/mandos/release

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2017-02-22 21:45:35 UTC
mto: (237.7.594 trunk)
mto: This revision was merged to the branch mainline in revision 358.
Revision ID: teddy@recompile.se-20170222214535-milf6w0b1krwpaex

http://bugs.debian.org/855589

Server bug fix: Use the mandos.conf "zeroconf" and "restore" options

Allow the "zeroconf" and "restore" options to actually work from the
mandos.conf file, in addition to command line options.

Closes: 855589
Reported-by: Pablo Abelenda <pabelenda@igalia.com>
Suggested-by: Pablo Abelenda <pabelenda@igalia.com>

files added:
initramfs-tools-hook-conf

files removed:
initramfs-tools-conf

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-02-09">

4

<!ENTITY TIMESTAMP "2016-11-27">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

36

36

<year>2014</year>

37

37

<year>2015</year>

38

38

<year>2016</year>

39

<year>2017</year>

40

<year>2018</year>

41

39

<holder>Teddy Hogeborn</holder>

42

40

<holder>Björn Påhlsson</holder>

43

41

</copyright>

67

65

The computers run a small client program in the initial RAM disk

68

66

environment which will communicate with a server over a network.

69

67

All network communication is encrypted using TLS. The clients

70

are identified by the server using a TLS public key; each client

68

are identified by the server using an OpenPGP key; each client

71

69

has one unique to it. The server sends the clients an encrypted

72

70

password. The encrypted password is decrypted by the clients

73

using a separate OpenPGP key, and the password is then used to

71

using the same OpenPGP key, and the password is then used to

74

72

unlock the root file system, whereupon the computers can

75

73

continue booting normally.

76

74

</para>

200

198

<para>

201

199

No. The server only gives out the passwords to clients which

202

200

have <emphasis>in the TLS handshake</emphasis> proven that

203

they do indeed hold the private key corresponding to that

204

client.

201

they do indeed hold the OpenPGP private key corresponding to

202

that client.

205

203

</para>

206

204

</refsect2>

207

205

Older »