3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY TIMESTAMP "2008-08-30">
6
<!ENTITY TIMESTAMP "2008-09-06">
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
37
<xi:include href="legalnotice.xml"/>
137
115
Any authenticated client is then given the stored pre-encrypted
138
116
password for that specific client.
143
120
<refsect1 id="purpose">
144
121
<title>PURPOSE</title>
147
123
The purpose of this is to enable <emphasis>remote and unattended
148
124
rebooting</emphasis> of client host computer with an
149
125
<emphasis>encrypted root file system</emphasis>. See <xref
150
126
linkend="overview"/> for details.
155
130
<refsect1 id="options">
156
131
<title>OPTIONS</title>
134
<term><option>--help</option></term>
160
135
<term><option>-h</option></term>
161
<term><option>--help</option></term>
164
138
Show a help message and exit
144
<term><option>--interface</option>
145
<replaceable>NAME</replaceable></term>
170
146
<term><option>-i</option>
171
147
<replaceable>NAME</replaceable></term>
172
<term><option>--interface</option>
173
<replaceable>NAME</replaceable></term>
175
149
<xi:include href="mandos-options.xml" xpointer="interface"/>
180
<term><literal>-a</literal>, <literal>--address <replaceable>
181
ADDRESS</replaceable></literal></term>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
183
159
<xi:include href="mandos-options.xml" xpointer="address"/>
188
<term><literal>-p</literal>, <literal>--port <replaceable>
189
PORT</replaceable></literal></term>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
191
169
<xi:include href="mandos-options.xml" xpointer="port"/>
196
<term><literal>--check</literal></term>
174
<term><option>--check</option></term>
199
177
Run the server’s self-tests. This includes any unit
206
<term><literal>--debug</literal></term>
184
<term><option>--debug</option></term>
208
186
<xi:include href="mandos-options.xml" xpointer="debug"/>
213
<term><literal>--priority <replaceable>
214
PRIORITY</replaceable></literal></term>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
216
194
<xi:include href="mandos-options.xml" xpointer="priority"/>
221
<term><literal>--servicename <replaceable>NAME</replaceable>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
224
202
<xi:include href="mandos-options.xml"
225
203
xpointer="servicename"/>
456
434
Debug mode is conflated with running in the foreground.
459
The console log messages does not show a timestamp.
437
The console log messages does not show a time stamp.
440
This server does not check the expire time of clients’ OpenPGP
506
488
Running this <command>&COMMANDNAME;</command> server program
507
489
should not in itself present any security risk to the host
508
computer running it. The program does not need any special
509
privileges to run, and is designed to run as a non-root user.
490
computer running it. The program switches to a non-root user
512
494
<refsect2 id="CLIENTS">
539
521
restarting servers if it is suspected that a client has, in
540
522
fact, been compromised by parties who may now be running a
541
523
fake Mandos client with the keys from the non-encrypted
542
initial RAM image of the client host. What should be done in
543
that case (if restarting the server program really is
544
necessary) is to stop the server program, edit the
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
545
527
configuration file to omit any suspect clients, and restart
546
528
the server program.
549
531
For more details on client-side security, see
550
<citerefentry><refentrytitle>password-request</refentrytitle>
532
<citerefentry><refentrytitle>mandos-client</refentrytitle>
551
533
<manvolnum>8mandos</manvolnum></citerefentry>.
561
543
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
562
544
<refentrytitle>mandos.conf</refentrytitle>
563
545
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
564
<refentrytitle>password-request</refentrytitle>
546
<refentrytitle>mandos-client</refentrytitle>
565
547
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
566
548
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>