/mandos/release : revision 24.1.82

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Björn Påhlsson
Date: 2008-09-03 19:04:05 UTC
mfrom: (148 mandos)
mto: (237.7.1 mandos) (24.1.154 mandos)
mto: This revision was merged to the branch mainline in revision 149.
Revision ID: belorn@braxen-20080903190405-4uuej92nf0qnmcrc

merge

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2011-10-03">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-03">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--connect

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--keydir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</arg>

<sbr/>

100

<arg>

<option>--delay <replaceable>SECONDS</replaceable></option>

</arg>

<sbr/>

100

<arg>

101

<option>--retry <replaceable>SECONDS</replaceable></option>

102

</arg>

103

<sbr/>

104

<arg>

105

<option>--network-hook-dir<replaceable>DIR</replaceable></option>

106

</arg>

107

<sbr/>

108

<arg>

109

101

<option>--debug</option>

110

102

</arg>

111

103

</cmdsynopsis>

128

120

</group>

129

121

</cmdsynopsis>

130

122

</refsynopsisdiv>

131

123

132

124

133

125

<title>DESCRIPTION</title>

134

126

<para>

135

127

<command>&COMMANDNAME;</command> is a client program that

136

128

communicates with <citerefentry><refentrytitle

137

129

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

138

to get a password. In slightly more detail, this client program

139

brings up a network interface, uses the interface’s IPv6

140

link-local address to get network connectivity, uses Zeroconf to

141

find servers on the local network, and communicates with servers

142

using TLS with an OpenPGP key to ensure authenticity and

143

confidentiality. This client program keeps running, trying all

144

servers on the network, until it receives a satisfactory reply

145

or a TERM signal. After all servers have been tried, all

146

servers are periodically retried. If no servers are found it

147

will wait indefinitely for new servers to appear.

130

to get a password. It uses IPv6 link-local addresses to get

131

network connectivity, Zeroconf to find servers, and TLS with an

132

OpenPGP key to ensure authenticity and confidentiality. It

133

keeps running, trying all servers on the network, until it

134

receives a satisfactory reply or a TERM signal is recieved.

148

135

</para>

149

136

<para>

150

137

This program is not meant to be run directly; it is really meant

204

191

</varlistentry>

205

192

206

193

207

<term><option>--interface=<replaceable

208

>NAME</replaceable></option></term>

194

<term><option>--keydir=<replaceable

195

>DIRECTORY</replaceable></option></term>

196

<term><option>-d

197

<replaceable>DIRECTORY</replaceable></option></term>

198

199

<para>

200

Directory to read the OpenPGP key files

201

<filename>pubkey.txt</filename> and

202

<filename>seckey.txt</filename> from. The default is

203

<filename>/conf/conf.d/mandos</filename> (in the initial

204

<acronym>RAM</acronym> disk environment).

205

</para>

206

</listitem>

207

</varlistentry>

208

209

210

<term><option>--interface=

211

209

212

<term><option>-i

210

213

211

214

212

215

<para>

213

216

Network interface that will be brought up and scanned for

214

Mandos servers to connect to. The default is the empty

215

string, which will automatically choose an appropriate

216

interface.

217

Mandos servers to connect to. The default it

218

<quote><literal>eth0</literal></quote>.

217

219

</para>

218

220

<para>

219

221

If the <option>--connect</option> option is used, this

220

222

specifies the interface to use to connect to the address

221

223

given.

222

224

</para>

223

<para>

224

Note that since this program will normally run in the

225

initial RAM disk environment, the interface must be an

226

interface which exists at that stage. Thus, the interface

227

can not be a pseudo-interface such as <quote>br0</quote>

228

or <quote>tun0</quote>; such interfaces will not exist

229

until much later in the boot process, and can not be used

230

by this program.

231

</para>

232

<para>

233

<replaceable>NAME</replaceable> can be the string

234

<quote><literal>none</literal></quote>; this will not use

235

any specific interface, and will not bring up an interface

236

on startup. This is not recommended, and only meant for

237

advanced users.

238

</para>

239

225

</listitem>

240

226

</varlistentry>

241

227

246

232

247

233

248

234

<para>

249

OpenPGP public key file name. The default name is

250

<quote><filename>/conf/conf.d/mandos/pubkey.txt</filename

251

></quote>.

235

OpenPGP public key file base name. This will be combined

236

with the directory from the <option>--keydir</option>

237

option to form an absolute file name. The default name is

238

<quote><literal>pubkey.txt</literal></quote>.

252

239

</para>

253

240

</listitem>

254

241

</varlistentry>

255

242

256

243

257

244

<term><option>--seckey=<replaceable

258

245

>FILE</replaceable></option></term>

260

247

261

248

262

249

<para>

263

OpenPGP secret key file name. The default name is

264

<quote><filename>/conf/conf.d/mandos/seckey.txt</filename

265

></quote>.

250

OpenPGP secret key file base name. This will be combined

251

with the directory from the <option>--keydir</option>

252

option to form an absolute file name. The default name is

253

<quote><literal>seckey.txt</literal></quote>.

266

254

</para>

267

255

</listitem>

268

256

</varlistentry>

275

263

xpointer="priority"/>

276

264

</listitem>

277

265

</varlistentry>

278

266

279

267

280

268

<term><option>--dh-bits=<replaceable

281

269

>BITS</replaceable></option></term>

286

274

</para>

287

275

</listitem>

288

276

</varlistentry>

289

290

291

<term><option>--delay=<replaceable

292

>SECONDS</replaceable></option></term>

293

294

<para>

295

After bringing the network interface up, the program waits

296

for the interface to arrive in a <quote>running</quote>

297

state before proceeding. During this time, the kernel log

298

level will be lowered to reduce clutter on the system

299

console, alleviating any other plugins which might be

300

using the system console. This option sets the upper

301

limit of seconds to wait. The default is 2.5 seconds.

302

</para>

303

</listitem>

304

</varlistentry>

305

306

307

<term><option>--retry=<replaceable

308

>SECONDS</replaceable></option></term>

309

310

<para>

311

All Mandos servers are tried repeatedly until a password

312

is received. This value specifies, in seconds, how long

313

between each successive try <emphasis>for the same

314

server</emphasis>. The default is 10 seconds.

315

</para>

316

</listitem>

317

</varlistentry>

318

319

320

<term><option>--network-hook-dir=<replaceable

321

>DIR</replaceable></option></term>

322

323

<para>

324

Network hook directory. The default directory is

325

<quote><filename class="directory"

326

>/lib/mandos/network-hooks.d</filename></quote>.

327

</para>

328

</listitem>

329

</varlistentry>

330

277

331

278

332

279

<term><option>--debug</option></term>

362

309

</para>

363

310

</listitem>

364

311

</varlistentry>

365

312

366

313

367

314

<term><option>--version</option></term>

368

315

374

321

</varlistentry>

375

322

</variablelist>

376

323

</refsect1>

377

324

378

325

379

326

<title>OVERVIEW</title>

380

327

<xi:include href="../overview.xml"/>

389

336

<filename>/etc/crypttab</filename>, but it would then be

390

337

impossible to enter a password for the encrypted root disk at

391

338

the console, since this program does not read from the console

392

at all. This is why a separate plugin runner (<citerefentry>

393

<refentrytitle>plugin-runner</refentrytitle>

394

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

395

both this program and others in in parallel,

396

<emphasis>one</emphasis> of which will prompt for passwords on

397

the system console.

339

at all. This is why a separate plugin (<citerefentry>

340

<refentrytitle>password-prompt</refentrytitle>

341

<manvolnum>8mandos</manvolnum></citerefentry>) does that, which

342

will be run in parallell to this one by the plugin runner.

398

343

</para>

399

344

</refsect1>

400

345

405

350

server could be found and the password received from it could be

406

351

successfully decrypted and output on standard output. The

407

352

program will exit with a non-zero exit status only if a critical

408

error occurs. Otherwise, it will forever connect to any

409

discovered <application>Mandos</application> servers, trying to

410

get a decryptable password and print it.

353

error occurs. Otherwise, it will forever connect to new

354

<application>Mandos</application> servers as they appear, trying

355

to get a decryptable password.

411

356

</para>

412

357

</refsect1>

413

358

421

366

</para>

422

367

</refsect1>

423

368

424

369

425

370

<title>FILES</title>

426

371

427

372

446

391

447

392

448

393

449

394

450

395

451

396

<title>EXAMPLE</title>

452

397

<para>

466

411

</informalexample>

467

412

468

413

<para>

469

Search for Mandos servers (and connect to them) using another

470

interface:

414

Search for Mandos servers on another interface:

471

415

</para>

472

416

<para>

473

417

476

420

</informalexample>

477

421

478

422

<para>

479

Run in debug mode, and use a custom key:

423

Run in debug mode, and use a custom key directory:

480

424

</para>

481

425

<para>

482

483

484

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt</userinput>

485

426

427

<userinput>&COMMANDNAME; --debug --keydir keydir</userinput>

486

428

</para>

487

429

</informalexample>

488

430

489

431

<para>

490

Run in debug mode, with a custom key, and do not use Zeroconf

491

to locate a server; connect directly to the IPv6 link-local

432

Run in debug mode, with a custom key directory, and do not use

433

Zeroconf to locate a server; connect directly to the IPv6

492

434

address <quote><systemitem class="ipaddress"

493

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

494

using interface eth2:

435

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

436

port 4711, using interface eth2:

495

437

</para>

496

438

<para>

497

439

498

440

499

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

441

<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

500

442

501

443

</para>

502

444

</informalexample>

503

445

</refsect1>

504

446

505

447

506

448

<title>SECURITY</title>

507

449

<para>

527

469

The only remaining weak point is that someone with physical

528

470

access to the client hard drive might turn off the client

529

471

computer, read the OpenPGP keys directly from the hard drive,

530

and communicate with the server. To safeguard against this, the

531

server is supposed to notice the client disappearing and stop

532

giving out the encrypted data. Therefore, it is important to

533

set the timeout and checker interval values tightly on the

534

server. See <citerefentry><refentrytitle

472

and communicate with the server. The defense against this is

473

that the server is supposed to notice the client disappearing

474

and will stop giving out the encrypted data. Therefore, it is

475

important to set the timeout and checker interval values tightly

476

on the server. See <citerefentry><refentrytitle

535

477

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

536

478

</para>

537

479

<para>

548

490

confidential.

549

491

</para>

550

492

</refsect1>

551

493

552

494

553

495

554

496

<para>

555

<citerefentry><refentrytitle>intro</refentrytitle>

556

<manvolnum>8mandos</manvolnum></citerefentry>,

557

497

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

558

498

<manvolnum>8</manvolnum></citerefentry>,

559

499

<citerefentry><refentrytitle>crypttab</refentrytitle>

681

621

</varlistentry>

682

622

</variablelist>

683

623

</refsect1>

624

684

625

</refentry>

685

686

626

687

627

688

628

Older »