34
34
<holder>Teddy Hogeborn</holder>
35
35
<holder>Björn Påhlsson</holder>
37
<xi:include href="legalnotice.xml"/>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
46
68
<refname><command>&COMMANDNAME;</command></refname>
48
Gives encrypted passwords to authenticated Mandos clients
70
Sends encrypted passwords to authenticated Mandos clients
54
76
<command>&COMMANDNAME;</command>
56
<arg choice="plain"><option>--interface
57
<replaceable>NAME</replaceable></option></arg>
58
<arg choice="plain"><option>-i
59
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>--address
64
<replaceable>ADDRESS</replaceable></option></arg>
65
<arg choice="plain"><option>-a
66
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>--port
71
<replaceable>PORT</replaceable></option></arg>
72
<arg choice="plain"><option>-p
73
<replaceable>PORT</replaceable></option></arg>
76
<arg><option>--priority
77
<replaceable>PRIORITY</replaceable></option></arg>
79
<arg><option>--servicename
80
<replaceable>NAME</replaceable></option></arg>
82
<arg><option>--configdir
83
<replaceable>DIRECTORY</replaceable></option></arg>
85
<arg><option>--debug</option></arg>
77
<arg>--interface<arg choice="plain">NAME</arg></arg>
78
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
79
<arg>--port<arg choice="plain">PORT</arg></arg>
80
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
81
<arg>--servicename<arg choice="plain">NAME</arg></arg>
82
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
86
<command>&COMMANDNAME;</command>
87
<arg>-i<arg choice="plain">NAME</arg></arg>
88
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
89
<arg>-p<arg choice="plain">PORT</arg></arg>
90
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
91
<arg>--servicename<arg choice="plain">NAME</arg></arg>
92
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
88
96
<command>&COMMANDNAME;</command>
89
97
<group choice="req">
90
<arg choice="plain"><option>--help</option></arg>
91
<arg choice="plain"><option>-h</option></arg>
98
<arg choice="plain">-h</arg>
99
<arg choice="plain">--help</arg>
95
103
<command>&COMMANDNAME;</command>
96
<arg choice="plain"><option>--version</option></arg>
104
<arg choice="plain">--version</arg>
99
107
<command>&COMMANDNAME;</command>
100
<arg choice="plain"><option>--check</option></arg>
108
<arg choice="plain">--check</arg>
102
110
</refsynopsisdiv>
115
123
Any authenticated client is then given the stored pre-encrypted
116
124
password for that specific client.
120
129
<refsect1 id="purpose">
121
130
<title>PURPOSE</title>
123
133
The purpose of this is to enable <emphasis>remote and unattended
124
134
rebooting</emphasis> of client host computer with an
125
135
<emphasis>encrypted root file system</emphasis>. See <xref
126
136
linkend="overview"/> for details.
130
141
<refsect1 id="options">
131
142
<title>OPTIONS</title>
134
<term><option>--help</option></term>
135
<term><option>-h</option></term>
146
<term><literal>-h</literal>, <literal>--help</literal></term>
138
149
Show a help message and exit
144
<term><option>--interface</option>
145
<replaceable>NAME</replaceable></term>
146
<term><option>-i</option>
147
<replaceable>NAME</replaceable></term>
155
<term><literal>-i</literal>, <literal>--interface <replaceable
156
>NAME</replaceable></literal></term>
149
158
<xi:include href="mandos-options.xml" xpointer="interface"/>
154
<term><option>--address
155
<replaceable>ADDRESS</replaceable></option></term>
157
<replaceable>ADDRESS</replaceable></option></term>
163
<term><literal>-a</literal>, <literal>--address <replaceable>
164
ADDRESS</replaceable></literal></term>
159
166
<xi:include href="mandos-options.xml" xpointer="address"/>
165
<replaceable>PORT</replaceable></option></term>
167
<replaceable>PORT</replaceable></option></term>
171
<term><literal>-p</literal>, <literal>--port <replaceable>
172
PORT</replaceable></literal></term>
169
174
<xi:include href="mandos-options.xml" xpointer="port"/>
174
<term><option>--check</option></term>
179
<term><literal>--check</literal></term>
177
182
Run the server’s self-tests. This includes any unit
184
<term><option>--debug</option></term>
189
<term><literal>--debug</literal></term>
186
191
<xi:include href="mandos-options.xml" xpointer="debug"/>
191
<term><option>--priority <replaceable>
192
PRIORITY</replaceable></option></term>
196
<term><literal>--priority <replaceable>
197
PRIORITY</replaceable></literal></term>
194
199
<xi:include href="mandos-options.xml" xpointer="priority"/>
199
<term><option>--servicename
200
<replaceable>NAME</replaceable></option></term>
204
<term><literal>--servicename <replaceable>NAME</replaceable>
202
207
<xi:include href="mandos-options.xml"
203
208
xpointer="servicename"/>
488
489
Running this <command>&COMMANDNAME;</command> server program
489
490
should not in itself present any security risk to the host
490
computer running it. The program switches to a non-root user
491
computer running it. The program does not need any special
492
privileges to run, and is designed to run as a non-root user.
494
495
<refsect2 id="CLIENTS">
521
522
restarting servers if it is suspected that a client has, in
522
523
fact, been compromised by parties who may now be running a
523
524
fake Mandos client with the keys from the non-encrypted
524
initial <acronym>RAM</acronym> image of the client host. What
525
should be done in that case (if restarting the server program
526
really is necessary) is to stop the server program, edit the
525
initial RAM image of the client host. What should be done in
526
that case (if restarting the server program really is
527
necessary) is to stop the server program, edit the
527
528
configuration file to omit any suspect clients, and restart
528
529
the server program.
531
532
For more details on client-side security, see
532
<citerefentry><refentrytitle>mandos-client</refentrytitle>
533
<citerefentry><refentrytitle>password-request</refentrytitle>
533
534
<manvolnum>8mandos</manvolnum></citerefentry>.
543
544
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
544
545
<refentrytitle>mandos.conf</refentrytitle>
545
546
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
546
<refentrytitle>mandos-client</refentrytitle>
547
<refentrytitle>password-request</refentrytitle>
547
548
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
548
549
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>