34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
37
<xi:include href="legalnotice.xml"/>
63
41
<refentrytitle>&COMMANDNAME;</refentrytitle>
64
42
<manvolnum>8</manvolnum>
70
48
Gives encrypted passwords to authenticated Mandos clients
76
54
<command>&COMMANDNAME;</command>
77
<arg>--interface<arg choice="plain">NAME</arg></arg>
78
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
79
<arg>--port<arg choice="plain">PORT</arg></arg>
80
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
81
<arg>--servicename<arg choice="plain">NAME</arg></arg>
82
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
86
<command>&COMMANDNAME;</command>
87
<arg>-i<arg choice="plain">NAME</arg></arg>
88
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
89
<arg>-p<arg choice="plain">PORT</arg></arg>
90
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
91
<arg>--servicename<arg choice="plain">NAME</arg></arg>
92
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
56
<arg choice="plain"><option>--interface
57
<replaceable>NAME</replaceable></option></arg>
58
<arg choice="plain"><option>-i
59
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>--address
64
<replaceable>ADDRESS</replaceable></option></arg>
65
<arg choice="plain"><option>-a
66
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>--port
71
<replaceable>PORT</replaceable></option></arg>
72
<arg choice="plain"><option>-p
73
<replaceable>PORT</replaceable></option></arg>
76
<arg><option>--priority
77
<replaceable>PRIORITY</replaceable></option></arg>
79
<arg><option>--servicename
80
<replaceable>NAME</replaceable></option></arg>
82
<arg><option>--configdir
83
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg><option>--debug</option></arg>
96
88
<command>&COMMANDNAME;</command>
97
89
<group choice="req">
98
<arg choice="plain">-h</arg>
99
<arg choice="plain">--help</arg>
90
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
103
95
<command>&COMMANDNAME;</command>
104
<arg choice="plain">--version</arg>
96
<arg choice="plain"><option>--version</option></arg>
107
99
<command>&COMMANDNAME;</command>
108
<arg choice="plain">--check</arg>
100
<arg choice="plain"><option>--check</option></arg>
110
102
</refsynopsisdiv>
112
104
<refsect1 id="description">
113
105
<title>DESCRIPTION</title>
123
115
Any authenticated client is then given the stored pre-encrypted
124
116
password for that specific client.
129
120
<refsect1 id="purpose">
130
121
<title>PURPOSE</title>
133
123
The purpose of this is to enable <emphasis>remote and unattended
134
124
rebooting</emphasis> of client host computer with an
135
125
<emphasis>encrypted root file system</emphasis>. See <xref
136
126
linkend="overview"/> for details.
141
130
<refsect1 id="options">
142
131
<title>OPTIONS</title>
134
<term><option>--help</option></term>
146
135
<term><option>-h</option></term>
147
<term><option>--help</option></term>
150
138
Show a help message and exit
144
<term><option>--interface</option>
145
<replaceable>NAME</replaceable></term>
156
146
<term><option>-i</option>
157
147
<replaceable>NAME</replaceable></term>
158
<term><option>--interface</option>
159
<replaceable>NAME</replaceable></term>
161
149
<xi:include href="mandos-options.xml" xpointer="interface"/>
166
<term><literal>-a</literal>, <literal>--address <replaceable>
167
ADDRESS</replaceable></literal></term>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
169
159
<xi:include href="mandos-options.xml" xpointer="address"/>
174
<term><literal>-p</literal>, <literal>--port <replaceable>
175
PORT</replaceable></literal></term>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
177
169
<xi:include href="mandos-options.xml" xpointer="port"/>
182
<term><literal>--check</literal></term>
174
<term><option>--check</option></term>
185
177
Run the server’s self-tests. This includes any unit
192
<term><literal>--debug</literal></term>
184
<term><option>--debug</option></term>
194
186
<xi:include href="mandos-options.xml" xpointer="debug"/>
199
<term><literal>--priority <replaceable>
200
PRIORITY</replaceable></literal></term>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
202
194
<xi:include href="mandos-options.xml" xpointer="priority"/>
207
<term><literal>--servicename <replaceable>NAME</replaceable>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
210
202
<xi:include href="mandos-options.xml"
211
203
xpointer="servicename"/>
216
<term><literal>--configdir <replaceable>DIR</replaceable>
208
<term><option>--configdir
209
<replaceable>DIRECTORY</replaceable></option></term>
220
212
Directory to search for configuration files. Default is
492
488
Running this <command>&COMMANDNAME;</command> server program
493
489
should not in itself present any security risk to the host
494
computer running it. The program does not need any special
495
privileges to run, and is designed to run as a non-root user.
490
computer running it. The program switches to a non-root user
498
494
<refsect2 id="CLIENTS">
508
504
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
509
505
<manvolnum>5</manvolnum></citerefentry>)
510
506
<emphasis>must</emphasis> be made non-readable by anyone
511
except the user running the server.
507
except the user starting the server (usually root).
514
510
As detailed in <xref linkend="checking"/>, the status of all
525
521
restarting servers if it is suspected that a client has, in
526
522
fact, been compromised by parties who may now be running a
527
523
fake Mandos client with the keys from the non-encrypted
528
initial RAM image of the client host. What should be done in
529
that case (if restarting the server program really is
530
necessary) is to stop the server program, edit the
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
531
527
configuration file to omit any suspect clients, and restart
532
528
the server program.
535
531
For more details on client-side security, see
536
<citerefentry><refentrytitle>password-request</refentrytitle>
532
<citerefentry><refentrytitle>mandos-client</refentrytitle>
537
533
<manvolnum>8mandos</manvolnum></citerefentry>.
542
538
<refsect1 id="see_also">
543
539
<title>SEE ALSO</title>
547
543
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
548
544
<refentrytitle>mandos.conf</refentrytitle>
549
545
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
550
<refentrytitle>password-request</refentrytitle>
546
<refentrytitle>mandos-client</refentrytitle>
551
547
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
552
548
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>