/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Hooks take new "modules" argument, and hook names can contain periods.

* debian/mandos-client.README.Debian: Adjust wording.
* debian/rules (binary-common): Exclude nework-hooks.d directory from
                                dh_fixperms.
* initramfs-tools-hook: Also create network hook directory.  Allow
                        periods in hook names.  Only run executable
                        files in hook directory.  Copy needed modules.
* network-hooks.d/bridge: Fix "/usr/bin/brctl" to "/usr/sbin/brctl".
                          Also take "modules" argument.
* plugins.d/mandos-client.xml (NETWORK HOOKS/REQUIREMENTS): Document
                                                            the
                                                            allowing
                                                            of periods
                                                            in hook
                                                            names.
  (NETWORK HOOKS/REQUIREMENTS/files): Adjust wording.
  (NETWORK HOOKS/REQUIREMENTS/modules): New.
  (NETWORK HOOKS/REQUIREMENTS/MANDOSNETHOOKDIR): Clarify.
  (NETWORK HOOKS/REQUIREMENTS/MODE): Add "modules".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2011-02-27">
 
5
<!ENTITY TIMESTAMP "2011-10-03">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
117
117
    <para>
118
118
      <command>&COMMANDNAME;</command> is a server daemon which
119
119
      handles incoming request for passwords for a pre-defined list of
120
 
      client host computers.  The Mandos server uses Zeroconf to
121
 
      announce itself on the local network, and uses TLS to
122
 
      communicate securely with and to authenticate the clients.  The
123
 
      Mandos server uses IPv6 to allow Mandos clients to use IPv6
124
 
      link-local addresses, since the clients will probably not have
125
 
      any other addresses configured (see <xref linkend="overview"/>).
126
 
      Any authenticated client is then given the stored pre-encrypted
127
 
      password for that specific client.
 
120
      client host computers. For an introduction, see
 
121
      <citerefentry><refentrytitle>intro</refentrytitle>
 
122
      <manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
 
123
      uses Zeroconf to announce itself on the local network, and uses
 
124
      TLS to communicate securely with and to authenticate the
 
125
      clients.  The Mandos server uses IPv6 to allow Mandos clients to
 
126
      use IPv6 link-local addresses, since the clients will probably
 
127
      not have any other addresses configured (see <xref
 
128
      linkend="overview"/>).  Any authenticated client is then given
 
129
      the stored pre-encrypted password for that specific client.
128
130
    </para>
129
131
  </refsect1>
130
132
  
352
354
      for some time, the client is assumed to be compromised and is no
353
355
      longer eligible to receive the encrypted password.  (Manual
354
356
      intervention is required to re-enable a client.)  The timeout,
355
 
      checker program, and interval between checks can be configured
356
 
      both globally and per client; see <citerefentry>
357
 
      <refentrytitle>mandos-clients.conf</refentrytitle>
 
357
      extended timeout, checker program, and interval between checks
 
358
      can be configured both globally and per client; see
 
359
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
358
360
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
359
361
      receiving its password will also be treated as a successful
360
362
      checker run.
610
612
  <refsect1 id="see_also">
611
613
    <title>SEE ALSO</title>
612
614
    <para>
613
 
      <citerefentry>
614
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
615
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
616
 
        <refentrytitle>mandos.conf</refentrytitle>
617
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
618
 
        <refentrytitle>mandos-client</refentrytitle>
619
 
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
620
 
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
621
 
      </citerefentry>
 
615
      <citerefentry><refentrytitle>intro</refentrytitle>
 
616
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
617
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
618
      <manvolnum>5</manvolnum></citerefentry>,
 
619
      <citerefentry><refentrytitle>mandos.conf</refentrytitle>
 
620
      <manvolnum>5</manvolnum></citerefentry>,
 
621
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
622
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
623
      <citerefentry><refentrytitle>sh</refentrytitle>
 
624
      <manvolnum>1</manvolnum></citerefentry>
622
625
    </para>
623
626
    <variablelist>
624
627
      <varlistentry>