/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-04 12:38:35 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080904123835-hervuvv4pmpxl8r1
* README: Improved wording.

* initramfs-tools-hook: Do not copy auto-save files from
                        "/etc/mandos/plugins.d".  Do not create key
                        ring files.  Do not reset permissions on
                        things like "$DESTDIR/lib/mandos/plugins.d",
                        which should not be publicly accessible.

* plugin-runner.xml (DESCRIPTION, PLUGINS): Improved grammar.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "password-prompt">
5
 
<!ENTITY TIMESTAMP "2019-07-27">
6
 
<!ENTITY % common SYSTEM "../common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-01">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
12
11
    <title>Mandos Manual</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
19
18
        <firstname>Björn</firstname>
20
19
        <surname>Påhlsson</surname>
21
20
        <address>
22
 
          <email>belorn@recompile.se</email>
 
21
          <email>belorn@fukt.bsnet.se</email>
23
22
        </address>
24
23
      </author>
25
24
      <author>
26
25
        <firstname>Teddy</firstname>
27
26
        <surname>Hogeborn</surname>
28
27
        <address>
29
 
          <email>teddy@recompile.se</email>
 
28
          <email>teddy@fukt.bsnet.se</email>
30
29
        </address>
31
30
      </author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
 
      <year>2019</year>
46
34
      <holder>Teddy Hogeborn</holder>
47
35
      <holder>Björn Påhlsson</holder>
48
36
    </copyright>
69
57
        >PREFIX</replaceable></arg>
70
58
      </group>
71
59
      <sbr/>
72
 
      <arg choice="opt">
73
 
        <option>--prompt <replaceable>PROMPT</replaceable></option>
74
 
      </arg>
75
60
      <arg choice="opt"><option>--debug</option></arg>
76
61
    </cmdsynopsis>
77
62
    <cmdsynopsis>
98
83
    <title>DESCRIPTION</title>
99
84
    <para>
100
85
      All <command>&COMMANDNAME;</command> does is prompt for a
101
 
      password and output any given password to standard output.
102
 
    </para>
103
 
    <para>
104
 
      This program is not very useful on its own.  This program is
105
 
      really meant to run as a plugin in the <application
106
 
      >Mandos</application> client-side system, where it is used as a
107
 
      fallback and alternative to retrieving passwords from a
108
 
      <application >Mandos</application> server.
 
86
      password and output any given password to standard output.  This
 
87
      is not very useful on its own.  This program is really meant to
 
88
      run as a plugin in the <application>Mandos</application>
 
89
      client-side system, where it is used as a fallback and
 
90
      alternative to retriving passwords from a <application
 
91
      >Mandos</application> server.
109
92
    </para>
110
93
    <para>
111
94
      This program is little more than a <citerefentry><refentrytitle
113
96
      wrapper, although actual use of that function is not guaranteed
114
97
      or implied.
115
98
    </para>
116
 
    <para>
117
 
      This program tries to detect if a Plymouth daemon
118
 
      (<citerefentry><refentrytitle
119
 
      >plymouthd</refentrytitle><manvolnum>8</manvolnum></citerefentry>)
120
 
      is running, by looking for a
121
 
      <filename>/run/plymouth/pid</filename> file or a process named
122
 
      <quote><literal>plymouthd</literal></quote>.  If it is detected,
123
 
      this process will immediately exit without doing anything.
124
 
    </para>
125
99
  </refsect1>
126
100
  
127
101
  <refsect1 id="options">
150
124
      </varlistentry>
151
125
      
152
126
      <varlistentry>
153
 
        <term><option>--prompt=<replaceable
154
 
        >PROMPT</replaceable></option></term>
155
 
        <listitem>
156
 
          <para>
157
 
            The password prompt.  Using this option will make this
158
 
            program ignore the <envar>CRYPTTAB_SOURCE</envar> and
159
 
            <envar>CRYPTTAB_NAME</envar> environment variables.
160
 
          </para>
161
 
        </listitem>
162
 
      </varlistentry>
163
 
      
164
 
      <varlistentry>
165
127
        <term><option>--debug</option></term>
166
128
        <listitem>
167
129
          <para>
217
179
    <title>ENVIRONMENT</title>
218
180
    <variablelist>
219
181
      <varlistentry>
220
 
        <term><envar>CRYPTTAB_SOURCE</envar></term>
221
 
        <term><envar>CRYPTTAB_NAME</envar></term>
 
182
        <term><envar>cryptsource</envar></term>
 
183
        <term><envar>crypttarget</envar></term>
222
184
        <listitem>
223
185
          <para>
224
 
            If set, and if the <option>--prompt</option> option is not
225
 
            used, these environment variables will be assumed to
 
186
            If set, these environment variables will be assumed to
226
187
            contain the source device name and the target device
227
188
            mapper name, respectively, and will be shown as part of
228
189
            the prompt.
230
191
        <para>
231
192
          These variables will normally be inherited from
232
193
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
233
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
234
 
          have in turn inherited them from its calling process.
 
194
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
195
          normally have inherited them from
 
196
          <filename>/scripts/local-top/cryptroot</filename> in the
 
197
          initial <acronym>RAM</acronym> disk environment, which will
 
198
          have set them from parsing kernel arguments and
 
199
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
200
          initial RAM disk environment), which in turn will have been
 
201
          created when the initial RAM disk image was created by
 
202
          <filename
 
203
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
204
          extracting the information of the root file system from
 
205
          <filename >/etc/crypttab</filename>.
235
206
        </para>
236
207
        <para>
237
208
          This behavior is meant to exactly mirror the behavior of
238
 
          <command>askpass</command>, the default password prompter
239
 
          from initramfs-tools.
 
209
          <command>askpass</command>, the default password prompter.
240
210
        </para>
241
211
        </listitem>
242
212
      </varlistentry>
245
215
  
246
216
  <refsect1 id="bugs">
247
217
    <title>BUGS</title>
248
 
    <xi:include href="../bugs.xml"/>
 
218
    <para>
 
219
      None are known at this time.
 
220
    </para>
249
221
  </refsect1>
250
222
  
251
223
  <refsect1 id="example">
268
240
      <para>
269
241
        Show a prefix before the prompt; in this case, a host name.
270
242
        It might be useful to be reminded of which host needs a
271
 
        password, in case of <acronym>KVM</acronym> switches, etc.
 
243
        password, in case of KVM switches, etc.
272
244
      </para>
273
245
      <para>
274
246
 
298
270
      >plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>
299
271
      </citerefentry>, and will, when run standalone, outside, in a
300
272
      normal environment, immediately output on its standard output
301
 
      any presumably secret password it just received.  Therefore,
 
273
      any presumably secret password it just recieved.  Therefore,
302
274
      when running this program standalone (which should never
303
275
      normally be done), take care not to type in any real secret
304
276
      password by force of habit, since it would then immediately be
316
288
  <refsect1 id="see_also">
317
289
    <title>SEE ALSO</title>
318
290
    <para>
319
 
      <citerefentry><refentrytitle>intro</refentrytitle>
320
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
321
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
322
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
291
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
292
      <manvolnum>5</manvolnum></citerefentry>
 
293
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
294
      <manvolnum>8mandos</manvolnum></citerefentry>
323
295
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
324
296
      <manvolnum>8mandos</manvolnum></citerefentry>,
325
 
      <citerefentry><refentrytitle>plymouthd</refentrytitle>
326
 
      <manvolnum>8</manvolnum></citerefentry>
327
297
    </para>
328
298
  </refsect1>
329
299
</refentry>