/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.xml

  • Committer: Teddy Hogeborn
  • Date: 2019-08-18 00:42:22 UTC
  • mto: This revision was merged to the branch mainline in revision 390.
  • Revision ID: teddy@recompile.se-20190818004222-lfrgtnmqz766a08e
Client: Use the systemd sysusers.d mechanism, if present

* Makefile (install-client-nokey): Also install sysusers.d file, if
                                   $(SYSUSERS) exists.
* sysusers.d-mandos.conf: Adjust comment to match reality.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-agent">
5
 
<!ENTITY TIMESTAMP "2020-09-16">
 
5
<!ENTITY TIMESTAMP "2019-07-24">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
113
113
      be a <citerefentry><refentrytitle>systemd</refentrytitle>
114
114
      <manvolnum>1</manvolnum></citerefentry> <quote>Password
115
115
      Agent</quote> (See <ulink
116
 
      url="https://systemd.io/PASSWORD_AGENTS/">Password
117
 
      Agents</ulink>).  The aim of this program is therefore to
118
 
      acquire and then send a password to some other program which
 
116
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
117
      >Password Agents</ulink>).  The aim of this program is therefore
 
118
      to acquire and then send a password to some other program which
119
119
      will use the password to unlock the encrypted root disk.
120
120
    </para>
121
121
    <para>
146
146
            Specify a different agent directory.  The default is
147
147
            <quote><filename class="directory"
148
148
            >/run/systemd/ask-password</filename ></quote> as per the
149
 
            <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
150
 
            Agents</ulink> specification.
 
149
            <ulink
 
150
            url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
151
            >Password Agents</ulink> specification.
151
152
          </para>
152
153
        </listitem>
153
154
      </varlistentry>
269
270
      responsible for getting a password from the Mandos client
270
271
      program itself, and to send that password to whatever is
271
272
      currently asking for a password using the systemd <ulink
272
 
      url="https://systemd.io/PASSWORD_AGENTS/">Password
273
 
      Agents</ulink> mechanism.
 
273
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
274
      >Password Agents</ulink> mechanism.
274
275
    </para>
275
276
    <para>To accomplish this, &COMMANDNAME; runs the
276
277
    <command>mandos-client</command> program (which is the actual
280
281
    password is acquired from the
281
282
    <replaceable>MANDOS_CLIENT</replaceable> program, sends that
282
283
    password (as per the <ulink
283
 
    url="https://systemd.io/PASSWORD_AGENTS/">Password Agents</ulink>
284
 
    specification) to all currently unanswered password questions.
 
284
    url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
285
    >Password Agents</ulink> specification) to all currently
 
286
    unanswered password questions.
285
287
    </para>
286
288
    <para>
287
289
      This program should be started (normally as a systemd service,
328
330
            <para>
329
331
              The default directory to watch for password questions as
330
332
              per the <ulink
331
 
              url="https://systemd.io/PASSWORD_AGENTS/">Password
332
 
              Agents</ulink> specification; can be changed by the
333
 
              <option>--agent-directory</option> option.
 
333
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
334
              >Password Agents</ulink> specification; can be changed
 
335
              by the <option>--agent-directory</option> option.
334
336
            </para>
335
337
          </listitem>
336
338
        </varlistentry>
399
401
      <para>
400
402
 
401
403
<!-- do not wrap this line -->
402
 
<userinput>&COMMANDNAME; -- /lib/mandos/plugins.d/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem</userinput>
 
404
<userinput>&COMMANDNAME; -- /lib/mandos/mandos-client --pubkey=/etc/mandos/keys/pubkey.txt --seckey=/etc/mandos/keys/seckey.txt --tls-pubkey=/etc/mandos/keys/tls-pubkey.pem --tls-privkey=/etc/mandos/keys/tls-privkey.pem</userinput>
403
405
 
404
406
      </para>
405
407
    </informalexample>
444
446
    <variablelist>
445
447
      <varlistentry>
446
448
        <term>
447
 
          <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
448
 
          Agents</ulink>
 
449
          <ulink
 
450
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
451
              >Password Agents</ulink>
449
452
        </term>
450
453
        <listitem>
451
454
          <para>