/mandos/release : revision 172

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Committer: Teddy Hogeborn
Date: 2008-09-06 16:33:08 UTC
Revision ID: teddy@fukt.bsnet.se-20080906163308-ciy82qw6jollqrjd

* plugins.d/mandos-client.xml (NAME, OVERVIEW, EXIT STATUS): Improved
wording.

files added:
etc-plugins.d-README

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2009-01-24">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY TIMESTAMP "2008-09-06">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

Client for <application>Mandos</application>

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

115

113

</group>

116

114

</cmdsynopsis>

117

115

</refsynopsisdiv>

118

116

119

117

120

118

<title>DESCRIPTION</title>

121

119

<para>

122

120

<command>&COMMANDNAME;</command> is a client program that

123

121

communicates with <citerefentry><refentrytitle

124

122

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

125

to get a password. It brings up a network interface, uses its

126

IPv6 link-local address to get network connectivity, uses

127

Zeroconf to find servers, and uses TLS with an OpenPGP key to

128

ensure authenticity and confidentiality. It keeps running,

129

trying all servers on the network, until it receives a

130

satisfactory reply or a TERM signal is received.

123

to get a password. It uses IPv6 link-local addresses to get

124

network connectivity, Zeroconf to find servers, and TLS with an

125

OpenPGP key to ensure authenticity and confidentiality. It

126

keeps running, trying all servers on the network, until it

127

receives a satisfactory reply or a TERM signal is received.

131

128

</para>

132

129

<para>

133

130

This program is not meant to be run directly; it is really meant

218

215

</para>

219

216

</listitem>

220

217

</varlistentry>

221

218

222

219

223

220

<term><option>--seckey=<replaceable

224

221

>FILE</replaceable></option></term>

241

238

xpointer="priority"/>

242

239

</listitem>

243

240

</varlistentry>

244

241

245

242

246

243

<term><option>--dh-bits=<replaceable

247

244

>BITS</replaceable></option></term>

287

284

</para>

288

285

</listitem>

289

286

</varlistentry>

290

287

291

288

292

289

<term><option>--version</option></term>

293

290

299

296

</varlistentry>

300

297

</variablelist>

301

298

</refsect1>

302

299

303

300

304

301

<title>OVERVIEW</title>

305

302

<xi:include href="../overview.xml"/>

346

343

</para>

347

344

</refsect1>

348

345

349

346

350

347

<title>FILES</title>

351

348

352

349

371

368

372

369

373

370

374

371

375

372

376

373

<title>EXAMPLE</title>

377

374

<para>

426

423

</para>

427

424

</informalexample>

428

425

</refsect1>

429

426

430

427

431

428

<title>SECURITY</title>

432

429

<para>

452

449

The only remaining weak point is that someone with physical

453

450

access to the client hard drive might turn off the client

454

451

computer, read the OpenPGP keys directly from the hard drive,

455

and communicate with the server. To safeguard against this, the

456

server is supposed to notice the client disappearing and stop

457

giving out the encrypted data. Therefore, it is important to

458

set the timeout and checker interval values tightly on the

459

server. See <citerefentry><refentrytitle

452

and communicate with the server. The defense against this is

453

that the server is supposed to notice the client disappearing

454

and will stop giving out the encrypted data. Therefore, it is

455

important to set the timeout and checker interval values tightly

456

on the server. See <citerefentry><refentrytitle

460

457

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

461

458

</para>

462

459

<para>

473

470

confidential.

474

471

</para>

475

472

</refsect1>

476

473

477

474

478

475

479

476

<para>

604

601

</varlistentry>

605

602

</variablelist>

606

603

</refsect1>

604

607

605

</refentry>

608

609

606

610

607

611

608

Older »