/mandos/release : revision 237.7.325

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

Committer: Teddy Hogeborn
Date: 2015-07-20 03:03:33 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 325.
Revision ID: teddy@recompile.se-20150720030333-203m2aeblypcsfte

Bug fix for GnuTLS 3: be compatible with old 2048-bit DSA keys.

The mandos-keygen program in Mandos version 1.6.0 and older generated
2048-bit DSA keys, and when GnuTLS uses these it has trouble
connecting using the Mandos default priority string.  This was
previously fixed in Mandos 1.6.2, but the bug reappeared when using
GnuTLS 3, so the default priority string has to change again; this
time also the Mandos client has to change its default, so now the
server and the client should use the same default priority string:

SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP:!RSA:+SIGN-DSA-SHA256

* mandos (main/server_defaults): Changed default priority string.
* mandos-options.xml (/section/para[id="priority_compat"]): Removed.
  (/section/para[id="priority"]): Changed default priority string.
* mandos.conf ([DEFAULT]/priority): - '' -
* mandos.conf.xml (OPTIONS/priority): Refer to the id "priority"
                                      instead of "priority_compat".
* mandos.xml (OPTIONS/--priority): - '' -
* plugins.d/mandos-client.c (main): Changed default priority string.

files added:
debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-unpack

intro.xml

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

mandos-ctl.xml

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-ctl">

<!ENTITY TIMESTAMP "2010-09-25">

<!ENTITY TIMESTAMP "2012-06-22">

<!ENTITY % common SYSTEM "common.ent">

%common;

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--extended-timeout

100

101

</group>

102

<sbr/>

103

<group>

104

<arg choice="plain"><option>--interval

105

106

<arg choice="plain"><option>-i

107

108

</group>

109

<sbr/>

110

<group>

111

<arg choice="plain"><option>--approve-by-default</option

112

></arg>

113

<sbr/>

114

<arg choice="plain"><option>--deny-by-default</option></arg>

115

</group>

116

<sbr/>

117

<group>

118

<arg choice="plain"><option>--approval-delay

119

120

</group>

121

<sbr/>

122

<group>

123

<arg choice="plain"><option>--approval-duration

124

125

</group>

126

<sbr/>

127

<group>

128

<arg choice="plain"><option>--interval

129

130

<arg choice="plain"><option>-i

164

195

165

196

</group>

166

197

</cmdsynopsis>

198

199

<command>&COMMANDNAME;</command>

200

<arg choice="plain"><option>--check</option></arg>

201

</cmdsynopsis>

167

202

</refsynopsisdiv>

168

203

169

204

273

308

<para>

274

309

Set the <varname>checker</varname> option of the specified

275

310

client(s); see <citerefentry><refentrytitle

276

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

277

></citerefentry>.

311

>mandos-clients.conf</refentrytitle><manvolnum

312

>5</manvolnum></citerefentry>.

278

313

</para>

279

314

</listitem>

280

315

</varlistentry>

288

323

<para>

289

324

Set the <varname>timeout</varname> option of the specified

290

325

client(s); see <citerefentry><refentrytitle

291

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

292

></citerefentry>.

326

>mandos-clients.conf</refentrytitle><manvolnum

327

>5</manvolnum></citerefentry>.

328

</para>

329

</listitem>

330

</varlistentry>

331

332

333

<term><option>--extended-timeout

334

335

336

<para>

337

Set the <varname>extended_timeout</varname> option of the

338

specified client(s); see <citerefentry><refentrytitle

339

>mandos-clients.conf</refentrytitle><manvolnum

340

>5</manvolnum></citerefentry>.

293

341

</para>

294

342

</listitem>

295

343

</varlistentry>

301

349

302

350

303

351

<para>

304

Set the <varname>interval</varname> option of the specified

305

client(s); see <citerefentry><refentrytitle

306

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

307

></citerefentry>.

352

Set the <varname>interval</varname> option of the

353

specified client(s); see <citerefentry><refentrytitle

354

>mandos-clients.conf</refentrytitle><manvolnum

355

>5</manvolnum></citerefentry>.

356

</para>

357

</listitem>

358

</varlistentry>

359

360

361

<term><option>--approve-by-default</option></term>

362

<term><option>--deny-by-default</option></term>

363

364

<para>

365

Set the <varname>approved_by_default</varname> option of

366

the specified client(s) to <literal>True</literal> or

367

<literal>False</literal>, respectively; see

368

<citerefentry><refentrytitle

369

>mandos-clients.conf</refentrytitle><manvolnum

370

>5</manvolnum></citerefentry>.

371

</para>

372

</listitem>

373

</varlistentry>

374

375

376

<term><option>--approval-delay

377

378

379

<para>

380

Set the <varname>approval_delay</varname> option of the

381

specified client(s); see <citerefentry><refentrytitle

382

>mandos-clients.conf</refentrytitle><manvolnum

383

>5</manvolnum></citerefentry>.

384

</para>

385

</listitem>

386

</varlistentry>

387

388

389

<term><option>--approval-duration

390

391

392

<para>

393

Set the <varname>approval_duration</varname> option of the

394

specified client(s); see <citerefentry><refentrytitle

395

>mandos-clients.conf</refentrytitle><manvolnum

396

>5</manvolnum></citerefentry>.

308

397

</para>

309

398

</listitem>

310

399

</varlistentry>

318

407

<para>

319

408

Set the <varname>host</varname> option of the specified

320

409

client(s); see <citerefentry><refentrytitle

321

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

322

></citerefentry>.

410

>mandos-clients.conf</refentrytitle><manvolnum

411

>5</manvolnum></citerefentry>.

323

412

</para>

324

413

</listitem>

325

414

</varlistentry>

333

422

<para>

334

423

Set the <varname>secfile</varname> option of the specified

335

424

client(s); see <citerefentry><refentrytitle

336

>mandos-client.conf</refentrytitle><manvolnum>5</manvolnum

337

></citerefentry>.

425

>mandos-clients.conf</refentrytitle><manvolnum

426

>5</manvolnum></citerefentry>.

338

427

</para>

339

428

</listitem>

340

429

</varlistentry>

391

480

</listitem>

392

481

</varlistentry>

393

482

483

484

<term><option>--check</option></term>

485

486

<para>

487

Run self-tests. This includes any unit tests, etc.

488

</para>

489

</listitem>

490

</varlistentry>

491

394

492

</variablelist>

395

493

</refsect1>

396

494

471

569

To approve all clients currently waiting for it:

472

570

</para>

473

571

<para>

474

475

476

<userinput>&COMMANDNAME; --approve --all</userinput>

477

572

<userinput>&COMMANDNAME; --approve --all</userinput>

478

573

</para>

479

574

</informalexample>

480

575

</refsect1>

491

586

492

587

493

588

<para>

589

<citerefentry><refentrytitle>intro</refentrytitle>

590

<manvolnum>8mandos</manvolnum></citerefentry>,

494

591

<citerefentry><refentrytitle>mandos</refentrytitle>

495

592

<manvolnum>8</manvolnum></citerefentry>,

496

593

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

Older »