/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2015-07-07 15:49:49 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 325.
  • Revision ID: teddy@recompile.se-20150707154949-vbuj4pc6wf3o1vgz
mandos.service: Use Type=dbus (implicitly).

mandos.service ([Service]/Type): Removed.
               ([Service]/BusName): Uncommented; set to
                                    "se.recompile.Mandos".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2013-10-20">
 
5
<!ENTITY TIMESTAMP "2015-07-06">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
37
      <year>2013</year>
 
38
      <year>2014</year>
 
39
      <year>2015</year>
38
40
      <holder>Teddy Hogeborn</holder>
39
41
      <holder>Björn Påhlsson</holder>
40
42
    </copyright>
219
221
            assumed to separate the address from the port number.
220
222
          </para>
221
223
          <para>
222
 
            This option is normally only useful for testing and
223
 
            debugging.
 
224
            Normally, Zeroconf would be used to locate Mandos servers,
 
225
            in which case this option would only be used when testing
 
226
            and debugging.
224
227
          </para>
225
228
        </listitem>
226
229
      </varlistentry>
259
262
          <para>
260
263
            <replaceable>NAME</replaceable> can be the string
261
264
            <quote><literal>none</literal></quote>; this will make
262
 
            <command>&COMMANDNAME;</command> not bring up
263
 
            <emphasis>any</emphasis> interfaces specified
264
 
            <emphasis>after</emphasis> this string.  This is not
265
 
            recommended, and only meant for advanced users.
 
265
            <command>&COMMANDNAME;</command> only bring up interfaces
 
266
            specified <emphasis>before</emphasis> this string.  This
 
267
            is not recommended, and only meant for advanced users.
266
268
          </para>
267
269
        </listitem>
268
270
      </varlistentry>
310
312
        <listitem>
311
313
          <para>
312
314
            Sets the number of bits to use for the prime number in the
313
 
            TLS Diffie-Hellman key exchange.  Default is 1024.
 
315
            TLS Diffie-Hellman key exchange.  The default value is
 
316
            selected automatically based on the OpenPGP key.
314
317
          </para>
315
318
        </listitem>
316
319
      </varlistentry>
443
446
  
444
447
  <refsect1 id="environment">
445
448
    <title>ENVIRONMENT</title>
 
449
    <variablelist>
 
450
      <varlistentry>
 
451
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
 
452
        <listitem>
 
453
          <para>
 
454
            This environment variable will be assumed to contain the
 
455
            directory containing any helper executables.  The use and
 
456
            nature of these helper executables, if any, is
 
457
            purposefully not documented.
 
458
        </para>
 
459
        </listitem>
 
460
      </varlistentry>
 
461
    </variablelist>
446
462
    <para>
447
 
      This program does not use any environment variables, not even
448
 
      the ones provided by <citerefentry><refentrytitle
 
463
      This program does not use any other environment variables, not
 
464
      even the ones provided by <citerefentry><refentrytitle
449
465
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
450
466
    </citerefentry>.
451
467
    </para>
747
763
    <para>
748
764
      It will also help if the checker program on the server is
749
765
      configured to request something from the client which can not be
750
 
      spoofed by someone else on the network, unlike unencrypted
751
 
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
 
766
      spoofed by someone else on the network, like SSH server key
 
767
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
 
768
      echo (<quote>ping</quote>) replies.
752
769
    </para>
753
770
    <para>
754
771
      <emphasis>Note</emphasis>: This makes it completely insecure to