acronym> image of the client host.  What
 
525
        should be done in that case (if restarting the server program
 
526
        really is necessary) is to stop the server program, edit the
526
527
        configuration file to omit any suspect clients, and restart
527
528
        the server program.
528
529
      </para>
538
539
    <title>SEE ALSO</title>
539
540
    <para>
540
541
      <citerefentry>
 
542
        <refentrytitle>mandos-clients.conf</refentrytitle>
 
543
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
541
544
        <refentrytitle>mandos.conf</refentrytitle>
542
545
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
543
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
544
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
546
        <refentrytitle>password-request</refentrytitle>
546
547
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
547
548
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
572
573
      </varlistentry>
573
574
      <varlistentry>
574
575
        <term>
575
 
          <ulink
576
 
              url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
 
576
          <ulink url="http://www.gnu.org/software/gnutls/"
 
577
          >GnuTLS</ulink>
577
578
        </term>
578
579
      <listitem>
579
580
        <para>
585
586
      </varlistentry>
586
587
      <varlistentry>
587
588
        <term>
588
 
          <citation>RFC 4291: <citetitle>IP Version 6 Addressing
589
 
          Architecture</citetitle>, section 2.5.6, Link-Local IPv6
590
 
          Unicast Addresses</citation>
 
589
          RFC 4291: <citetitle>IP Version 6 Addressing
 
590
          Architecture</citetitle>
591
591
        </term>
592
592
        <listitem>
593
 
          <para>
594
 
            The clients use IPv6 link-local addresses, which are
595
 
            immediately usable since a link-local addresses is
596
 
            automatically assigned to a network interfaces when it is
597
 
            brought up.
598
 
          </para>
 
593
          <variablelist>
 
594
            <varlistentry>
 
595
              <term>Section 2.2: <citetitle>Text Representation of
 
596
              Addresses</citetitle></term>
 
597
              <listitem><para/></listitem>
 
598
            </varlistentry>
 
599
            <varlistentry>
 
600
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
601
              Address</citetitle></term>
 
602
              <listitem><para/></listitem>
 
603
            </varlistentry>
 
604
            <varlistentry>
 
605
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
606
            Addresses</citetitle></term>
 
607
            <listitem>
 
608
              <para>
 
609
                The clients use IPv6 link-local addresses, which are
 
610
                immediately usable since a link-local addresses is
 
611
                automatically assigned to a network interfaces when it
 
612
                is brought up.
 
613
              </para>
 
614
            </listitem>
 
615
            </varlistentry>
 
616
          </variablelist>
599
617
        </listitem>
600
618
      </varlistentry>
601
619
      <varlistentry>
602
620
        <term>
603
 
          <citation>RFC 4346: <citetitle>The Transport Layer Security
604
 
          (TLS) Protocol Version 1.1</citetitle></citation>
 
621
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
622
          Protocol Version 1.1</citetitle>
605
623
        </term>
606
624
      <listitem>
607
625
        <para>
611
629
      </varlistentry>
612
630
      <varlistentry>
613
631
        <term>
614
 
          <citation>RFC 4880: <citetitle>OpenPGP Message
615
 
          Format</citetitle></citation>
 
632
          RFC 4880: <citetitle>OpenPGP Message Format</citetitle>
616
633
        </term>
617
634
      <listitem>
618
635
        <para>
622
639
      </varlistentry>
623
640
      <varlistentry>
624
641
        <term>
625
 
          <citation>RFC 5081: <citetitle>Using OpenPGP Keys for
626
 
          Transport Layer Security</citetitle></citation>
 
642
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
643
          Security</citetitle>
627
644
        </term>
628
645
      <listitem>
629
646
        <para>
635
652
    </variablelist>
636
653
  </refsect1>
637
654
</refentry>
 
655
<!-- Local Variables: -->
 
656
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
657
<!-- time-stamp-end: "[\"']>" -->
 
658
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
659
<!-- End: -->