/mandos/release : revision 237.7.187

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

Committer: Teddy Hogeborn
Date: 2013-10-27 17:42:23 UTC
mto: (237.7.272 trunk)
mto: This revision was merged to the branch mainline in revision 307.
Revision ID: teddy@recompile.se-20131027174223-mq3a1h8xi5jcv9e6

Bug fix: Make sure systemd service file is installed.

* Makefile (install-server): Fix typo causing syntax error.
* debian/mandos.dirs (lib/systemd/system): New.

files removed:
debian/upstream

debian/upstream/signing-key.asc

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/plymouth.c

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

plugins.d/mandos-client.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2015-07-06">

<!ENTITY TIMESTAMP "2013-10-20">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

221

219

assumed to separate the address from the port number.

222

220

</para>

223

221

<para>

224

Normally, Zeroconf would be used to locate Mandos servers,

225

in which case this option would only be used when testing

226

and debugging.

222

This option is normally only useful for testing and

223

debugging.

227

224

</para>

228

225

</listitem>

229

226

</varlistentry>

262

259

<para>

263

260

<replaceable>NAME</replaceable> can be the string

264

261

<quote><literal>none</literal></quote>; this will make

265

<command>&COMMANDNAME;</command> only bring up interfaces

266

specified <emphasis>before</emphasis> this string. This

267

is not recommended, and only meant for advanced users.

262

<command>&COMMANDNAME;</command> not bring up

263

<emphasis>any</emphasis> interfaces specified

264

<emphasis>after</emphasis> this string. This is not

265

recommended, and only meant for advanced users.

268

266

</para>

269

267

</listitem>

270

268

</varlistentry>

312

310

313

311

<para>

314

312

Sets the number of bits to use for the prime number in the

315

TLS Diffie-Hellman key exchange. The default value is

316

selected automatically based on the OpenPGP key.

313

TLS Diffie-Hellman key exchange. Default is 1024.

317

314

</para>

318

315

</listitem>

319

316

</varlistentry>

446

443

447

444

448

445

<title>ENVIRONMENT</title>

449

450

451

<term><envar>MANDOSPLUGINHELPERDIR</envar></term>

452

453

<para>

454

This environment variable will be assumed to contain the

455

directory containing any helper executables. The use and

456

nature of these helper executables, if any, is

457

purposefully not documented.

458

</para>

459

</listitem>

460

</varlistentry>

461

</variablelist>

462

446

<para>

463

This program does not use any other environment variables, not

464

even the ones provided by <citerefentry><refentrytitle

447

This program does not use any environment variables, not even

448

the ones provided by <citerefentry><refentrytitle

465

449

>cryptsetup</refentrytitle><manvolnum>8</manvolnum>

466

450

</citerefentry>.

467

451

</para>

763

747

<para>

764

748

It will also help if the checker program on the server is

765

749

configured to request something from the client which can not be

766

spoofed by someone else on the network, like SSH server key

767

fingerprints, and unlike unencrypted <acronym>ICMP</acronym>

768

echo (<quote>ping</quote>) replies.

750

spoofed by someone else on the network, unlike unencrypted

751

<acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.

769

752

</para>

770

753

<para>

771

754

<emphasis>Note</emphasis>: This makes it completely insecure to

Older »