/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-10-08 04:11:22 UTC
  • mto: (237.7.594 trunk)
  • mto: This revision was merged to the branch mainline in revision 354.
  • Revision ID: teddy@recompile.se-20161008041122-xdqj4sw9h9i461fu
Fix bug when generating keys in a chroot environment.

* mandos-keygen (keygen): Use "%no-protection" statement in GnuPG
                          batch parameter file to make GnuPG 2.1 not
                          try to ask for a passphrase interactively.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2013-10-15">
 
6
<!ENTITY TIMESTAMP "2016-06-23">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
40
44
      <holder>Teddy Hogeborn</holder>
41
45
      <holder>Björn Påhlsson</holder>
42
46
    </copyright>
177
181
            <varname>PATH</varname> will be searched.  The default
178
182
            value for the checker command is <quote><literal
179
183
            ><command>fping</command> <option>-q</option> <option
180
 
            >--</option> %%(host)s</literal></quote>.
 
184
            >--</option> %%(host)s</literal></quote>.  Note that
 
185
            <command>mandos-keygen</command>, when generating output
 
186
            to be inserted into this file, normally looks for an SSH
 
187
            server on the Mandos client, and, if it find one, outputs
 
188
            a <option>checker</option> option to check for the
 
189
            client’s key fingerprint – this is more secure against
 
190
            spoofing.
181
191
          </para>
182
192
          <para>
183
193
            In addition to normal start time expansion, this option
220
230
          <para>
221
231
            This option sets the OpenPGP fingerprint that identifies
222
232
            the public key that clients authenticate themselves with
223
 
            through TLS.  The string needs to be in hexidecimal form,
 
233
            through TLS.  The string needs to be in hexadecimal form,
224
234
            but spaces or upper/lower case are not significant.
225
235
          </para>
226
236
        </listitem>
453
463
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
454
464
      obscure.
455
465
    </para>
 
466
    <xi:include href="bugs.xml"/>
456
467
  </refsect1>
457
468
  
458
469
  <refsect1 id="example">