/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-07-20 06:33:48 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080720063348-jscgy5p0itrgvlo8
* mandos-clients.conf ([foo]): Uncommented.
  ([foo]/secret): New.
  ([foo]/secfile): Commented out.
  ([foo]/checker): Changed to "fping -q -- %%(fqdn)s".
  ([foo]/timeout): New.

* server.py: New modeline for Python and Emacs.  Set a logging format.
  (Client.__init__): Bug fix: Choose either the value from the options
                     object or pass the argument through string_to_delta
                     for both "timeout" and "interval".
  (Client.checker_callback): Bug fix: Do not log spurious "Checker for
                             <foo> failed" messages.
  (Client.start_checker): Moved "Starting checker" log message down to
                          just before actually starting the subprocess.
                          Do not redirect the subprocesses' stdout to a
                          pipe.
  (peer_certificate, fingerprint): Added docstrings.
  (entry_group_state_changed): Call "killme()" instead of
                               "main_loop.quit()".
  (daemon, killme): New functions.
  (exitstatus, main_loop_started): New global variables.
  (__main__): Removed the "--cert", "--key", "--ca", and "--crl"
              options.  Removed the sleep command from the default
              checker.  Add a console logger in debug mode.  Call
              "killme()" instead of "main_loop.quit()" when there are no
              more clients.  Call "daemon()" if not in debug mode.
              Register "cleanup()" to run at exit.  Ignore some
              signals.  Catch DBusException to detect another running
              server and exit cleanly.  Exit with "exitstatus".
  (cleanup): New function.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version="1.0" encoding="UTF-8"?>
2
 
<?xml-stylesheet type="text/xsl"
3
 
        href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
4
 
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
5
 
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
6
 
<!ENTITY VERSION "1.0">
7
 
<!ENTITY COMMANDNAME "password-request">
8
 
<!ENTITY TIMESTAMP "2008-08-31">
9
 
]>
10
 
 
11
 
<refentry>
12
 
  <refentryinfo>
13
 
    <title>Mandos Manual</title>
14
 
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
15
 
    <productname>Mandos</productname>
16
 
    <productnumber>&VERSION;</productnumber>
17
 
    <date>&TIMESTAMP;</date>
18
 
    <authorgroup>
19
 
      <author>
20
 
        <firstname>Björn</firstname>
21
 
        <surname>Påhlsson</surname>
22
 
        <address>
23
 
          <email>belorn@fukt.bsnet.se</email>
24
 
        </address>
25
 
      </author>
26
 
      <author>
27
 
        <firstname>Teddy</firstname>
28
 
        <surname>Hogeborn</surname>
29
 
        <address>
30
 
          <email>teddy@fukt.bsnet.se</email>
31
 
        </address>
32
 
      </author>
33
 
    </authorgroup>
34
 
    <copyright>
35
 
      <year>2008</year>
36
 
      <holder>Teddy Hogeborn</holder>
37
 
      <holder>Björn Påhlsson</holder>
38
 
    </copyright>
39
 
    <legalnotice>
40
 
      <para>
41
 
        This manual page is free software: you can redistribute it
42
 
        and/or modify it under the terms of the GNU General Public
43
 
        License as published by the Free Software Foundation,
44
 
        either version 3 of the License, or (at your option) any
45
 
        later version.
46
 
      </para>
47
 
 
48
 
      <para>
49
 
        This manual page is distributed in the hope that it will
50
 
        be useful, but WITHOUT ANY WARRANTY; without even the
51
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
52
 
        PARTICULAR PURPOSE.  See the GNU General Public License
53
 
        for more details.
54
 
      </para>
55
 
 
56
 
      <para>
57
 
        You should have received a copy of the GNU General Public
58
 
        License along with this program; If not, see
59
 
        <ulink url="http://www.gnu.org/licenses/"/>.
60
 
      </para>
61
 
    </legalnotice>
62
 
  </refentryinfo>
63
 
 
64
 
  <refmeta>
65
 
    <refentrytitle>&COMMANDNAME;</refentrytitle>
66
 
    <manvolnum>8mandos</manvolnum>
67
 
  </refmeta>
68
 
  
69
 
  <refnamediv>
70
 
    <refname><command>&COMMANDNAME;</command></refname>
71
 
    <refpurpose>
72
 
      Client for mandos
73
 
    </refpurpose>
74
 
  </refnamediv>
75
 
 
76
 
  <refsynopsisdiv>
77
 
    <cmdsynopsis>
78
 
      <command>&COMMANDNAME;</command>
79
 
      <group>
80
 
        <arg choice="plain"><option>--connect
81
 
        <replaceable>IPADDR</replaceable><literal>:</literal
82
 
        ><replaceable>PORT</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-c
84
 
        <replaceable>IPADDR</replaceable><literal>:</literal
85
 
        ><replaceable>PORT</replaceable></option></arg>
86
 
      </group>
87
 
      <sbr/>
88
 
      <group>
89
 
        <arg choice="plain"><option>--keydir
90
 
        <replaceable>DIRECTORY</replaceable></option></arg>
91
 
        <arg choice="plain"><option>-d
92
 
        <replaceable>DIRECTORY</replaceable></option></arg>
93
 
      </group>
94
 
      <sbr/>
95
 
      <group>
96
 
        <arg choice="plain"><option>--interface
97
 
        <replaceable>NAME</replaceable></option></arg>
98
 
        <arg choice="plain"><option>-i
99
 
        <replaceable>NAME</replaceable></option></arg>
100
 
      </group>
101
 
      <sbr/>
102
 
      <group>
103
 
        <arg choice="plain"><option>--pubkey
104
 
        <replaceable>FILE</replaceable></option></arg>
105
 
        <arg choice="plain"><option>-p
106
 
        <replaceable>FILE</replaceable></option></arg>
107
 
      </group>
108
 
      <sbr/>
109
 
      <group>
110
 
        <arg choice="plain"><option>--seckey
111
 
        <replaceable>FILE</replaceable></option></arg>
112
 
        <arg choice="plain"><option>-s
113
 
        <replaceable>FILE</replaceable></option></arg>
114
 
      </group>
115
 
      <sbr/>
116
 
      <arg>
117
 
        <option>--priority <replaceable>STRING</replaceable></option>
118
 
      </arg>
119
 
      <sbr/>
120
 
      <arg>
121
 
        <option>--dh-bits <replaceable>BITS</replaceable></option>
122
 
      </arg>
123
 
      <sbr/>
124
 
      <arg>
125
 
        <option>--debug</option>
126
 
      </arg>
127
 
    </cmdsynopsis>
128
 
    <cmdsynopsis>
129
 
      <command>&COMMANDNAME;</command>
130
 
      <group choice="req">
131
 
        <arg choice="plain"><option>--help</option></arg>
132
 
        <arg choice="plain"><option>-?</option></arg>
133
 
      </group>
134
 
    </cmdsynopsis>
135
 
    <cmdsynopsis>
136
 
      <command>&COMMANDNAME;</command>
137
 
      <arg choice="plain"><option>--usage</option></arg>
138
 
    </cmdsynopsis>
139
 
    <cmdsynopsis>
140
 
      <command>&COMMANDNAME;</command>
141
 
      <group choice="req">
142
 
        <arg choice="plain"><option>--version</option></arg>
143
 
        <arg choice="plain"><option>-V</option></arg>
144
 
      </group>
145
 
    </cmdsynopsis>
146
 
  </refsynopsisdiv>
147
 
 
148
 
  <refsect1 id="description">
149
 
    <title>DESCRIPTION</title>
150
 
    <para>
151
 
      <command>&COMMANDNAME;</command> is a mandos plugin that works
152
 
      like a client program that through avahi detects mandos servers,
153
 
      sets up a gnutls connect and request a encrypted password. Any
154
 
      passwords given is automaticly decrypted and passed to
155
 
      cryptsetup.
156
 
    </para>
157
 
  </refsect1>
158
 
  
159
 
  <refsect1 id="options">
160
 
    <title>OPTIONS</title>
161
 
    <para>
162
 
      Commonly not invoked as command lines but from configuration
163
 
      file of plugin runner.
164
 
    </para>
165
 
 
166
 
    <variablelist>
167
 
      <varlistentry>
168
 
        <term><option>--connect=<replaceable
169
 
        >IPADDR</replaceable><literal>:</literal><replaceable
170
 
        >PORT</replaceable></option></term>
171
 
        <term><option>-c
172
 
        <replaceable>IPADDR</replaceable><literal>:</literal
173
 
        ><replaceable>PORT</replaceable></option></term>
174
 
        <listitem>
175
 
          <para>
176
 
            Connect directly to a specified mandos server
177
 
          </para>
178
 
        </listitem>
179
 
      </varlistentry>
180
 
 
181
 
      <varlistentry>
182
 
        <term><option>--keydir=<replaceable
183
 
        >DIRECTORY</replaceable></option></term>
184
 
        <term><option>-d
185
 
        <replaceable>DIRECTORY</replaceable></option></term>
186
 
        <listitem>
187
 
          <para>
188
 
            Directory where the openpgp keyring is
189
 
          </para>
190
 
        </listitem>
191
 
      </varlistentry>
192
 
 
193
 
      <varlistentry>
194
 
        <term><option>--interface=
195
 
        <replaceable>NAME</replaceable></option></term>
196
 
        <term><option>-i
197
 
        <replaceable>NAME</replaceable></option></term>
198
 
        <listitem>
199
 
          <para>
200
 
            Interface that Avahi will connect through
201
 
          </para>
202
 
        </listitem>
203
 
      </varlistentry>
204
 
 
205
 
      <varlistentry>
206
 
        <term><option>--pubkey=<replaceable
207
 
        >FILE</replaceable></option></term>
208
 
        <term><option>-p
209
 
        <replaceable>FILE</replaceable></option></term>
210
 
        <listitem>
211
 
          <para>
212
 
            Public openpgp key for gnutls authentication
213
 
          </para>
214
 
        </listitem>
215
 
      </varlistentry>
216
 
 
217
 
      <varlistentry>
218
 
        <term><option>--seckey=<replaceable
219
 
        >FILE</replaceable></option></term>
220
 
        <term><option>-s
221
 
        <replaceable>FILE</replaceable></option></term>
222
 
        <listitem>
223
 
          <para>
224
 
            Secret OpenPGP key for GnuTLS authentication
225
 
          </para>
226
 
        </listitem>
227
 
      </varlistentry>
228
 
      
229
 
      <varlistentry>
230
 
        <term><option>--priority=<replaceable
231
 
        >STRING</replaceable></option></term>
232
 
        <listitem>
233
 
          <para>
234
 
            GnuTLS priority
235
 
          </para>
236
 
        </listitem>
237
 
      </varlistentry>
238
 
 
239
 
      <varlistentry>
240
 
        <term><option>--dh-bits=<replaceable
241
 
        >BITS</replaceable></option></term>
242
 
        <listitem>
243
 
          <para>
244
 
            DH bits to use in gnutls communication
245
 
          </para>
246
 
        </listitem>
247
 
      </varlistentry>
248
 
      
249
 
      <varlistentry>
250
 
        <term><option>--debug</option></term>
251
 
        <listitem>
252
 
          <para>
253
 
            Debug mode
254
 
          </para>
255
 
        </listitem>
256
 
      </varlistentry>
257
 
      
258
 
      <varlistentry>
259
 
        <term><option>--help</option></term>
260
 
        <term><option>-?</option></term>
261
 
        <listitem>
262
 
          <para>
263
 
            Gives a help message
264
 
          </para>
265
 
        </listitem>
266
 
      </varlistentry>
267
 
      
268
 
      <varlistentry>
269
 
        <term><option>--usage</option></term>
270
 
        <listitem>
271
 
          <para>
272
 
            Gives a short usage message
273
 
          </para>
274
 
        </listitem>
275
 
      </varlistentry>
276
 
 
277
 
      <varlistentry>
278
 
        <term><option>--version</option></term>
279
 
        <term><option>-V</option></term>
280
 
        <listitem>
281
 
          <para>
282
 
            Prints the program version
283
 
          </para>
284
 
        </listitem>
285
 
      </varlistentry>
286
 
    </variablelist>
287
 
  </refsect1>
288
 
 
289
 
  <refsect1 id="exit_status">
290
 
    <title>EXIT STATUS</title>
291
 
    <para>
292
 
    </para>
293
 
  </refsect1>
294
 
 
295
 
  <refsect1 id="environment">
296
 
    <title>ENVIRONMENT</title>
297
 
    <para>
298
 
    </para>
299
 
  </refsect1>
300
 
 
301
 
  <refsect1 id="file">
302
 
    <title>FILES</title>
303
 
    <para>
304
 
    </para>
305
 
  </refsect1>
306
 
  
307
 
  <refsect1 id="bugs">
308
 
    <title>BUGS</title>
309
 
    <para>
310
 
    </para>
311
 
  </refsect1>
312
 
 
313
 
  <refsect1 id="example">
314
 
    <title>EXAMPLE</title>
315
 
    <para>
316
 
    </para>
317
 
  </refsect1>
318
 
 
319
 
  <refsect1 id="security">
320
 
    <title>SECURITY</title>
321
 
    <para>
322
 
    </para>
323
 
  </refsect1>
324
 
 
325
 
  <refsect1 id="see_also">
326
 
    <title>SEE ALSO</title>
327
 
    <para>
328
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
329
 
      <manvolnum>8</manvolnum></citerefentry>,
330
 
      <citerefentry><refentrytitle>password-prompt</refentrytitle>
331
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
332
 
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
333
 
      <manvolnum>8mandos</manvolnum></citerefentry>
334
 
    </para>
335
 
    <itemizedlist>
336
 
      <listitem><para>
337
 
        <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
338
 
      </para></listitem>
339
 
      
340
 
      <listitem><para>
341
 
        <ulink url="http://www.avahi.org/">Avahi</ulink>
342
 
      </para></listitem>
343
 
      
344
 
      <listitem><para>
345
 
        <ulink
346
 
            url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
347
 
      </para></listitem>
348
 
      
349
 
      <listitem><para>
350
 
        <ulink
351
 
        url="http://www.gnupg.org/related_software/gpgme/">
352
 
        GPGME</ulink>
353
 
      </para></listitem>
354
 
      
355
 
      <listitem><para>
356
 
        <citation>RFC 4880: <citetitle>OpenPGP Message
357
 
        Format</citetitle></citation>
358
 
      </para></listitem>
359
 
      
360
 
      <listitem><para>
361
 
        <citation>RFC 5081: <citetitle>Using OpenPGP Keys for
362
 
        Transport Layer Security</citetitle></citation>
363
 
      </para></listitem>
364
 
      
365
 
      <listitem><para>
366
 
        <citation>RFC 4291: <citetitle>IP Version 6 Addressing
367
 
        Architecture</citetitle>, section 2.5.6, Link-Local IPv6
368
 
        Unicast Addresses</citation>
369
 
      </para></listitem>
370
 
    </itemizedlist>
371
 
  </refsect1>
372
 
 
373
 
</refentry>
374
 
<!-- Local Variables: -->
375
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
376
 
<!-- time-stamp-end: "[\"']>" -->
377
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
378
 
<!-- End: -->