/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version="1.0" encoding="UTF-8"?>
2
 
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
 
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2018-02-08">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
 
]>
9
 
 
10
 
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
 
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
13
 
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
17
 
    <authorgroup>
18
 
      <author>
19
 
        <firstname>Björn</firstname>
20
 
        <surname>Påhlsson</surname>
21
 
        <address>
22
 
          <email>belorn@recompile.se</email>
23
 
        </address>
24
 
      </author>
25
 
      <author>
26
 
        <firstname>Teddy</firstname>
27
 
        <surname>Hogeborn</surname>
28
 
        <address>
29
 
          <email>teddy@recompile.se</email>
30
 
        </address>
31
 
      </author>
32
 
    </authorgroup>
33
 
    <copyright>
34
 
      <year>2010</year>
35
 
      <year>2011</year>
36
 
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
 
      <year>2016</year>
41
 
      <year>2017</year>
42
 
      <year>2018</year>
43
 
      <holder>Teddy Hogeborn</holder>
44
 
      <holder>Björn Påhlsson</holder>
45
 
    </copyright>
46
 
    <xi:include href="legalnotice.xml"/>
47
 
  </refentryinfo>
48
 
  
49
 
  <refmeta>
50
 
    <refentrytitle>&COMMANDNAME;</refentrytitle>
51
 
    <manvolnum>8</manvolnum>
52
 
  </refmeta>
53
 
  
54
 
  <refnamediv>
55
 
    <refname><command>&COMMANDNAME;</command></refname>
56
 
    <refpurpose>
57
 
      Control or query the operation of the Mandos server
58
 
    </refpurpose>
59
 
  </refnamediv>
60
 
  
61
 
  <refsynopsisdiv>
62
 
    <cmdsynopsis>
63
 
      <command>&COMMANDNAME;</command>
64
 
      <group choice="req">
65
 
        <group>
66
 
          <arg choice="plain"><option>--enable</option></arg>
67
 
          <arg choice="plain"><option>-e</option></arg>
68
 
          <sbr/>
69
 
          <arg choice="plain"><option>--disable</option></arg>
70
 
          <arg choice="plain"><option>-d</option></arg>
71
 
        </group>
72
 
        <sbr/>
73
 
        <group>
74
 
          <arg choice="plain"><option>--bump-timeout</option></arg>
75
 
          <arg choice="plain"><option>-b</option></arg>
76
 
        </group>
77
 
        <sbr/>
78
 
        <group>
79
 
          <arg choice="plain"><option>--start-checker</option></arg>
80
 
        </group>
81
 
        <sbr/>
82
 
        <group>
83
 
          <arg choice="plain"><option>--stop-checker</option></arg>
84
 
        </group>
85
 
        <sbr/>
86
 
        <group>
87
 
          <arg choice="plain"><option>--remove</option></arg>
88
 
          <arg choice="plain"><option>-r</option></arg>
89
 
        </group>
90
 
        <sbr/>
91
 
        <group>
92
 
          <arg choice="plain"><option>--checker
93
 
          <replaceable>COMMAND</replaceable></option></arg>
94
 
          <arg choice="plain"><option>-c
95
 
          <replaceable>COMMAND</replaceable></option></arg>
96
 
        </group>
97
 
        <sbr/>
98
 
        <group>
99
 
          <arg choice="plain"><option>--timeout
100
 
          <replaceable>TIME</replaceable></option></arg>
101
 
          <arg choice="plain"><option>-t
102
 
          <replaceable>TIME</replaceable></option></arg>
103
 
        </group>
104
 
        <sbr/>
105
 
        <group>
106
 
          <arg choice="plain"><option>--extended-timeout
107
 
          <replaceable>TIME</replaceable></option></arg>
108
 
        </group>
109
 
        <sbr/>
110
 
        <group>
111
 
          <arg choice="plain"><option>--interval
112
 
          <replaceable>TIME</replaceable></option></arg>
113
 
          <arg choice="plain"><option>-i
114
 
          <replaceable>TIME</replaceable></option></arg>
115
 
        </group>
116
 
        <sbr/>
117
 
        <group>
118
 
          <arg choice="plain"><option>--approve-by-default</option
119
 
          ></arg>
120
 
          <sbr/>
121
 
          <arg choice="plain"><option>--deny-by-default</option></arg>
122
 
        </group>
123
 
        <sbr/>
124
 
        <group>
125
 
          <arg choice="plain"><option>--approval-delay
126
 
          <replaceable>TIME</replaceable></option></arg>
127
 
        </group>
128
 
        <sbr/>
129
 
        <group>
130
 
          <arg choice="plain"><option>--approval-duration
131
 
          <replaceable>TIME</replaceable></option></arg>
132
 
        </group>
133
 
        <sbr/>
134
 
        <group>
135
 
          <arg choice="plain"><option>--interval
136
 
          <replaceable>TIME</replaceable></option></arg>
137
 
          <arg choice="plain"><option>-i
138
 
          <replaceable>TIME</replaceable></option></arg>
139
 
        </group>
140
 
        <sbr/>
141
 
        <group>
142
 
          <arg choice="plain"><option>--host
143
 
          <replaceable>STRING</replaceable></option></arg>
144
 
          <arg choice="plain"><option>-H
145
 
          <replaceable>STRING</replaceable></option></arg>
146
 
        </group>
147
 
        <sbr/>
148
 
        <group>
149
 
          <arg choice="plain"><option>--secret
150
 
          <replaceable>FILENAME</replaceable></option></arg>
151
 
          <arg choice="plain"><option>-s
152
 
          <replaceable>FILENAME</replaceable></option></arg>
153
 
        </group>
154
 
        <sbr/>
155
 
        <group>
156
 
          <arg choice="plain"><option>--approve</option></arg>
157
 
          <arg choice="plain"><option>-A</option></arg>
158
 
          <sbr/>
159
 
          <arg choice="plain"><option>--deny</option></arg>
160
 
          <arg choice="plain"><option>-D</option></arg>
161
 
        </group>
162
 
      </group>
163
 
      <sbr/>
164
 
      <group choice="req">
165
 
        <arg choice="plain"><option>--all</option></arg>
166
 
        <arg choice="plain"><option>-a</option></arg>
167
 
        <arg rep='repeat' choice='plain'>
168
 
          <replaceable>CLIENT</replaceable>
169
 
        </arg>
170
 
      </group>
171
 
    </cmdsynopsis>
172
 
    <cmdsynopsis>
173
 
      <command>&COMMANDNAME;</command>
174
 
      <group>
175
 
          <arg choice="plain"><option>--verbose</option></arg>
176
 
          <arg choice="plain"><option>-v</option></arg>
177
 
          <sbr/>
178
 
          <arg choice="plain"><option>--dump-json</option></arg>
179
 
          <arg choice="plain"><option>-j</option></arg>
180
 
      </group>
181
 
      <group>
182
 
        <arg rep='repeat' choice='plain'>
183
 
          <replaceable>CLIENT</replaceable>
184
 
        </arg>
185
 
      </group>
186
 
    </cmdsynopsis>
187
 
    <cmdsynopsis>
188
 
      <command>&COMMANDNAME;</command>
189
 
      <group choice="req">
190
 
        <arg choice="plain"><option>--is-enabled</option></arg>
191
 
        <arg choice="plain"><option>-V</option></arg>
192
 
      </group>
193
 
      <arg choice='plain'><replaceable>CLIENT</replaceable></arg>
194
 
    </cmdsynopsis>
195
 
    <cmdsynopsis>
196
 
      <command>&COMMANDNAME;</command>
197
 
      <group choice="req">
198
 
        <arg choice="plain"><option>--help</option></arg>
199
 
        <arg choice="plain"><option>-h</option></arg>
200
 
      </group>
201
 
    </cmdsynopsis>
202
 
    <cmdsynopsis>
203
 
      <command>&COMMANDNAME;</command>
204
 
      <group choice="req">
205
 
        <arg choice="plain"><option>--version</option></arg>
206
 
        <arg choice="plain"><option>-v</option></arg>
207
 
      </group>
208
 
    </cmdsynopsis>
209
 
    <cmdsynopsis>
210
 
      <command>&COMMANDNAME;</command>
211
 
      <arg choice="plain"><option>--check</option></arg>
212
 
    </cmdsynopsis>
213
 
  </refsynopsisdiv>
214
 
  
215
 
  <refsect1 id="description">
216
 
    <title>DESCRIPTION</title>
217
 
    <para>
218
 
      <command>&COMMANDNAME;</command> is a program to control or
219
 
      query the operation of the Mandos server
220
 
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
221
 
      >8</manvolnum></citerefentry>.
222
 
    </para>
223
 
    <para>
224
 
      This program can be used to change client settings, approve or
225
 
      deny client requests, and to remove clients from the server.
226
 
    </para>
227
 
  </refsect1>
228
 
  
229
 
  <refsect1 id="purpose">
230
 
    <title>PURPOSE</title>
231
 
    <para>
232
 
      The purpose of this is to enable <emphasis>remote and unattended
233
 
      rebooting</emphasis> of client host computer with an
234
 
      <emphasis>encrypted root file system</emphasis>.  See <xref
235
 
      linkend="overview"/> for details.
236
 
    </para>
237
 
  </refsect1>
238
 
  
239
 
  <refsect1 id="options">
240
 
    <title>OPTIONS</title>
241
 
    
242
 
    <variablelist>
243
 
      <varlistentry>
244
 
        <term><option>--help</option></term>
245
 
        <term><option>-h</option></term>
246
 
        <listitem>
247
 
          <para>
248
 
            Show a help message and exit
249
 
          </para>
250
 
        </listitem>
251
 
      </varlistentry>
252
 
      
253
 
      <varlistentry>
254
 
        <term><option>--enable</option></term>
255
 
        <term><option>-e</option></term>
256
 
        <listitem>
257
 
          <para>
258
 
            Enable client(s).  An enabled client will be eligble to
259
 
            receive its secret.
260
 
          </para>
261
 
        </listitem>
262
 
      </varlistentry>
263
 
      
264
 
      <varlistentry>
265
 
        <term><option>--disable</option></term>
266
 
        <term><option>-d</option></term>
267
 
        <listitem>
268
 
          <para>
269
 
            Disable client(s).  A disabled client will not be eligble
270
 
            to receive its secret, and no checkers will be started for
271
 
            it.
272
 
          </para>
273
 
        </listitem>
274
 
      </varlistentry>
275
 
      
276
 
      <varlistentry>
277
 
        <term><option>--bump-timeout</option></term>
278
 
        <listitem>
279
 
          <para>
280
 
            Bump the timeout of the specified client(s), just as if a
281
 
            checker had completed successfully for it/them.
282
 
          </para>
283
 
        </listitem>
284
 
      </varlistentry>
285
 
      
286
 
      <varlistentry>
287
 
        <term><option>--start-checker</option></term>
288
 
        <listitem>
289
 
          <para>
290
 
            Start a new checker now for the specified client(s).
291
 
          </para>
292
 
        </listitem>
293
 
      </varlistentry>
294
 
      
295
 
      <varlistentry>
296
 
        <term><option>--stop-checker</option></term>
297
 
        <listitem>
298
 
          <para>
299
 
            Stop any running checker for the specified client(s).
300
 
          </para>
301
 
        </listitem>
302
 
      </varlistentry>
303
 
      
304
 
      <varlistentry>
305
 
        <term><option>--remove</option></term>
306
 
        <term><option>-r</option></term>
307
 
        <listitem>
308
 
          <para>
309
 
            Remove the specified client(s) from the server.
310
 
          </para>
311
 
        </listitem>
312
 
      </varlistentry>
313
 
      
314
 
      <varlistentry>
315
 
        <term><option>--checker
316
 
        <replaceable>COMMAND</replaceable></option></term>
317
 
        <term><option>-c
318
 
        <replaceable>COMMAND</replaceable></option></term>
319
 
        <listitem>
320
 
          <para>
321
 
            Set the <varname>checker</varname> option of the specified
322
 
            client(s); see <citerefentry><refentrytitle
323
 
            >mandos-clients.conf</refentrytitle><manvolnum
324
 
            >5</manvolnum></citerefentry>.
325
 
          </para>
326
 
        </listitem>
327
 
      </varlistentry>
328
 
      
329
 
      <varlistentry>
330
 
        <term><option>--timeout
331
 
        <replaceable>TIME</replaceable></option></term>
332
 
        <term><option>-t
333
 
        <replaceable>TIME</replaceable></option></term>
334
 
        <listitem>
335
 
          <para>
336
 
            Set the <varname>timeout</varname> option of the specified
337
 
            client(s); see <citerefentry><refentrytitle
338
 
            >mandos-clients.conf</refentrytitle><manvolnum
339
 
            >5</manvolnum></citerefentry>.
340
 
          </para>
341
 
        </listitem>
342
 
      </varlistentry>
343
 
 
344
 
      <varlistentry>
345
 
        <term><option>--extended-timeout
346
 
        <replaceable>TIME</replaceable></option></term>
347
 
        <listitem>
348
 
          <para>
349
 
            Set the <varname>extended_timeout</varname> option of the
350
 
            specified client(s); see <citerefentry><refentrytitle
351
 
            >mandos-clients.conf</refentrytitle><manvolnum
352
 
            >5</manvolnum></citerefentry>.
353
 
          </para>
354
 
        </listitem>
355
 
      </varlistentry>
356
 
      
357
 
      <varlistentry>
358
 
        <term><option>--interval
359
 
        <replaceable>TIME</replaceable></option></term>
360
 
        <term><option>-i
361
 
        <replaceable>TIME</replaceable></option></term>
362
 
        <listitem>
363
 
          <para>
364
 
            Set the <varname>interval</varname> option of the
365
 
            specified client(s); see <citerefentry><refentrytitle
366
 
            >mandos-clients.conf</refentrytitle><manvolnum
367
 
            >5</manvolnum></citerefentry>.
368
 
          </para>
369
 
        </listitem>
370
 
      </varlistentry>
371
 
      
372
 
      <varlistentry>
373
 
        <term><option>--approve-by-default</option></term>
374
 
        <term><option>--deny-by-default</option></term>
375
 
        <listitem>
376
 
          <para>
377
 
            Set the <varname>approved_by_default</varname> option of
378
 
            the specified client(s) to <literal>True</literal> or
379
 
            <literal>False</literal>, respectively; see
380
 
            <citerefentry><refentrytitle
381
 
            >mandos-clients.conf</refentrytitle><manvolnum
382
 
            >5</manvolnum></citerefentry>.
383
 
          </para>
384
 
        </listitem>
385
 
      </varlistentry>
386
 
      
387
 
      <varlistentry>
388
 
        <term><option>--approval-delay
389
 
        <replaceable>TIME</replaceable></option></term>
390
 
        <listitem>
391
 
          <para>
392
 
            Set the <varname>approval_delay</varname> option of the
393
 
            specified client(s); see <citerefentry><refentrytitle
394
 
            >mandos-clients.conf</refentrytitle><manvolnum
395
 
            >5</manvolnum></citerefentry>.
396
 
          </para>
397
 
        </listitem>
398
 
      </varlistentry>
399
 
      
400
 
      <varlistentry>
401
 
        <term><option>--approval-duration
402
 
        <replaceable>TIME</replaceable></option></term>
403
 
        <listitem>
404
 
          <para>
405
 
            Set the <varname>approval_duration</varname> option of the
406
 
            specified client(s); see <citerefentry><refentrytitle
407
 
            >mandos-clients.conf</refentrytitle><manvolnum
408
 
            >5</manvolnum></citerefentry>.
409
 
          </para>
410
 
        </listitem>
411
 
      </varlistentry>
412
 
      
413
 
      <varlistentry>
414
 
        <term><option>--host
415
 
        <replaceable>STRING</replaceable></option></term>
416
 
        <term><option>-H
417
 
        <replaceable>STRING</replaceable></option></term>
418
 
        <listitem>
419
 
          <para>
420
 
            Set the <varname>host</varname> option of the specified
421
 
            client(s); see <citerefentry><refentrytitle
422
 
            >mandos-clients.conf</refentrytitle><manvolnum
423
 
            >5</manvolnum></citerefentry>.
424
 
          </para>
425
 
        </listitem>
426
 
      </varlistentry>
427
 
      
428
 
      <varlistentry>
429
 
        <term><option>--secret
430
 
        <replaceable>FILENAME</replaceable></option></term>
431
 
        <term><option>-s
432
 
        <replaceable>FILENAME</replaceable></option></term>
433
 
        <listitem>
434
 
          <para>
435
 
            Set the <varname>secfile</varname> option of the specified
436
 
            client(s); see <citerefentry><refentrytitle
437
 
            >mandos-clients.conf</refentrytitle><manvolnum
438
 
            >5</manvolnum></citerefentry>.
439
 
          </para>
440
 
        </listitem>
441
 
      </varlistentry>
442
 
      
443
 
      <varlistentry>
444
 
        <term><option>--approve</option></term>
445
 
        <term><option>-A</option></term>
446
 
        <listitem>
447
 
          <para>
448
 
            Approve client(s) if currently waiting for approval.
449
 
          </para>
450
 
        </listitem>
451
 
      </varlistentry>
452
 
      
453
 
      <varlistentry>
454
 
        <term><option>--deny</option></term>
455
 
        <term><option>-D</option></term>
456
 
        <listitem>
457
 
          <para>
458
 
            Deny client(s) if currently waiting for approval.
459
 
          </para>
460
 
        </listitem>
461
 
      </varlistentry>
462
 
      
463
 
      <varlistentry>
464
 
        <term><option>--all</option></term>
465
 
        <term><option>-a</option></term>
466
 
        <listitem>
467
 
          <para>
468
 
            Make the client-modifying options modify <emphasis
469
 
            >all</emphasis> clients.
470
 
          </para>
471
 
        </listitem>
472
 
      </varlistentry>
473
 
      
474
 
      <varlistentry>
475
 
        <term><option>--verbose</option></term>
476
 
        <term><option>-v</option></term>
477
 
        <listitem>
478
 
          <para>
479
 
            Show all client settings, not just a subset.
480
 
          </para>
481
 
        </listitem>
482
 
      </varlistentry>
483
 
      
484
 
      <varlistentry>
485
 
        <term><option>--dump-json</option></term>
486
 
        <term><option>-j</option></term>
487
 
        <listitem>
488
 
          <para>
489
 
            Dump client settings as JSON to standard output.
490
 
          </para>
491
 
        </listitem>
492
 
      </varlistentry>
493
 
      
494
 
      <varlistentry>
495
 
        <term><option>--is-enabled</option></term>
496
 
        <term><option>-V</option></term>
497
 
        <listitem>
498
 
          <para>
499
 
            Check if a single client is enabled or not, and exit with
500
 
            a successful exit status only if the client is enabled.
501
 
          </para>
502
 
        </listitem>
503
 
      </varlistentry>
504
 
      
505
 
      <varlistentry>
506
 
        <term><option>--check</option></term>
507
 
        <listitem>
508
 
          <para>
509
 
            Run self-tests.  This includes any unit tests, etc.
510
 
          </para>
511
 
        </listitem>
512
 
      </varlistentry>
513
 
      
514
 
    </variablelist>
515
 
  </refsect1>
516
 
  
517
 
  <refsect1 id="overview">
518
 
    <title>OVERVIEW</title>
519
 
    <xi:include href="overview.xml"/>
520
 
    <para>
521
 
      This program is a small utility to generate new OpenPGP keys for
522
 
      new Mandos clients, and to generate sections for inclusion in
523
 
      <filename>clients.conf</filename> on the server.
524
 
    </para>
525
 
  </refsect1>
526
 
  
527
 
  <refsect1 id="exit_status">
528
 
    <title>EXIT STATUS</title>
529
 
    <para>
530
 
      If the <option>--is-enabled</option> option is used, the exit
531
 
      status will be 0 only if the specified client is enabled.
532
 
    </para>
533
 
  </refsect1>
534
 
  
535
 
  <refsect1 id="bugs">
536
 
    <title>BUGS</title>
537
 
    <xi:include href="bugs.xml"/>
538
 
  </refsect1>
539
 
  
540
 
  <refsect1 id="example">
541
 
    <title>EXAMPLE</title>
542
 
    <informalexample>
543
 
      <para>
544
 
        To list all clients:
545
 
      </para>
546
 
      <para>
547
 
        <userinput>&COMMANDNAME;</userinput>
548
 
      </para>
549
 
    </informalexample>
550
 
    
551
 
    <informalexample>
552
 
      <para>
553
 
        To list <emphasis>all</emphasis> settings for the clients
554
 
        named <quote>foo1.example.org</quote> and <quote
555
 
        >foo2.example.org</quote>:
556
 
      </para>
557
 
      <para>
558
 
 
559
 
<!-- do not wrap this line -->
560
 
<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>
561
 
 
562
 
      </para>
563
 
    </informalexample>
564
 
    
565
 
    <informalexample>
566
 
      <para>
567
 
        To enable all clients:
568
 
      </para>
569
 
      <para>
570
 
        <userinput>&COMMANDNAME; --enable --all</userinput>
571
 
      </para>
572
 
    </informalexample>
573
 
    
574
 
    <informalexample>
575
 
      <para>
576
 
        To change timeout and interval value for the clients
577
 
        named <quote>foo1.example.org</quote> and <quote
578
 
        >foo2.example.org</quote>:
579
 
      </para>
580
 
      <para>
581
 
 
582
 
<!-- do not wrap this line -->
583
 
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
584
 
 
585
 
      </para>
586
 
    </informalexample>
587
 
    
588
 
    <informalexample>
589
 
      <para>
590
 
        To approve all clients currently waiting for it:
591
 
      </para>
592
 
      <para>
593
 
        <userinput>&COMMANDNAME; --approve --all</userinput>
594
 
      </para>
595
 
    </informalexample>
596
 
  </refsect1>
597
 
  
598
 
  <refsect1 id="security">
599
 
    <title>SECURITY</title>
600
 
    <para>
601
 
      This program must be permitted to access the Mandos server via
602
 
      the D-Bus interface.  This normally requires the root user, but
603
 
      could be configured otherwise by reconfiguring the D-Bus server.
604
 
    </para>
605
 
  </refsect1>
606
 
  
607
 
  <refsect1 id="see_also">
608
 
    <title>SEE ALSO</title>
609
 
    <para>
610
 
      <citerefentry><refentrytitle>intro</refentrytitle>
611
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
612
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
613
 
      <manvolnum>8</manvolnum></citerefentry>,
614
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
615
 
      <manvolnum>5</manvolnum></citerefentry>,
616
 
      <citerefentry><refentrytitle>mandos-monitor</refentrytitle>
617
 
      <manvolnum>8</manvolnum></citerefentry>
618
 
    </para>
619
 
  </refsect1>
620
 
  
621
 
</refentry>
622
 
<!-- Local Variables: -->
623
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
624
 
<!-- time-stamp-end: "[\"']>" -->
625
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
626
 
<!-- End: -->