/mandos/release : revision 142

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to TODO

Committer: Teddy Hogeborn
Date: 2008-09-02 17:42:53 UTC
Revision ID: teddy@fukt.bsnet.se-20080902174253-p3wxrq7z6ccnv7fs

* plugins.d/password-request.c (main): Change default GnuTLS priority
                                       string to
                             "SECURE256":!CTYPE-X.509:+CTYPE-OPENPGP".

* plugins.d/password-request.xml (DESCRIPTION): Improve wording.
  (PURPOSE, OVERVIEW): New sections.
  (OPTIONS): Improved wording.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Commented out.

Show diffs side-by-side

added added

removed removed

TODO

** [#B] Add more comments to code

** [#B] Add more if(debug) calls

** [#B] Seperate more code to function for more readability

** [#A] Man page: man8/plugin-runner.8mandos

*** EXIT STATUS

*** EXAMPLES

Examples of normal usage, debug usage, debugging single or all

plugins, etc.

*** FILES

*** SECURITY

Note the danger of using this program, since you might lock

yourself out of your system without any means of entering the root

file system password. This is, however, very unlikely considering

the fallback to getpass(3).

*** BUGS

*** SEE ALSO

Explaining text on what you can read

* password-request

** [#A] Man page: man8/password-request.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

State that this command is not meant to be invoked directly, but

is run as a plugin from mandos-client(8) and only run in the

Must create in preinst if not pre-depending on cryptsetup

* password-prompt

** [#A] Man page: man8/password-prompt.8mandos

*** SYNOPSIS

Document short options

*** DESCRIPTION

Note that this is more or less a simple getpass(3) wrapper, even

though actual use of getpass(3) is not guaranteed.

*** EXIT STATUS

*** ENVIRONMENT

Document use of "cryptsource" and "crypttarget".

*** FILES

*** BUGS

*** EXAMPLE

Examples of normal usage, debug usage, with a prefix, etc.

*** SECURITY

Not much to do here but it is noteworthy to state the danger of

not having a fallback option.

*** SEE ALSO

Refer to mandos-client(8mandos) and password-request(8mandos)

and also, perhaps, to cryptsetup(8)?

** Use getpass(3)?

** [#C] Use getpass(3)?

Man page says "obsolete", but [[info:libc:getpass][GNU LibC Manual: Reading Passwords]]

does not. See also [[http://sources.redhat.com/ml/libc-alpha/2003-05/msg00251.html][Marcus Brinkmann: Re: getpass obsolete?]] and

[[http://article.gmane.org/gmane.comp.lib.glibc.alpha/4906][Petter Reinholdtsen: Re: getpass obsolete?]], and especially also

[[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]

* mandos (server)

** [#A] Config file man page: man5/mandos.conf (mandos.conf)

** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)

** [#A] /etc/init.d/mandos-server :teddy:

** [#B] Log level :bugs:

** /etc/mandos/clients.d/*.conf

106

** Disable client

107

** Enable client

108

* Man pages

** Use xinclude for common sections

Like authors, etc.

109

* Installer

110

** Client-side

111

*** Update initrd.img after installation

112

This seems to use some kind of "trigger" system

[[file:/usr/share/doc/dpkg/triggers.txt.gz]]

dpkg-trigger(1), deb-triggers(5)

113

*** Keydir move: /etc/mandos -> /etc/keys/mandos

114

Must create in preinst if not pre-depending on cryptsetup

115

*** mandos-keygen

116

**** [#A] Output cut-and-paste ready snippet for clients.conf.

**** "--passfile" option

Using the "secfile" option instead of "secret"

**** [#A] "--test" option

For testing decryption before rebooting.

117

** Server-side

118

*** [#A] Create mandos user and group for server

119

*** [#A] Create /var/run/mandos directory with perm and ownership

Older »