34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
37
<xi:include href="legalnotice.xml"/>
68
46
<refname><command>&COMMANDNAME;</command></refname>
70
Sends encrypted passwords to authenticated Mandos clients
48
Gives encrypted passwords to authenticated Mandos clients
76
54
<command>&COMMANDNAME;</command>
77
<arg>--interface<arg choice="plain">NAME</arg></arg>
78
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
79
<arg>--port<arg choice="plain">PORT</arg></arg>
80
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
81
<arg>--servicename<arg choice="plain">NAME</arg></arg>
82
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
86
<command>&COMMANDNAME;</command>
87
<arg>-i<arg choice="plain">NAME</arg></arg>
88
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
89
<arg>-p<arg choice="plain">PORT</arg></arg>
90
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
91
<arg>--servicename<arg choice="plain">NAME</arg></arg>
92
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
56
<arg choice="plain"><option>--interface
57
<replaceable>NAME</replaceable></option></arg>
58
<arg choice="plain"><option>-i
59
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>--address
64
<replaceable>ADDRESS</replaceable></option></arg>
65
<arg choice="plain"><option>-a
66
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>--port
71
<replaceable>PORT</replaceable></option></arg>
72
<arg choice="plain"><option>-p
73
<replaceable>PORT</replaceable></option></arg>
76
<arg><option>--priority
77
<replaceable>PRIORITY</replaceable></option></arg>
79
<arg><option>--servicename
80
<replaceable>NAME</replaceable></option></arg>
82
<arg><option>--configdir
83
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg><option>--debug</option></arg>
96
88
<command>&COMMANDNAME;</command>
97
89
<group choice="req">
98
<arg choice="plain">-h</arg>
99
<arg choice="plain">--help</arg>
90
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
103
95
<command>&COMMANDNAME;</command>
104
<arg choice="plain">--version</arg>
96
<arg choice="plain"><option>--version</option></arg>
107
99
<command>&COMMANDNAME;</command>
108
<arg choice="plain">--check</arg>
100
<arg choice="plain"><option>--check</option></arg>
110
102
</refsynopsisdiv>
123
115
Any authenticated client is then given the stored pre-encrypted
124
116
password for that specific client.
129
120
<refsect1 id="purpose">
130
121
<title>PURPOSE</title>
133
123
The purpose of this is to enable <emphasis>remote and unattended
134
124
rebooting</emphasis> of client host computer with an
135
125
<emphasis>encrypted root file system</emphasis>. See <xref
136
126
linkend="overview"/> for details.
141
130
<refsect1 id="options">
142
131
<title>OPTIONS</title>
146
<term><literal>-h</literal>, <literal>--help</literal></term>
134
<term><option>--help</option></term>
135
<term><option>-h</option></term>
149
138
Show a help message and exit
155
<term><literal>-i</literal>, <literal>--interface <replaceable
156
>NAME</replaceable></literal></term>
144
<term><option>--interface</option>
145
<replaceable>NAME</replaceable></term>
146
<term><option>-i</option>
147
<replaceable>NAME</replaceable></term>
158
149
<xi:include href="mandos-options.xml" xpointer="interface"/>
163
<term><literal>-a</literal>, <literal>--address <replaceable>
164
ADDRESS</replaceable></literal></term>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
166
159
<xi:include href="mandos-options.xml" xpointer="address"/>
171
<term><literal>-p</literal>, <literal>--port <replaceable>
172
PORT</replaceable></literal></term>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
174
169
<xi:include href="mandos-options.xml" xpointer="port"/>
179
<term><literal>--check</literal></term>
174
<term><option>--check</option></term>
182
177
Run the server’s self-tests. This includes any unit
189
<term><literal>--debug</literal></term>
184
<term><option>--debug</option></term>
191
186
<xi:include href="mandos-options.xml" xpointer="debug"/>
196
<term><literal>--priority <replaceable>
197
PRIORITY</replaceable></literal></term>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
199
194
<xi:include href="mandos-options.xml" xpointer="priority"/>
204
<term><literal>--servicename <replaceable>NAME</replaceable>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
207
202
<xi:include href="mandos-options.xml"
208
203
xpointer="servicename"/>
489
488
Running this <command>&COMMANDNAME;</command> server program
490
489
should not in itself present any security risk to the host
491
computer running it. The program does not need any special
492
privileges to run, and is designed to run as a non-root user.
490
computer running it. The program switches to a non-root user
495
494
<refsect2 id="CLIENTS">
522
521
restarting servers if it is suspected that a client has, in
523
522
fact, been compromised by parties who may now be running a
524
523
fake Mandos client with the keys from the non-encrypted
525
initial RAM image of the client host. What should be done in
526
that case (if restarting the server program really is
527
necessary) is to stop the server program, edit the
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
528
527
configuration file to omit any suspect clients, and restart
529
528
the server program.
532
531
For more details on client-side security, see
533
<citerefentry><refentrytitle>password-request</refentrytitle>
532
<citerefentry><refentrytitle>mandos-client</refentrytitle>
534
533
<manvolnum>8mandos</manvolnum></citerefentry>.
544
543
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
544
<refentrytitle>mandos.conf</refentrytitle>
546
545
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
547
<refentrytitle>password-request</refentrytitle>
546
<refentrytitle>mandos-client</refentrytitle>
548
547
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
549
548
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>