1
1
<?xml version="1.0" encoding="UTF-8"?>
2
<?xml-stylesheet type="text/xsl"
3
href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
4
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
5
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
6
4
<!ENTITY VERSION "1.0">
7
5
<!ENTITY COMMANDNAME "password-request">
8
<!ENTITY TIMESTAMP "2008-08-31">
6
<!ENTITY TIMESTAMP "2008-09-02">
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
13
11
<title>Mandos Manual</title>
14
12
<!-- Nwalsh’s docbook scripts use this to generate the footer: -->
36
34
<holder>Teddy Hogeborn</holder>
37
35
<holder>Björn Påhlsson</holder>
41
This manual page is free software: you can redistribute it
42
and/or modify it under the terms of the GNU General Public
43
License as published by the Free Software Foundation,
44
either version 3 of the License, or (at your option) any
49
This manual page is distributed in the hope that it will
50
be useful, but WITHOUT ANY WARRANTY; without even the
51
implied warranty of MERCHANTABILITY or FITNESS FOR A
52
PARTICULAR PURPOSE. See the GNU General Public License
57
You should have received a copy of the GNU General Public
58
License along with this program; If not, see
59
<ulink url="http://www.gnu.org/licenses/"/>.
37
<xi:include href="../legalnotice.xml"/>
148
124
<refsect1 id="description">
149
125
<title>DESCRIPTION</title>
151
<command>&COMMANDNAME;</command> is a mandos plugin that works
152
like a client program that through avahi detects mandos servers,
153
sets up a gnutls connect and request a encrypted password. Any
154
passwords given is automaticly decrypted and passed to
127
<command>&COMMANDNAME;</command> is a client program that
128
communicates with <citerefentry><refentrytitle
129
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>
130
to get a password. It uses IPv6 link-local addresses to get
131
network connectivity, Zeroconf to find the server, and TLS with
132
an OpenPGP key to ensure authenticity and confidentiality. It
133
keeps running, trying all servers on the network, until it
134
receives a satisfactory reply.
137
This program is not meant to be run directly; it is really meant
138
to run as a plugin of the <application>Mandos</application>
139
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
140
<manvolnum>8mandos</manvolnum></citerefentry>, which in turn
141
runs as a <quote>keyscript</quote> specified in the
142
<citerefentry><refentrytitle>crypttab</refentrytitle>
143
<manvolnum>5</manvolnum></citerefentry> file.
147
<refsect1 id="purpose">
148
<title>PURPOSE</title>
150
The purpose of this is to enable <emphasis>remote and unattended
151
rebooting</emphasis> of client host computer with an
152
<emphasis>encrypted root file system</emphasis>. See <xref
153
linkend="overview"/> for details.
157
<refsect1 id="overview">
158
<title>OVERVIEW</title>
159
<xi:include href="overview.xml"/>
161
This program is the client part. It is a plugin started by
162
<citerefentry><refentrytitle>plugin-runner</refentrytitle>
163
<manvolnum>8mandos</manvolnum></citerefentry> which will run in
164
an initial <acronym>RAM</acronym> disk environment.
167
This program could, theoretically, be used as a keyscript in
168
<filename>/etc/crypttab</filename>, but it would then be
169
impossible to enter the encrypted root disk password at the
170
console, since this program does not read from the console at
171
all. This is why a separate plugin does that, which will be run
172
in parallell to this one.
159
176
<refsect1 id="options">
160
177
<title>OPTIONS</title>
162
Commonly not invoked as command lines but from configuration
163
file of plugin runner.
179
This program is commonly not invoked from the command line; it
180
is normally started by the <application>Mandos</application>
181
plugin runner, see <citerefentry><refentrytitle
182
>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
183
</citerefentry>. Any command line options this program accepts
184
are therefore normally provided by the plugin runner, and not
168
190
<term><option>--connect=<replaceable
173
195
><replaceable>PORT</replaceable></option></term>
176
Connect directly to a specified mandos server
198
Do not use Zeroconf to locate servers. Connect directly
199
to only one specified <application>Mandos</application>
200
server. Note that an IPv6 address has colon characters in
201
it, so the <emphasis>last</emphasis> colon character is
202
assumed to separate the address from the port number.
205
This option is normally only useful for debugging.
182
211
<term><option>--keydir=<replaceable
183
212
>DIRECTORY</replaceable></option></term>
185
214
<replaceable>DIRECTORY</replaceable></option></term>
188
Directory where the openpgp keyring is
217
Directory to read the OpenPGP key files
218
<filename>pubkey.txt</filename> and
219
<filename>seckey.txt</filename> from. The default is
220
<filename>/conf/conf.d/mandos</filename> (in the initial
221
<acronym>RAM</acronym> disk environment).
197
230
<replaceable>NAME</replaceable></option></term>
200
Interface that Avahi will connect through
233
Network interface that will be brought up and scanned for
234
Mandos servers to connect to. The default it
235
<quote><literal>eth0</literal></quote>.
206
241
<term><option>--pubkey=<replaceable
207
242
>FILE</replaceable></option></term>
289
336
<refsect1 id="exit_status">
290
337
<title>EXIT STATUS</title>
295
<refsect1 id="environment">
296
<title>ENVIRONMENT</title>
339
This program will exit with a successful (zero) exit status if a
340
server could be found and the password received from it could be
341
successfully decrypted and output on standard output. The
342
program will exit with a non-zero exit status only if a critical
343
error occurs. Otherwise, it will forever connect to new
344
<application>Mandosservers</application> servers as they appear,
345
trying to get a decryptable password.
349
<!-- <refsect1 id="environment"> -->
350
<!-- <title>ENVIRONMENT</title> -->
352
<!-- This program does not use any environment variables. -->
301
356
<refsect1 id="file">
302
357
<title>FILES</title>