/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-22 02:19:30 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 317.
  • Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml
mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
 (password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2016-03-05">
 
5
<!ENTITY TIMESTAMP "2014-06-15">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
37
37
      <year>2011</year>
38
38
      <year>2012</year>
39
39
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
40
      <holder>Teddy Hogeborn</holder>
44
41
      <holder>Björn Påhlsson</holder>
45
42
    </copyright>
239
236
        <term><option>--priority <replaceable>
240
237
        PRIORITY</replaceable></option></term>
241
238
        <listitem>
242
 
          <xi:include href="mandos-options.xml" xpointer="priority"/>
 
239
          <xi:include href="mandos-options.xml"
 
240
                      xpointer="priority_compat"/>
243
241
        </listitem>
244
242
      </varlistentry>
245
243
      
542
540
        </listitem>
543
541
      </varlistentry>
544
542
      <varlistentry>
 
543
        <term><filename class="devicefile">/dev/log</filename></term>
 
544
      </varlistentry>
 
545
      <varlistentry>
545
546
        <term><filename
546
547
        class="directory">/var/lib/mandos</filename></term>
547
548
        <listitem>
553
554
        </listitem>
554
555
      </varlistentry>
555
556
      <varlistentry>
556
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
557
        <term><filename>/dev/log</filename></term>
557
558
        <listitem>
558
559
          <para>
559
560
            The Unix domain socket to where local syslog messages are
588
589
      This server does not check the expire time of clients’ OpenPGP
589
590
      keys.
590
591
    </para>
591
 
    <xi:include href="bugs.xml"/>
592
592
  </refsect1>
593
593
  
594
594
  <refsect1 id="example">
707
707
      </varlistentry>
708
708
      <varlistentry>
709
709
        <term>
710
 
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
 
710
          <ulink url="http://www.gnu.org/software/gnutls/"
 
711
          >GnuTLS</ulink>
711
712
        </term>
712
713
      <listitem>
713
714
        <para>
751
752
      </varlistentry>
752
753
      <varlistentry>
753
754
        <term>
754
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
755
 
          Protocol Version 1.2</citetitle>
 
755
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
756
          Protocol Version 1.1</citetitle>
756
757
        </term>
757
758
      <listitem>
758
759
        <para>
759
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
760
          TLS 1.1 is the protocol implemented by GnuTLS.
760
761
        </para>
761
762
      </listitem>
762
763
      </varlistentry>
772
773
      </varlistentry>
773
774
      <varlistentry>
774
775
        <term>
775
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
776
 
          Security (TLS) Authentication</citetitle>
 
776
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
777
          Security</citetitle>
777
778
        </term>
778
779
      <listitem>
779
780
        <para>