/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

merge

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2011-10-22">
 
5
<!ENTITY TIMESTAMP "2010-09-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
 
      <year>2011</year>
38
37
      <holder>Teddy Hogeborn</holder>
39
38
      <holder>Björn Påhlsson</holder>
40
39
    </copyright>
117
116
    <para>
118
117
      <command>&COMMANDNAME;</command> is a server daemon which
119
118
      handles incoming request for passwords for a pre-defined list of
120
 
      client host computers. For an introduction, see
121
 
      <citerefentry><refentrytitle>intro</refentrytitle>
122
 
      <manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
123
 
      uses Zeroconf to announce itself on the local network, and uses
124
 
      TLS to communicate securely with and to authenticate the
125
 
      clients.  The Mandos server uses IPv6 to allow Mandos clients to
126
 
      use IPv6 link-local addresses, since the clients will probably
127
 
      not have any other addresses configured (see <xref
128
 
      linkend="overview"/>).  Any authenticated client is then given
129
 
      the stored pre-encrypted password for that specific client.
 
119
      client host computers.  The Mandos server uses Zeroconf to
 
120
      announce itself on the local network, and uses TLS to
 
121
      communicate securely with and to authenticate the clients.  The
 
122
      Mandos server uses IPv6 to allow Mandos clients to use IPv6
 
123
      link-local addresses, since the clients will probably not have
 
124
      any other addresses configured (see <xref linkend="overview"/>).
 
125
      Any authenticated client is then given the stored pre-encrypted
 
126
      password for that specific client.
130
127
    </para>
131
128
  </refsect1>
132
129
  
354
351
      for some time, the client is assumed to be compromised and is no
355
352
      longer eligible to receive the encrypted password.  (Manual
356
353
      intervention is required to re-enable a client.)  The timeout,
357
 
      extended timeout, checker program, and interval between checks
358
 
      can be configured both globally and per client; see
359
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
354
      checker program, and interval between checks can be configured
 
355
      both globally and per client; see <citerefentry>
 
356
      <refentrytitle>mandos-clients.conf</refentrytitle>
360
357
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
361
358
      receiving its password will also be treated as a successful
362
359
      checker run.
509
506
      Debug mode is conflated with running in the foreground.
510
507
    </para>
511
508
    <para>
 
509
      The console log messages do not show a time stamp.
 
510
    </para>
 
511
    <para>
512
512
      This server does not check the expire time of clients’ OpenPGP
513
513
      keys.
514
514
    </para>
609
609
  <refsect1 id="see_also">
610
610
    <title>SEE ALSO</title>
611
611
    <para>
612
 
      <citerefentry><refentrytitle>intro</refentrytitle>
613
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
614
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
615
 
      <manvolnum>5</manvolnum></citerefentry>,
616
 
      <citerefentry><refentrytitle>mandos.conf</refentrytitle>
617
 
      <manvolnum>5</manvolnum></citerefentry>,
618
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
619
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
620
 
      <citerefentry><refentrytitle>sh</refentrytitle>
621
 
      <manvolnum>1</manvolnum></citerefentry>
 
612
      <citerefentry>
 
613
        <refentrytitle>mandos-clients.conf</refentrytitle>
 
614
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
 
615
        <refentrytitle>mandos.conf</refentrytitle>
 
616
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
 
617
        <refentrytitle>mandos-client</refentrytitle>
 
618
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
 
619
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
 
620
      </citerefentry>
622
621
    </para>
623
622
    <variablelist>
624
623
      <varlistentry>