/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to dracut-module/password-agent.xml

  • Committer: teddy at recompile
  • Date: 2020-02-05 21:39:28 UTC
  • mto: This revision was merged to the branch mainline in revision 396.
  • Revision ID: teddy@recompile.se-20200205213928-vpvt0fwfg47ikv6f
Allow users to alter ask-password-mandos.service

If a user uses dracut with systemd and wishes to modify the options
passed to password-agent(8mandos) or mandos-client(8mandos), they
should be able to do so by simply creating a file
/etc/systemd/system/ask-password-mandos.service.d/override.conf,
containing, for instance:

[Service]
Environment=MANDOS_CLIENT_OPTIONS=--debug

Adding PASSWORD_AGENT_OPTIONS should also be possible (but should not
normally be needed).

* dracut-module/ask-password-mandos.service ([Service]/ExecStart): Add
  $PASSWORD_AGENT_OPTIONS before "--" and "$MANDOS_CLIENT_OPTIONS" to
  end of line.
* dracut-module/module-setup.sh (install): Install all files named
  /etc/systemd/system/ask-password-mandos.service.d/*.conf if any
  exists.  Also add --dh-params before $MANDOS_CLIENT_OPTIONS instead
  of at end of line.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "password-agent">
5
 
<!ENTITY TIMESTAMP "2020-09-16">
 
5
<!ENTITY TIMESTAMP "2019-11-13">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
32
32
    </authorgroup>
33
33
    <copyright>
34
34
      <year>2019</year>
35
 
      <year>2020</year>
36
35
      <holder>Teddy Hogeborn</holder>
37
36
      <holder>Björn Påhlsson</holder>
38
37
    </copyright>
114
113
      be a <citerefentry><refentrytitle>systemd</refentrytitle>
115
114
      <manvolnum>1</manvolnum></citerefentry> <quote>Password
116
115
      Agent</quote> (See <ulink
117
 
      url="https://systemd.io/PASSWORD_AGENTS/">Password
118
 
      Agents</ulink>).  The aim of this program is therefore to
119
 
      acquire and then send a password to some other program which
 
116
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
117
      >Password Agents</ulink>).  The aim of this program is therefore
 
118
      to acquire and then send a password to some other program which
120
119
      will use the password to unlock the encrypted root disk.
121
120
    </para>
122
121
    <para>
147
146
            Specify a different agent directory.  The default is
148
147
            <quote><filename class="directory"
149
148
            >/run/systemd/ask-password</filename ></quote> as per the
150
 
            <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
151
 
            Agents</ulink> specification.
 
149
            <ulink
 
150
            url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
151
            >Password Agents</ulink> specification.
152
152
          </para>
153
153
        </listitem>
154
154
      </varlistentry>
270
270
      responsible for getting a password from the Mandos client
271
271
      program itself, and to send that password to whatever is
272
272
      currently asking for a password using the systemd <ulink
273
 
      url="https://systemd.io/PASSWORD_AGENTS/">Password
274
 
      Agents</ulink> mechanism.
 
273
      url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
274
      >Password Agents</ulink> mechanism.
275
275
    </para>
276
276
    <para>To accomplish this, &COMMANDNAME; runs the
277
277
    <command>mandos-client</command> program (which is the actual
281
281
    password is acquired from the
282
282
    <replaceable>MANDOS_CLIENT</replaceable> program, sends that
283
283
    password (as per the <ulink
284
 
    url="https://systemd.io/PASSWORD_AGENTS/">Password Agents</ulink>
285
 
    specification) to all currently unanswered password questions.
 
284
    url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
285
    >Password Agents</ulink> specification) to all currently
 
286
    unanswered password questions.
286
287
    </para>
287
288
    <para>
288
289
      This program should be started (normally as a systemd service,
329
330
            <para>
330
331
              The default directory to watch for password questions as
331
332
              per the <ulink
332
 
              url="https://systemd.io/PASSWORD_AGENTS/">Password
333
 
              Agents</ulink> specification; can be changed by the
334
 
              <option>--agent-directory</option> option.
 
333
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
334
              >Password Agents</ulink> specification; can be changed
 
335
              by the <option>--agent-directory</option> option.
335
336
            </para>
336
337
          </listitem>
337
338
        </varlistentry>
445
446
    <variablelist>
446
447
      <varlistentry>
447
448
        <term>
448
 
          <ulink url="https://systemd.io/PASSWORD_AGENTS/">Password
449
 
          Agents</ulink>
 
449
          <ulink
 
450
              url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"
 
451
              >Password Agents</ulink>
450
452
        </term>
451
453
        <listitem>
452
454
          <para>