/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY CONFNAME "mandos.conf">
6
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2011-11-26">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
7
9
]>
8
10
 
9
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
12
  <refentryinfo>
11
 
    <title>&CONFNAME;</title>
 
13
    <title>Mandos Manual</title>
12
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
 
    <productname>&CONFNAME;</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
15
18
    <authorgroup>
16
19
      <author>
17
20
        <firstname>Björn</firstname>
18
21
        <surname>Påhlsson</surname>
19
22
        <address>
20
 
          <email>belorn@fukt.bsnet.se</email>
 
23
          <email>belorn@recompile.se</email>
21
24
        </address>
22
25
      </author>
23
26
      <author>
24
27
        <firstname>Teddy</firstname>
25
28
        <surname>Hogeborn</surname>
26
29
        <address>
27
 
          <email>teddy@fukt.bsnet.se</email>
 
30
          <email>teddy@recompile.se</email>
28
31
        </address>
29
32
      </author>
30
33
    </authorgroup>
31
34
    <copyright>
32
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2011</year>
33
38
      <holder>Teddy Hogeborn</holder>
34
39
      <holder>Björn Påhlsson</holder>
35
40
    </copyright>
36
 
    <legalnotice>
37
 
      <para>
38
 
        This manual page is free software: you can redistribute it
39
 
        and/or modify it under the terms of the GNU General Public
40
 
        License as published by the Free Software Foundation,
41
 
        either version 3 of the License, or (at your option) any
42
 
        later version.
43
 
      </para>
44
 
 
45
 
      <para>
46
 
        This manual page is distributed in the hope that it will
47
 
        be useful, but WITHOUT ANY WARRANTY; without even the
48
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
49
 
        PARTICULAR PURPOSE.  See the GNU General Public License
50
 
        for more details.
51
 
      </para>
52
 
 
53
 
      <para>
54
 
        You should have received a copy of the GNU General Public
55
 
        License along with this program; If not, see
56
 
        <ulink url="http://www.gnu.org/licenses/"/>.
57
 
      </para>
58
 
    </legalnotice>
 
41
    <xi:include href="legalnotice.xml"/>
59
42
  </refentryinfo>
60
 
 
 
43
  
61
44
  <refmeta>
62
45
    <refentrytitle>&CONFNAME;</refentrytitle>
63
46
    <manvolnum>5</manvolnum>
69
52
      Configuration file for the Mandos server
70
53
    </refpurpose>
71
54
  </refnamediv>
72
 
 
 
55
  
73
56
  <refsynopsisdiv>
74
 
    <synopsis>
75
 
      &CONFPATH;
76
 
    </synopsis>
 
57
    <synopsis>&CONFPATH;</synopsis>
77
58
  </refsynopsisdiv>
78
 
 
 
59
  
79
60
  <refsect1 id="description">
80
61
    <title>DESCRIPTION</title>
81
62
    <para>
93
74
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
94
75
      to provide comments.
95
76
    </para>
96
 
 
 
77
    
97
78
  </refsect1>
98
79
  <refsect1>
99
80
    <title>OPTIONS</title>
100
81
    
101
82
    <variablelist>
102
83
      <varlistentry>
103
 
        <term><varname>interface</varname></term>
 
84
        <term><option>interface<literal> = </literal><replaceable
 
85
        >NAME</replaceable></option></term>
104
86
        <listitem>
105
 
          <synopsis><literal>interface = </literal><replaceable
106
 
          >NAME</replaceable>
107
 
          </synopsis>
108
87
          <xi:include href="mandos-options.xml" xpointer="interface"/>
109
88
        </listitem>
110
89
      </varlistentry>
111
 
 
 
90
      
112
91
      <varlistentry>
113
 
        <term><varname>address</varname></term>
 
92
        <term><option>address<literal> = </literal><replaceable
 
93
          >ADDRESS</replaceable></option></term>
114
94
        <listitem>
115
 
          <synopsis><literal>address = </literal><replaceable
116
 
          >ADDRESS</replaceable>
117
 
          </synopsis>
118
95
          <xi:include href="mandos-options.xml" xpointer="address"/>
119
96
        </listitem>
120
97
      </varlistentry>
121
 
 
 
98
      
122
99
      <varlistentry>
123
 
        <term><varname>port</varname></term>
 
100
        <term><option>port<literal> = </literal><replaceable
 
101
        >NUMBER</replaceable></option></term>
124
102
        <listitem>
125
 
          <synopsis><literal>port = </literal><replaceable
126
 
          >NUMBER</replaceable>
127
 
          </synopsis>
128
103
          <xi:include href="mandos-options.xml" xpointer="port"/>
129
104
        </listitem>
130
105
      </varlistentry>
131
 
 
 
106
      
132
107
      <varlistentry>
133
 
        <term><varname>debug</varname></term>
134
 
        <listitem>
135
 
          <synopsis><literal>debug = </literal>{ <literal
 
108
        <term><option>debug<literal> = </literal>{ <literal
136
109
          >1</literal> | <literal>yes</literal> | <literal
137
110
          >true</literal> | <literal>on</literal> | <literal
138
111
          >0</literal> | <literal>no</literal> | <literal
139
 
          >false</literal> | <literal>off</literal> }
140
 
          </synopsis>
 
112
          >false</literal> | <literal>off</literal> }</option></term>
 
113
        <listitem>
141
114
          <xi:include href="mandos-options.xml" xpointer="debug"/>
142
115
        </listitem>
143
116
      </varlistentry>
144
 
 
 
117
      
145
118
      <varlistentry>
146
 
        <term><varname>priority</varname></term>
 
119
        <term><option>priority<literal> = </literal><replaceable
 
120
        >STRING</replaceable></option></term>
147
121
        <listitem>
148
 
          <synopsis><literal>priority = </literal><replaceable
149
 
          >STRING</replaceable>
150
 
          </synopsis>
151
122
          <xi:include href="mandos-options.xml" xpointer="priority"/>
152
123
        </listitem>
153
124
      </varlistentry>
154
 
 
 
125
      
155
126
      <varlistentry>
156
 
        <term><varname>servicename</varname></term>
 
127
        <term><option>servicename<literal> = </literal
 
128
        ><replaceable>NAME</replaceable></option></term>
157
129
        <listitem>
158
 
          <synopsis><literal>servicename = </literal><replaceable
159
 
          >NAME</replaceable>
160
 
          </synopsis>
161
130
          <xi:include href="mandos-options.xml"
162
131
                      xpointer="servicename"/>
163
132
        </listitem>
164
133
      </varlistentry>
165
134
      
 
135
      <varlistentry>
 
136
        <term><option>use_dbus<literal> = </literal>{ <literal
 
137
          >1</literal> | <literal>yes</literal> | <literal
 
138
          >true</literal> | <literal>on</literal> | <literal
 
139
          >0</literal> | <literal>no</literal> | <literal
 
140
          >false</literal> | <literal>off</literal> }</option></term>
 
141
        <listitem>
 
142
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
143
        </listitem>
 
144
      </varlistentry>
 
145
      
 
146
      <varlistentry>
 
147
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
148
          >1</literal> | <literal>yes</literal> | <literal
 
149
          >true</literal> | <literal>on</literal> | <literal
 
150
          >0</literal> | <literal>no</literal> | <literal
 
151
          >false</literal> | <literal>off</literal> }</option></term>
 
152
        <listitem>
 
153
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
154
        </listitem>
 
155
      </varlistentry>
 
156
      
 
157
      <varlistentry>
 
158
        <term><option>restore<literal> = </literal>{ <literal
 
159
          >1</literal> | <literal>yes</literal> | <literal
 
160
          >true</literal> | <literal>on</literal> | <literal
 
161
          >0</literal> | <literal>no</literal> | <literal
 
162
          >false</literal> | <literal>off</literal> }</option></term>
 
163
        <listitem>
 
164
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
165
        </listitem>
 
166
      </varlistentry>
 
167
      
 
168
      <varlistentry>
 
169
        <term><option>statedir<literal> = </literal><replaceable
 
170
        >DIRECTORY</replaceable></option></term>
 
171
        <listitem>
 
172
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
173
        </listitem>
 
174
      </varlistentry>
 
175
      
166
176
    </variablelist>
167
177
  </refsect1>
168
178
  
178
188
    <para>
179
189
      The <literal>[DEFAULT]</literal> is necessary because the Python
180
190
      built-in module <systemitem class="library">ConfigParser</systemitem>
181
 
      requres it.
 
191
      requires it.
182
192
    </para>
183
193
  </refsect1>
184
194
  
200
210
[DEFAULT]
201
211
# A configuration example
202
212
interface = eth0
203
 
address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672
 
213
address = fe80::aede:48ff:fe71:f6f2
204
214
port = 1025
205
215
debug = true
206
216
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
207
217
servicename = Daena
 
218
use_dbus = False
 
219
use_ipv6 = True
 
220
restore = True
 
221
statedir = /var/lib/mandos
208
222
      </programlisting>
209
223
    </informalexample>
210
224
  </refsect1>
212
226
  <refsect1 id="see_also">
213
227
    <title>SEE ALSO</title>
214
228
    <para>
215
 
      <citerefentry>
216
 
        <refentrytitle>mandos</refentrytitle>
217
 
        <manvolnum>8</manvolnum></citerefentry>, <citerefentry>
218
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
219
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
220
 
        <refentrytitle>gnutls_priority_init</refentrytitle>
221
 
        <manvolnum>3</manvolnum></citerefentry>
 
229
      <citerefentry><refentrytitle>intro</refentrytitle>
 
230
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
231
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
232
      ><manvolnum>3</manvolnum></citerefentry>,
 
233
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
234
      <manvolnum>8</manvolnum></citerefentry>,
 
235
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
236
      <manvolnum>5</manvolnum></citerefentry>
222
237
    </para>
223
 
 
 
238
    
224
239
    <variablelist>
225
240
      <varlistentry>
226
241
        <term>
246
261
              <para>
247
262
                The clients use IPv6 link-local addresses, which are
248
263
                immediately usable since a link-local addresses is
249
 
                automatically assigned to a network interfaces when it
 
264
                automatically assigned to a network interface when it
250
265
                is brought up.
251
266
              </para>
252
267
            </listitem>
268
283
    </variablelist>
269
284
  </refsect1>
270
285
</refentry>
 
286
<!-- Local Variables: -->
 
287
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
288
<!-- time-stamp-end: "[\"']>" -->
 
289
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
290
<!-- End: -->