/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.conf.xml

Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
 
1
<?xml version="1.0" encoding="UTF-8"?>
 
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY CONFNAME "mandos.conf">
 
5
<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">
 
6
<!ENTITY TIMESTAMP "2011-11-26">
 
7
<!ENTITY % common SYSTEM "common.ent">
 
8
%common;
 
9
]>
 
10
 
 
11
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
 
12
  <refentryinfo>
 
13
    <title>Mandos Manual</title>
 
14
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
15
    <productname>Mandos</productname>
 
16
    <productnumber>&version;</productnumber>
 
17
    <date>&TIMESTAMP;</date>
 
18
    <authorgroup>
 
19
      <author>
 
20
        <firstname>Björn</firstname>
 
21
        <surname>Påhlsson</surname>
 
22
        <address>
 
23
          <email>belorn@recompile.se</email>
 
24
        </address>
 
25
      </author>
 
26
      <author>
 
27
        <firstname>Teddy</firstname>
 
28
        <surname>Hogeborn</surname>
 
29
        <address>
 
30
          <email>teddy@recompile.se</email>
 
31
        </address>
 
32
      </author>
 
33
    </authorgroup>
 
34
    <copyright>
 
35
      <year>2008</year>
 
36
      <year>2009</year>
 
37
      <year>2011</year>
 
38
      <holder>Teddy Hogeborn</holder>
 
39
      <holder>Björn Påhlsson</holder>
 
40
    </copyright>
 
41
    <xi:include href="legalnotice.xml"/>
 
42
  </refentryinfo>
 
43
  
 
44
  <refmeta>
 
45
    <refentrytitle>&CONFNAME;</refentrytitle>
 
46
    <manvolnum>5</manvolnum>
 
47
  </refmeta>
 
48
  
 
49
  <refnamediv>
 
50
    <refname><filename>&CONFNAME;</filename></refname>
 
51
    <refpurpose>
 
52
      Configuration file for the Mandos server
 
53
    </refpurpose>
 
54
  </refnamediv>
 
55
  
 
56
  <refsynopsisdiv>
 
57
    <synopsis>&CONFPATH;</synopsis>
 
58
  </refsynopsisdiv>
 
59
  
 
60
  <refsect1 id="description">
 
61
    <title>DESCRIPTION</title>
 
62
    <para>
 
63
      The file &CONFPATH; is a simple configuration file for
 
64
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
65
      <manvolnum>8</manvolnum></citerefentry>, and is read by it at
 
66
      startup.  The configuration file starts with <quote><literal
 
67
      >[DEFAULT]</literal></quote> on a line by itself, followed by
 
68
      any number of <quote><varname><replaceable>option</replaceable
 
69
      ></varname>=<replaceable>value</replaceable></quote> entries,
 
70
      with continuations in the style of RFC 822.  <quote><varname
 
71
      ><replaceable>option</replaceable></varname>: <replaceable
 
72
      >value</replaceable></quote> is also accepted.  Note that
 
73
      leading whitespace is removed from values.  Lines beginning with
 
74
      <quote>#</quote> or <quote>;</quote> are ignored and may be used
 
75
      to provide comments.
 
76
    </para>
 
77
    
 
78
  </refsect1>
 
79
  <refsect1>
 
80
    <title>OPTIONS</title>
 
81
    
 
82
    <variablelist>
 
83
      <varlistentry>
 
84
        <term><option>interface<literal> = </literal><replaceable
 
85
        >NAME</replaceable></option></term>
 
86
        <listitem>
 
87
          <xi:include href="mandos-options.xml" xpointer="interface"/>
 
88
        </listitem>
 
89
      </varlistentry>
 
90
      
 
91
      <varlistentry>
 
92
        <term><option>address<literal> = </literal><replaceable
 
93
          >ADDRESS</replaceable></option></term>
 
94
        <listitem>
 
95
          <xi:include href="mandos-options.xml" xpointer="address"/>
 
96
        </listitem>
 
97
      </varlistentry>
 
98
      
 
99
      <varlistentry>
 
100
        <term><option>port<literal> = </literal><replaceable
 
101
        >NUMBER</replaceable></option></term>
 
102
        <listitem>
 
103
          <xi:include href="mandos-options.xml" xpointer="port"/>
 
104
        </listitem>
 
105
      </varlistentry>
 
106
      
 
107
      <varlistentry>
 
108
        <term><option>debug<literal> = </literal>{ <literal
 
109
          >1</literal> | <literal>yes</literal> | <literal
 
110
          >true</literal> | <literal>on</literal> | <literal
 
111
          >0</literal> | <literal>no</literal> | <literal
 
112
          >false</literal> | <literal>off</literal> }</option></term>
 
113
        <listitem>
 
114
          <xi:include href="mandos-options.xml" xpointer="debug"/>
 
115
        </listitem>
 
116
      </varlistentry>
 
117
      
 
118
      <varlistentry>
 
119
        <term><option>priority<literal> = </literal><replaceable
 
120
        >STRING</replaceable></option></term>
 
121
        <listitem>
 
122
          <xi:include href="mandos-options.xml" xpointer="priority"/>
 
123
        </listitem>
 
124
      </varlistentry>
 
125
      
 
126
      <varlistentry>
 
127
        <term><option>servicename<literal> = </literal
 
128
        ><replaceable>NAME</replaceable></option></term>
 
129
        <listitem>
 
130
          <xi:include href="mandos-options.xml"
 
131
                      xpointer="servicename"/>
 
132
        </listitem>
 
133
      </varlistentry>
 
134
      
 
135
      <varlistentry>
 
136
        <term><option>use_dbus<literal> = </literal>{ <literal
 
137
          >1</literal> | <literal>yes</literal> | <literal
 
138
          >true</literal> | <literal>on</literal> | <literal
 
139
          >0</literal> | <literal>no</literal> | <literal
 
140
          >false</literal> | <literal>off</literal> }</option></term>
 
141
        <listitem>
 
142
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
143
        </listitem>
 
144
      </varlistentry>
 
145
      
 
146
      <varlistentry>
 
147
        <term><option>use_ipv6<literal> = </literal>{ <literal
 
148
          >1</literal> | <literal>yes</literal> | <literal
 
149
          >true</literal> | <literal>on</literal> | <literal
 
150
          >0</literal> | <literal>no</literal> | <literal
 
151
          >false</literal> | <literal>off</literal> }</option></term>
 
152
        <listitem>
 
153
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
 
154
        </listitem>
 
155
      </varlistentry>
 
156
      
 
157
      <varlistentry>
 
158
        <term><option>restore<literal> = </literal>{ <literal
 
159
          >1</literal> | <literal>yes</literal> | <literal
 
160
          >true</literal> | <literal>on</literal> | <literal
 
161
          >0</literal> | <literal>no</literal> | <literal
 
162
          >false</literal> | <literal>off</literal> }</option></term>
 
163
        <listitem>
 
164
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
165
        </listitem>
 
166
      </varlistentry>
 
167
      
 
168
      <varlistentry>
 
169
        <term><option>statedir<literal> = </literal><replaceable
 
170
        >DIRECTORY</replaceable></option></term>
 
171
        <listitem>
 
172
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
 
173
        </listitem>
 
174
      </varlistentry>
 
175
      
 
176
    </variablelist>
 
177
  </refsect1>
 
178
  
 
179
  <refsect1 id="files">
 
180
    <title>FILES</title>
 
181
    <para>
 
182
      The file described here is &CONFPATH;
 
183
    </para>
 
184
  </refsect1>
 
185
  
 
186
  <refsect1 id="bugs">
 
187
    <title>BUGS</title>
 
188
    <para>
 
189
      The <literal>[DEFAULT]</literal> is necessary because the Python
 
190
      built-in module <systemitem class="library">ConfigParser</systemitem>
 
191
      requires it.
 
192
    </para>
 
193
  </refsect1>
 
194
  
 
195
  <refsect1 id="example">
 
196
    <title>EXAMPLE</title>
 
197
    <informalexample>
 
198
      <para>
 
199
        No options are actually required:
 
200
      </para>
 
201
      <programlisting>
 
202
[DEFAULT]
 
203
      </programlisting>
 
204
    </informalexample>
 
205
    <informalexample>
 
206
      <para>
 
207
        An example using all the options:
 
208
      </para>
 
209
      <programlisting>
 
210
[DEFAULT]
 
211
# A configuration example
 
212
interface = eth0
 
213
address = fe80::aede:48ff:fe71:f6f2
 
214
port = 1025
 
215
debug = true
 
216
priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP
 
217
servicename = Daena
 
218
use_dbus = False
 
219
use_ipv6 = True
 
220
restore = True
 
221
statedir = /var/lib/mandos
 
222
      </programlisting>
 
223
    </informalexample>
 
224
  </refsect1>
 
225
  
 
226
  <refsect1 id="see_also">
 
227
    <title>SEE ALSO</title>
 
228
    <para>
 
229
      <citerefentry><refentrytitle>intro</refentrytitle>
 
230
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
231
      <citerefentry><refentrytitle>gnutls_priority_init</refentrytitle
 
232
      ><manvolnum>3</manvolnum></citerefentry>,
 
233
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
234
      <manvolnum>8</manvolnum></citerefentry>,
 
235
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
236
      <manvolnum>5</manvolnum></citerefentry>
 
237
    </para>
 
238
    
 
239
    <variablelist>
 
240
      <varlistentry>
 
241
        <term>
 
242
          RFC 4291: <citetitle>IP Version 6 Addressing
 
243
          Architecture</citetitle>
 
244
        </term>
 
245
        <listitem>
 
246
          <variablelist>
 
247
            <varlistentry>
 
248
              <term>Section 2.2: <citetitle>Text Representation of
 
249
              Addresses</citetitle></term>
 
250
              <listitem><para/></listitem>
 
251
            </varlistentry>
 
252
            <varlistentry>
 
253
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
 
254
              Address</citetitle></term>
 
255
              <listitem><para/></listitem>
 
256
            </varlistentry>
 
257
            <varlistentry>
 
258
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
 
259
            Addresses</citetitle></term>
 
260
            <listitem>
 
261
              <para>
 
262
                The clients use IPv6 link-local addresses, which are
 
263
                immediately usable since a link-local addresses is
 
264
                automatically assigned to a network interface when it
 
265
                is brought up.
 
266
              </para>
 
267
            </listitem>
 
268
            </varlistentry>
 
269
          </variablelist>
 
270
        </listitem>
 
271
      </varlistentry>
 
272
      <varlistentry>
 
273
        <term>
 
274
          <ulink url="http://www.zeroconf.org/">Zeroconf</ulink>
 
275
        </term>
 
276
        <listitem>
 
277
          <para>
 
278
            Zeroconf is the network protocol standard used by clients
 
279
            for finding the Mandos server on the local network.
 
280
          </para>
 
281
        </listitem>
 
282
      </varlistentry>
 
283
    </variablelist>
 
284
  </refsect1>
 
285
</refentry>
 
286
<!-- Local Variables: -->
 
287
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
288
<!-- time-stamp-end: "[\"']>" -->
 
289
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
290
<!-- End: -->