/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version="1.0" encoding="UTF-8"?>
2
 
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
 
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2017-02-23">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
 
]>
9
 
 
10
 
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
 
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
13
 
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
17
 
    <authorgroup>
18
 
      <author>
19
 
        <firstname>Björn</firstname>
20
 
        <surname>Påhlsson</surname>
21
 
        <address>
22
 
          <email>belorn@recompile.se</email>
23
 
        </address>
24
 
      </author>
25
 
      <author>
26
 
        <firstname>Teddy</firstname>
27
 
        <surname>Hogeborn</surname>
28
 
        <address>
29
 
          <email>teddy@recompile.se</email>
30
 
        </address>
31
 
      </author>
32
 
    </authorgroup>
33
 
    <copyright>
34
 
      <year>2010</year>
35
 
      <year>2011</year>
36
 
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
 
      <year>2016</year>
41
 
      <year>2017</year>
42
 
      <holder>Teddy Hogeborn</holder>
43
 
      <holder>Björn Påhlsson</holder>
44
 
    </copyright>
45
 
    <xi:include href="legalnotice.xml"/>
46
 
  </refentryinfo>
47
 
  
48
 
  <refmeta>
49
 
    <refentrytitle>&COMMANDNAME;</refentrytitle>
50
 
    <manvolnum>8</manvolnum>
51
 
  </refmeta>
52
 
  
53
 
  <refnamediv>
54
 
    <refname><command>&COMMANDNAME;</command></refname>
55
 
    <refpurpose>
56
 
      Control or query the operation of the Mandos server
57
 
    </refpurpose>
58
 
  </refnamediv>
59
 
  
60
 
  <refsynopsisdiv>
61
 
    <cmdsynopsis>
62
 
      <command>&COMMANDNAME;</command>
63
 
      <group choice="req">
64
 
        <group>
65
 
          <arg choice="plain"><option>--enable</option></arg>
66
 
          <arg choice="plain"><option>-e</option></arg>
67
 
          <sbr/>
68
 
          <arg choice="plain"><option>--disable</option></arg>
69
 
          <arg choice="plain"><option>-d</option></arg>
70
 
        </group>
71
 
        <sbr/>
72
 
        <group>
73
 
          <arg choice="plain"><option>--bump-timeout</option></arg>
74
 
          <arg choice="plain"><option>-b</option></arg>
75
 
        </group>
76
 
        <sbr/>
77
 
        <group>
78
 
          <arg choice="plain"><option>--start-checker</option></arg>
79
 
        </group>
80
 
        <sbr/>
81
 
        <group>
82
 
          <arg choice="plain"><option>--stop-checker</option></arg>
83
 
        </group>
84
 
        <sbr/>
85
 
        <group>
86
 
          <arg choice="plain"><option>--remove</option></arg>
87
 
          <arg choice="plain"><option>-r</option></arg>
88
 
        </group>
89
 
        <sbr/>
90
 
        <group>
91
 
          <arg choice="plain"><option>--checker
92
 
          <replaceable>COMMAND</replaceable></option></arg>
93
 
          <arg choice="plain"><option>-c
94
 
          <replaceable>COMMAND</replaceable></option></arg>
95
 
        </group>
96
 
        <sbr/>
97
 
        <group>
98
 
          <arg choice="plain"><option>--timeout
99
 
          <replaceable>TIME</replaceable></option></arg>
100
 
          <arg choice="plain"><option>-t
101
 
          <replaceable>TIME</replaceable></option></arg>
102
 
        </group>
103
 
        <sbr/>
104
 
        <group>
105
 
          <arg choice="plain"><option>--extended-timeout
106
 
          <replaceable>TIME</replaceable></option></arg>
107
 
        </group>
108
 
        <sbr/>
109
 
        <group>
110
 
          <arg choice="plain"><option>--interval
111
 
          <replaceable>TIME</replaceable></option></arg>
112
 
          <arg choice="plain"><option>-i
113
 
          <replaceable>TIME</replaceable></option></arg>
114
 
        </group>
115
 
        <sbr/>
116
 
        <group>
117
 
          <arg choice="plain"><option>--approve-by-default</option
118
 
          ></arg>
119
 
          <sbr/>
120
 
          <arg choice="plain"><option>--deny-by-default</option></arg>
121
 
        </group>
122
 
        <sbr/>
123
 
        <group>
124
 
          <arg choice="plain"><option>--approval-delay
125
 
          <replaceable>TIME</replaceable></option></arg>
126
 
        </group>
127
 
        <sbr/>
128
 
        <group>
129
 
          <arg choice="plain"><option>--approval-duration
130
 
          <replaceable>TIME</replaceable></option></arg>
131
 
        </group>
132
 
        <sbr/>
133
 
        <group>
134
 
          <arg choice="plain"><option>--interval
135
 
          <replaceable>TIME</replaceable></option></arg>
136
 
          <arg choice="plain"><option>-i
137
 
          <replaceable>TIME</replaceable></option></arg>
138
 
        </group>
139
 
        <sbr/>
140
 
        <group>
141
 
          <arg choice="plain"><option>--host
142
 
          <replaceable>STRING</replaceable></option></arg>
143
 
          <arg choice="plain"><option>-H
144
 
          <replaceable>STRING</replaceable></option></arg>
145
 
        </group>
146
 
        <sbr/>
147
 
        <group>
148
 
          <arg choice="plain"><option>--secret
149
 
          <replaceable>FILENAME</replaceable></option></arg>
150
 
          <arg choice="plain"><option>-s
151
 
          <replaceable>FILENAME</replaceable></option></arg>
152
 
        </group>
153
 
        <sbr/>
154
 
        <group>
155
 
          <arg choice="plain"><option>--approve</option></arg>
156
 
          <arg choice="plain"><option>-A</option></arg>
157
 
          <sbr/>
158
 
          <arg choice="plain"><option>--deny</option></arg>
159
 
          <arg choice="plain"><option>-D</option></arg>
160
 
        </group>
161
 
      </group>
162
 
      <sbr/>
163
 
      <group choice="req">
164
 
        <arg choice="plain"><option>--all</option></arg>
165
 
        <arg choice="plain"><option>-a</option></arg>
166
 
        <arg rep='repeat' choice='plain'>
167
 
          <replaceable>CLIENT</replaceable>
168
 
        </arg>
169
 
      </group>
170
 
    </cmdsynopsis>
171
 
    <cmdsynopsis>
172
 
      <command>&COMMANDNAME;</command>
173
 
      <group>
174
 
          <arg choice="plain"><option>--verbose</option></arg>
175
 
          <arg choice="plain"><option>-v</option></arg>
176
 
          <sbr/>
177
 
          <arg choice="plain"><option>--dump-json</option></arg>
178
 
          <arg choice="plain"><option>-j</option></arg>
179
 
      </group>
180
 
      <group>
181
 
        <arg rep='repeat' choice='plain'>
182
 
          <replaceable>CLIENT</replaceable>
183
 
        </arg>
184
 
      </group>
185
 
    </cmdsynopsis>
186
 
    <cmdsynopsis>
187
 
      <command>&COMMANDNAME;</command>
188
 
      <group choice="req">
189
 
        <arg choice="plain"><option>--is-enabled</option></arg>
190
 
        <arg choice="plain"><option>-V</option></arg>
191
 
      </group>
192
 
      <arg choice='plain'><replaceable>CLIENT</replaceable></arg>
193
 
    </cmdsynopsis>
194
 
    <cmdsynopsis>
195
 
      <command>&COMMANDNAME;</command>
196
 
      <group choice="req">
197
 
        <arg choice="plain"><option>--help</option></arg>
198
 
        <arg choice="plain"><option>-h</option></arg>
199
 
      </group>
200
 
    </cmdsynopsis>
201
 
    <cmdsynopsis>
202
 
      <command>&COMMANDNAME;</command>
203
 
      <group choice="req">
204
 
        <arg choice="plain"><option>--version</option></arg>
205
 
        <arg choice="plain"><option>-v</option></arg>
206
 
      </group>
207
 
    </cmdsynopsis>
208
 
    <cmdsynopsis>
209
 
      <command>&COMMANDNAME;</command>
210
 
      <arg choice="plain"><option>--check</option></arg>
211
 
    </cmdsynopsis>
212
 
  </refsynopsisdiv>
213
 
  
214
 
  <refsect1 id="description">
215
 
    <title>DESCRIPTION</title>
216
 
    <para>
217
 
      <command>&COMMANDNAME;</command> is a program to control or
218
 
      query the operation of the Mandos server
219
 
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
220
 
      >8</manvolnum></citerefentry>.
221
 
    </para>
222
 
    <para>
223
 
      This program can be used to change client settings, approve or
224
 
      deny client requests, and to remove clients from the server.
225
 
    </para>
226
 
  </refsect1>
227
 
  
228
 
  <refsect1 id="purpose">
229
 
    <title>PURPOSE</title>
230
 
    <para>
231
 
      The purpose of this is to enable <emphasis>remote and unattended
232
 
      rebooting</emphasis> of client host computer with an
233
 
      <emphasis>encrypted root file system</emphasis>.  See <xref
234
 
      linkend="overview"/> for details.
235
 
    </para>
236
 
  </refsect1>
237
 
  
238
 
  <refsect1 id="options">
239
 
    <title>OPTIONS</title>
240
 
    
241
 
    <variablelist>
242
 
      <varlistentry>
243
 
        <term><option>--help</option></term>
244
 
        <term><option>-h</option></term>
245
 
        <listitem>
246
 
          <para>
247
 
            Show a help message and exit
248
 
          </para>
249
 
        </listitem>
250
 
      </varlistentry>
251
 
      
252
 
      <varlistentry>
253
 
        <term><option>--enable</option></term>
254
 
        <term><option>-e</option></term>
255
 
        <listitem>
256
 
          <para>
257
 
            Enable client(s).  An enabled client will be eligble to
258
 
            receive its secret.
259
 
          </para>
260
 
        </listitem>
261
 
      </varlistentry>
262
 
      
263
 
      <varlistentry>
264
 
        <term><option>--disable</option></term>
265
 
        <term><option>-d</option></term>
266
 
        <listitem>
267
 
          <para>
268
 
            Disable client(s).  A disabled client will not be eligble
269
 
            to receive its secret, and no checkers will be started for
270
 
            it.
271
 
          </para>
272
 
        </listitem>
273
 
      </varlistentry>
274
 
      
275
 
      <varlistentry>
276
 
        <term><option>--bump-timeout</option></term>
277
 
        <listitem>
278
 
          <para>
279
 
            Bump the timeout of the specified client(s), just as if a
280
 
            checker had completed successfully for it/them.
281
 
          </para>
282
 
        </listitem>
283
 
      </varlistentry>
284
 
      
285
 
      <varlistentry>
286
 
        <term><option>--start-checker</option></term>
287
 
        <listitem>
288
 
          <para>
289
 
            Start a new checker now for the specified client(s).
290
 
          </para>
291
 
        </listitem>
292
 
      </varlistentry>
293
 
      
294
 
      <varlistentry>
295
 
        <term><option>--stop-checker</option></term>
296
 
        <listitem>
297
 
          <para>
298
 
            Stop any running checker for the specified client(s).
299
 
          </para>
300
 
        </listitem>
301
 
      </varlistentry>
302
 
      
303
 
      <varlistentry>
304
 
        <term><option>--remove</option></term>
305
 
        <term><option>-r</option></term>
306
 
        <listitem>
307
 
          <para>
308
 
            Remove the specified client(s) from the server.
309
 
          </para>
310
 
        </listitem>
311
 
      </varlistentry>
312
 
      
313
 
      <varlistentry>
314
 
        <term><option>--checker
315
 
        <replaceable>COMMAND</replaceable></option></term>
316
 
        <term><option>-c
317
 
        <replaceable>COMMAND</replaceable></option></term>
318
 
        <listitem>
319
 
          <para>
320
 
            Set the <varname>checker</varname> option of the specified
321
 
            client(s); see <citerefentry><refentrytitle
322
 
            >mandos-clients.conf</refentrytitle><manvolnum
323
 
            >5</manvolnum></citerefentry>.
324
 
          </para>
325
 
        </listitem>
326
 
      </varlistentry>
327
 
      
328
 
      <varlistentry>
329
 
        <term><option>--timeout
330
 
        <replaceable>TIME</replaceable></option></term>
331
 
        <term><option>-t
332
 
        <replaceable>TIME</replaceable></option></term>
333
 
        <listitem>
334
 
          <para>
335
 
            Set the <varname>timeout</varname> option of the specified
336
 
            client(s); see <citerefentry><refentrytitle
337
 
            >mandos-clients.conf</refentrytitle><manvolnum
338
 
            >5</manvolnum></citerefentry>.
339
 
          </para>
340
 
        </listitem>
341
 
      </varlistentry>
342
 
 
343
 
      <varlistentry>
344
 
        <term><option>--extended-timeout
345
 
        <replaceable>TIME</replaceable></option></term>
346
 
        <listitem>
347
 
          <para>
348
 
            Set the <varname>extended_timeout</varname> option of the
349
 
            specified client(s); see <citerefentry><refentrytitle
350
 
            >mandos-clients.conf</refentrytitle><manvolnum
351
 
            >5</manvolnum></citerefentry>.
352
 
          </para>
353
 
        </listitem>
354
 
      </varlistentry>
355
 
      
356
 
      <varlistentry>
357
 
        <term><option>--interval
358
 
        <replaceable>TIME</replaceable></option></term>
359
 
        <term><option>-i
360
 
        <replaceable>TIME</replaceable></option></term>
361
 
        <listitem>
362
 
          <para>
363
 
            Set the <varname>interval</varname> option of the
364
 
            specified client(s); see <citerefentry><refentrytitle
365
 
            >mandos-clients.conf</refentrytitle><manvolnum
366
 
            >5</manvolnum></citerefentry>.
367
 
          </para>
368
 
        </listitem>
369
 
      </varlistentry>
370
 
      
371
 
      <varlistentry>
372
 
        <term><option>--approve-by-default</option></term>
373
 
        <term><option>--deny-by-default</option></term>
374
 
        <listitem>
375
 
          <para>
376
 
            Set the <varname>approved_by_default</varname> option of
377
 
            the specified client(s) to <literal>True</literal> or
378
 
            <literal>False</literal>, respectively; see
379
 
            <citerefentry><refentrytitle
380
 
            >mandos-clients.conf</refentrytitle><manvolnum
381
 
            >5</manvolnum></citerefentry>.
382
 
          </para>
383
 
        </listitem>
384
 
      </varlistentry>
385
 
      
386
 
      <varlistentry>
387
 
        <term><option>--approval-delay
388
 
        <replaceable>TIME</replaceable></option></term>
389
 
        <listitem>
390
 
          <para>
391
 
            Set the <varname>approval_delay</varname> option of the
392
 
            specified client(s); see <citerefentry><refentrytitle
393
 
            >mandos-clients.conf</refentrytitle><manvolnum
394
 
            >5</manvolnum></citerefentry>.
395
 
          </para>
396
 
        </listitem>
397
 
      </varlistentry>
398
 
      
399
 
      <varlistentry>
400
 
        <term><option>--approval-duration
401
 
        <replaceable>TIME</replaceable></option></term>
402
 
        <listitem>
403
 
          <para>
404
 
            Set the <varname>approval_duration</varname> option of the
405
 
            specified client(s); see <citerefentry><refentrytitle
406
 
            >mandos-clients.conf</refentrytitle><manvolnum
407
 
            >5</manvolnum></citerefentry>.
408
 
          </para>
409
 
        </listitem>
410
 
      </varlistentry>
411
 
      
412
 
      <varlistentry>
413
 
        <term><option>--host
414
 
        <replaceable>STRING</replaceable></option></term>
415
 
        <term><option>-H
416
 
        <replaceable>STRING</replaceable></option></term>
417
 
        <listitem>
418
 
          <para>
419
 
            Set the <varname>host</varname> option of the specified
420
 
            client(s); see <citerefentry><refentrytitle
421
 
            >mandos-clients.conf</refentrytitle><manvolnum
422
 
            >5</manvolnum></citerefentry>.
423
 
          </para>
424
 
        </listitem>
425
 
      </varlistentry>
426
 
      
427
 
      <varlistentry>
428
 
        <term><option>--secret
429
 
        <replaceable>FILENAME</replaceable></option></term>
430
 
        <term><option>-s
431
 
        <replaceable>FILENAME</replaceable></option></term>
432
 
        <listitem>
433
 
          <para>
434
 
            Set the <varname>secfile</varname> option of the specified
435
 
            client(s); see <citerefentry><refentrytitle
436
 
            >mandos-clients.conf</refentrytitle><manvolnum
437
 
            >5</manvolnum></citerefentry>.
438
 
          </para>
439
 
        </listitem>
440
 
      </varlistentry>
441
 
      
442
 
      <varlistentry>
443
 
        <term><option>--approve</option></term>
444
 
        <term><option>-A</option></term>
445
 
        <listitem>
446
 
          <para>
447
 
            Approve client(s) if currently waiting for approval.
448
 
          </para>
449
 
        </listitem>
450
 
      </varlistentry>
451
 
      
452
 
      <varlistentry>
453
 
        <term><option>--deny</option></term>
454
 
        <term><option>-D</option></term>
455
 
        <listitem>
456
 
          <para>
457
 
            Deny client(s) if currently waiting for approval.
458
 
          </para>
459
 
        </listitem>
460
 
      </varlistentry>
461
 
      
462
 
      <varlistentry>
463
 
        <term><option>--all</option></term>
464
 
        <term><option>-a</option></term>
465
 
        <listitem>
466
 
          <para>
467
 
            Make the client-modifying options modify <emphasis
468
 
            >all</emphasis> clients.
469
 
          </para>
470
 
        </listitem>
471
 
      </varlistentry>
472
 
      
473
 
      <varlistentry>
474
 
        <term><option>--verbose</option></term>
475
 
        <term><option>-v</option></term>
476
 
        <listitem>
477
 
          <para>
478
 
            Show all client settings, not just a subset.
479
 
          </para>
480
 
        </listitem>
481
 
      </varlistentry>
482
 
      
483
 
      <varlistentry>
484
 
        <term><option>--dump-json</option></term>
485
 
        <term><option>-j</option></term>
486
 
        <listitem>
487
 
          <para>
488
 
            Dump client settings as JSON to standard output.
489
 
          </para>
490
 
        </listitem>
491
 
      </varlistentry>
492
 
      
493
 
      <varlistentry>
494
 
        <term><option>--is-enabled</option></term>
495
 
        <term><option>-V</option></term>
496
 
        <listitem>
497
 
          <para>
498
 
            Check if a single client is enabled or not, and exit with
499
 
            a successful exit status only if the client is enabled.
500
 
          </para>
501
 
        </listitem>
502
 
      </varlistentry>
503
 
      
504
 
      <varlistentry>
505
 
        <term><option>--check</option></term>
506
 
        <listitem>
507
 
          <para>
508
 
            Run self-tests.  This includes any unit tests, etc.
509
 
          </para>
510
 
        </listitem>
511
 
      </varlistentry>
512
 
      
513
 
    </variablelist>
514
 
  </refsect1>
515
 
  
516
 
  <refsect1 id="overview">
517
 
    <title>OVERVIEW</title>
518
 
    <xi:include href="overview.xml"/>
519
 
    <para>
520
 
      This program is a small utility to generate new OpenPGP keys for
521
 
      new Mandos clients, and to generate sections for inclusion in
522
 
      <filename>clients.conf</filename> on the server.
523
 
    </para>
524
 
  </refsect1>
525
 
  
526
 
  <refsect1 id="exit_status">
527
 
    <title>EXIT STATUS</title>
528
 
    <para>
529
 
      If the <option>--is-enabled</option> option is used, the exit
530
 
      status will be 0 only if the specified client is enabled.
531
 
    </para>
532
 
  </refsect1>
533
 
  
534
 
  <refsect1 id="bugs">
535
 
    <title>BUGS</title>
536
 
    <xi:include href="bugs.xml"/>
537
 
  </refsect1>
538
 
  
539
 
  <refsect1 id="example">
540
 
    <title>EXAMPLE</title>
541
 
    <informalexample>
542
 
      <para>
543
 
        To list all clients:
544
 
      </para>
545
 
      <para>
546
 
        <userinput>&COMMANDNAME;</userinput>
547
 
      </para>
548
 
    </informalexample>
549
 
    
550
 
    <informalexample>
551
 
      <para>
552
 
        To list <emphasis>all</emphasis> settings for the clients
553
 
        named <quote>foo1.example.org</quote> and <quote
554
 
        >foo2.example.org</quote>:
555
 
      </para>
556
 
      <para>
557
 
 
558
 
<!-- do not wrap this line -->
559
 
<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>
560
 
 
561
 
      </para>
562
 
    </informalexample>
563
 
    
564
 
    <informalexample>
565
 
      <para>
566
 
        To enable all clients:
567
 
      </para>
568
 
      <para>
569
 
        <userinput>&COMMANDNAME; --enable --all</userinput>
570
 
      </para>
571
 
    </informalexample>
572
 
    
573
 
    <informalexample>
574
 
      <para>
575
 
        To change timeout and interval value for the clients
576
 
        named <quote>foo1.example.org</quote> and <quote
577
 
        >foo2.example.org</quote>:
578
 
      </para>
579
 
      <para>
580
 
 
581
 
<!-- do not wrap this line -->
582
 
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
583
 
 
584
 
      </para>
585
 
    </informalexample>
586
 
    
587
 
    <informalexample>
588
 
      <para>
589
 
        To approve all clients currently waiting for it:
590
 
      </para>
591
 
      <para>
592
 
        <userinput>&COMMANDNAME; --approve --all</userinput>
593
 
      </para>
594
 
    </informalexample>
595
 
  </refsect1>
596
 
  
597
 
  <refsect1 id="security">
598
 
    <title>SECURITY</title>
599
 
    <para>
600
 
      This program must be permitted to access the Mandos server via
601
 
      the D-Bus interface.  This normally requires the root user, but
602
 
      could be configured otherwise by reconfiguring the D-Bus server.
603
 
    </para>
604
 
  </refsect1>
605
 
  
606
 
  <refsect1 id="see_also">
607
 
    <title>SEE ALSO</title>
608
 
    <para>
609
 
      <citerefentry><refentrytitle>intro</refentrytitle>
610
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
611
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
612
 
      <manvolnum>8</manvolnum></citerefentry>,
613
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
614
 
      <manvolnum>5</manvolnum></citerefentry>,
615
 
      <citerefentry><refentrytitle>mandos-monitor</refentrytitle>
616
 
      <manvolnum>8</manvolnum></citerefentry>
617
 
    </para>
618
 
  </refsect1>
619
 
  
620
 
</refentry>
621
 
<!-- Local Variables: -->
622
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
623
 
<!-- time-stamp-end: "[\"']>" -->
624
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
625
 
<!-- End: -->