/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/splashy.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-22 02:19:30 UTC
  • mto: (237.7.272 trunk)
  • mto: This revision was merged to the branch mainline in revision 317.
  • Revision ID: teddy@recompile.se-20140622021930-icl7h4cm97blhjml
mandos-keygen: Generate "checker" option to use SSH fingerprints.

To turn this off, use a new "--no-ssh" option to mandos-keygen.

* INSTALL (Mandos Server, Mandos Client): Document new suggested
                                          installation of SSH.
* Makefile (confdir/clients.conf): Use new "--no-ssh" option to
                                   "mandos-keygen".
* debian/control (mandos/Depends): Changed to "fping | ssh-client".
  (mandos-client/Recommends): New; set to "ssh".
* intro.xml (FREQUENTLY ASKED QUESTIONS): Rename and rewrite section
                                          called "Faking ping
                                          replies?" to address new
                                          default behavior.
* mandos-clients.conf.xml (OPTIONS/checker): Briefly discuss new
                                             behavior of
                                             mandos-keygen.
* mandos-keygen: Bug fix: Suppress failure output of "shred" to remove
                 "sec*", since no such files may exist.
 (password mode): Scan for SSH key fingerprints and output as new
                  "checker" and "ssh_fingerprint" options, unless new
                  "--no-ssh" option is given.
* mandos-keygen.xml (SYNOPSIS/--force): Bug fix: Document short form.
  (OPTIONS/--no-ssh): New.
  (SEE ALSO): Add reference "ssh-keyscan(1)".
* plugins.d/mandos-client.xml (SECURITY): Briefly mention the
                                          possibility of using SSH key
                                          fingerprints for checking.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "splashy">
5
 
<!ENTITY TIMESTAMP "2019-02-10">
 
5
<!ENTITY TIMESTAMP "2012-01-01">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
33
33
    <copyright>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
36
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
 
      <year>2019</year>
46
37
      <holder>Teddy Hogeborn</holder>
47
38
      <holder>Björn Påhlsson</holder>
48
39
    </copyright>
135
126
        <para>
136
127
          These variables will normally be inherited from
137
128
          <citerefentry><refentrytitle>plugin-runner</refentrytitle>
138
 
          <manvolnum>8mandos</manvolnum></citerefentry>, which might
139
 
          have in turn inherited them from its calling process.
 
129
          <manvolnum>8mandos</manvolnum></citerefentry>, which will
 
130
          normally have inherited them from
 
131
          <filename>/scripts/local-top/cryptroot</filename> in the
 
132
          initial <acronym>RAM</acronym> disk environment, which will
 
133
          have set them from parsing kernel arguments and
 
134
          <filename>/conf/conf.d/cryptroot</filename> (also in the
 
135
          initial RAM disk environment), which in turn will have been
 
136
          created when the initial RAM disk image was created by
 
137
          <filename
 
138
          >/usr/share/initramfs-tools/hooks/cryptroot</filename>, by
 
139
          extracting the information of the root file system from
 
140
          <filename >/etc/crypttab</filename>.
140
141
        </para>
141
142
        <para>
142
143
          This behavior is meant to exactly mirror the behavior of
202
203
      is ugly, but necessary as long as it does not support aborting a
203
204
      password request.
204
205
    </para>
205
 
    <xi:include href="../bugs.xml"/>
206
206
  </refsect1>
207
207
  
208
208
  <refsect1 id="example">
266
266
    <para>
267
267
      <citerefentry><refentrytitle>intro</refentrytitle>
268
268
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
269
      <citerefentry><refentrytitle>crypttab</refentrytitle>
 
270
      <manvolnum>5</manvolnum></citerefentry>,
269
271
      <citerefentry><refentrytitle>plugin-runner</refentrytitle>
270
272
      <manvolnum>8mandos</manvolnum></citerefentry>,
271
273
      <citerefentry><refentrytitle>proc</refentrytitle>