/mandos/release : revision 15

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

Committer: Teddy Hogeborn
Date: 2008-07-20 06:33:48 UTC
Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8

* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

files added:
ca.pem

cert.pem

client-cert.pem

client-key.pem

crl.pem

key.pem

plugins.d/Makefile

files removed:
COPYING

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.xml

plugins.d/usplash

files renamed:
clients.conf => mandos-clients.conf

plugin-runner.c => plugbasedclient.c

plugins.d/password-request.c => plugins.d/mandosclient.c

plugins.d/password-prompt.c => plugins.d/passprompt.c

mandos => server.py

files modified:
Makefile

TODO

Show diffs side-by-side

added added

removed removed

mandos.conf.xml

<?xml version='1.0' encoding='UTF-8'?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY CONFNAME "mandos.conf">

<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">

<!ENTITY OVERVIEW SYSTEM "overview.xml">

<title>&CONFNAME;</title>

<productname>&CONFNAME;</productname>

<productnumber>&VERSION;</productnumber>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

<refentrytitle>&CONFNAME;</refentrytitle>

</refmeta>

<refname><filename>&CONFNAME;</filename></refname>

Configuration file for the Mandos server

</refpurpose>

</refnamediv>

&CONFPATH;

</synopsis>

</refsynopsisdiv>

<title>DESCRIPTION</title>

<para>

The file &CONFPATH; is a simple configuration file for

<citerefentry><refentrytitle>mandos</refentrytitle>

<manvolnum>8</manvolnum></citerefentry>, and is read by it at

startup. The configuration file starts with

<quote><literal>[DEFAULT]</literal></quote> on a line by itself,

followed by any number of

<quote><varname><replaceable>option</replaceable></varname>=<replaceable>value</replaceable></quote>

entries, with continuations in the style of RFC 822.

<quote><varname><replaceable>option</replaceable></varname>:

<replaceable>value</replaceable></quote> is also accepted. Note

that leading whitespace is removed from values. Lines beginning

with <quote>#</quote> or <quote>;</quote> are ignored and may be

used to provide comments.

</para>

</refsect1>

100

<title>OPTIONS</title>

101

102

103

104

<term><varname>interface</varname></term>

105

106

<synopsis><literal>interface = </literal><arg

107

choice="plain"><replaceable>IF</replaceable></arg>

108

</synopsis>

109

<xi:include href="mandos-options.xml" xpointer="interface"/>

110

</listitem>

111

</varlistentry>

112

113

114

<term><varname>address</varname></term>

115

116

<synopsis><literal>address = </literal><arg

117

choice="plain"><replaceable>ADDRESS</replaceable></arg>

118

</synopsis>

119

<xi:include href="mandos-options.xml" xpointer="address"/>

120

</listitem>

121

</varlistentry>

122

123

124

125

126

<synopsis><literal>port = </literal><arg

127

choice="plain"><replaceable>PORT</replaceable></arg>

128

</synopsis>

129

<xi:include href="mandos-options.xml" xpointer="port"/>

130

</listitem>

131

</varlistentry>

132

133

134

<term><varname>debug</varname></term>

135

136

<synopsis><literal>debug =</literal><group choice="req">

137

138

139

140

141

142

143

<arg choice="plain">false</arg>

144

145

</group>

146

</synopsis>

147

<xi:include href="mandos-options.xml" xpointer="debug"/>

148

</listitem>

149

</varlistentry>

150

151

152

<term><varname>priority</varname></term>

153

154

<synopsis><literal>priority = </literal><arg

155

choice="plain"><replaceable>PRIORITY</replaceable></arg>

156

</synopsis>

157

<xi:include href="mandos-options.xml" xpointer="priority"/>

158

</listitem>

159

</varlistentry>

160

161

162

<term><varname>servicename</varname></term>

163

<synopsis><literal>servicename = </literal><arg

164

choice="plain"><replaceable>NAME</replaceable></arg>

165

</synopsis>

166

167

<xi:include href="mandos-options.xml"

168

xpointer="servicename"/>

169

</listitem>

170

</varlistentry>

171

172

</variablelist>

173

</refsect1>

174

175

176

<title>FILES</title>

177

<para>

178

The file described here is &CONFPATH;

179

</para>

180

</refsect1>

181

182

183

184

<para>

185

The <literal>[DEFAULT]</literal> is necessary because the Python

186

module <systemitem class="library">ConfigParser</systemitem>

187

requres it.

188

</para>

189

</refsect1>

190

191

192

<title>EXAMPLE</title>

193

194

195

[DEFAULT]

196

# A configuration example

197

interface = eth0

198

address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672

199

port = 1025

200

debug = true

201

priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP

202

servicename = Mandos

203

</programlisting>

204

</informalexample>

205

</refsect1>

206

</refentry>

Older »