/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

• browse files at revision 246
• compare with another revision
• download diff
• download tarball
• view history from revision 246

• reverse the comparison (246 to 24.1.80)
• stop comparing with revision 24.1.80

Show diffs side-by-side

added

removed

mandos.xml

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

 

<!ENTITY VERSION "1.0">

5

4

<!ENTITY COMMANDNAME "mandos">

6

 

<!ENTITY TIMESTAMP "2008-09-01">

 

5

<!ENTITY TIMESTAMP "2009-01-04">

 

6

<!ENTITY % common SYSTEM "common.ent">

 

7

%common;

7

8

]>

8

9

 

9

10

<refentry xmlns:xi="http://www.w3.org/2001/XInclude">

10

 

  <refentryinfo>

 

11

   <refentryinfo>

11

12

    <title>Mandos Manual</title>

12

13

    <!-- NWalsh’s docbook scripts use this to generate the footer: -->

13

14

    <productname>Mandos</productname>

14

 

    <productnumber>&VERSION;</productnumber>

 

15

    <productnumber>&version;</productnumber>

15

16

    <date>&TIMESTAMP;</date>

16

17

    <authorgroup>

17

18

      <author>

31

32

    </authorgroup>

32

33

    <copyright>

33

34

      <year>2008</year>

 

35

      <year>2009</year>

34

36

      <holder>Teddy Hogeborn</holder>

35

37

      <holder>Björn Påhlsson</holder>

36

38

    </copyright>

37

39

    <xi:include href="legalnotice.xml"/>

38

40

  </refentryinfo>

39

 

 

 

41

  

40

42

  <refmeta>

41

43

    <refentrytitle>&COMMANDNAME;</refentrytitle>

42

44

    <manvolnum>8</manvolnum>

48

50

      Gives encrypted passwords to authenticated Mandos clients

49

51

    </refpurpose>

50

52

  </refnamediv>

51

 

 

 

53

  

52

54

  <refsynopsisdiv>

53

55

    <cmdsynopsis>

54

56

      <command>&COMMANDNAME;</command>

100

102

      <arg choice="plain"><option>--check</option></arg>

101

103

    </cmdsynopsis>

102

104

  </refsynopsisdiv>

103

 

 

 

105

  

104

106

  <refsect1 id="description">

105

107

    <title>DESCRIPTION</title>

106

108

    <para>

115

117

      Any authenticated client is then given the stored pre-encrypted

116

118

      password for that specific client.

117

119

    </para>

118

 

 

119

120

  </refsect1>

120

121

  

121

122

  <refsect1 id="purpose">

122

123

    <title>PURPOSE</title>

123

 

 

124

124

    <para>

125

125

      The purpose of this is to enable <emphasis>remote and unattended

126

126

      rebooting</emphasis> of client host computer with an

127

127

      <emphasis>encrypted root file system</emphasis>.  See <xref

128

128

      linkend="overview"/> for details.

129

129

    </para>

130

 

    

131

130

  </refsect1>

132

131

  

133

132

  <refsect1 id="options">

134

133

    <title>OPTIONS</title>

135

 

    

136

134

    <variablelist>

137

135

      <varlistentry>

138

136

        <term><option>--help</option></term>

190

188

          <xi:include href="mandos-options.xml" xpointer="debug"/>

191

189

        </listitem>

192

190

      </varlistentry>

193

 

 

 

191

      

194

192

      <varlistentry>

195

193

        <term><option>--priority <replaceable>

196

194

        PRIORITY</replaceable></option></term>

198

196

          <xi:include href="mandos-options.xml" xpointer="priority"/>

199

197

        </listitem>

200

198

      </varlistentry>

201

 

 

 

199

      

202

200

      <varlistentry>

203

201

        <term><option>--servicename

204

202

        <replaceable>NAME</replaceable></option></term>

207

205

                      xpointer="servicename"/>

208

206

        </listitem>

209

207

      </varlistentry>

210

 

 

 

208

      

211

209

      <varlistentry>

212

210

        <term><option>--configdir

213

211

        <replaceable>DIRECTORY</replaceable></option></term>

222

220

          </para>

223

221

        </listitem>

224

222

      </varlistentry>

225

 

 

 

223

      

226

224

      <varlistentry>

227

225

        <term><option>--version</option></term>

228

226

        <listitem>

233

231

      </varlistentry>

234

232

    </variablelist>

235

233

  </refsect1>

236

 

 

 

234

  

237

235

  <refsect1 id="overview">

238

236

    <title>OVERVIEW</title>

239

237

    <xi:include href="overview.xml"/>

243

241

      <acronym>RAM</acronym> disk environment.

244

242

    </para>

245

243

  </refsect1>

246

 

 

 

244

  

247

245

  <refsect1 id="protocol">

248

246

    <title>NETWORK PROTOCOL</title>

249

247

    <para>

301

299

      </row>

302

300

    </tbody></tgroup></table>

303

301

  </refsect1>

304

 

 

 

302

  

305

303

  <refsect1 id="checking">

306

304

    <title>CHECKING</title>

307

305

    <para>

315

313

      <manvolnum>5</manvolnum></citerefentry>.

316

314

    </para>

317

315

  </refsect1>

318

 

 

 

316

  

319

317

  <refsect1 id="logging">

320

318

    <title>LOGGING</title>

321

319

    <para>

325

323

      and also show them on the console.

326

324

    </para>

327

325

  </refsect1>

328

 

 

 

326

  

329

327

  <refsect1 id="exit_status">

330

328

    <title>EXIT STATUS</title>

331

329

    <para>

333

331

      critical error is encountered.

334

332

    </para>

335

333

  </refsect1>

336

 

 

 

334

  

337

335

  <refsect1 id="environment">

338

336

    <title>ENVIRONMENT</title>

339

337

    <variablelist>

353

351

      </varlistentry>

354

352

    </variablelist>

355

353

  </refsect1>

356

 

 

357

 

  <refsect1 id="file">

 

354

  

 

355

  <refsect1 id="files">

358

356

    <title>FILES</title>

359

357

    <para>

360

358

      Use the <option>--configdir</option> option to change where

383

381

        </listitem>

384

382

      </varlistentry>

385

383

      <varlistentry>

386

 

        <term><filename>/var/run/mandos/mandos.pid</filename></term>

 

384

        <term><filename>/var/run/mandos.pid</filename></term>

387

385

        <listitem>

388

386

          <para>

389

387

            The file containing the process id of

424

422

      Currently, if a client is declared <quote>invalid</quote> due to

425

423

      having timed out, the server does not record this fact onto

426

424

      permanent storage.  This has some security implications, see

427

 

      <xref linkend="CLIENTS"/>.

 

425

      <xref linkend="clients"/>.

428

426

    </para>

429

427

    <para>

430

428

      There is currently no way of querying the server of the current

438

436

      Debug mode is conflated with running in the foreground.

439

437

    </para>

440

438

    <para>

441

 

      The console log messages does not show a timestamp.

 

439

      The console log messages does not show a time stamp.

 

440

    </para>

 

441

    <para>

 

442

      This server does not check the expire time of clients’ OpenPGP

 

443

      keys.

442

444

    </para>

443

445

  </refsect1>

444

446

  

479

481

      </para>

480

482

    </informalexample>

481

483

  </refsect1>

482

 

 

 

484

  

483

485

  <refsect1 id="security">

484

486

    <title>SECURITY</title>

485

 

    <refsect2 id="SERVER">

 

487

    <refsect2 id="server">

486

488

      <title>SERVER</title>

487

489

      <para>

488

490

        Running this <command>&COMMANDNAME;</command> server program

489

491

        should not in itself present any security risk to the host

490

 

        computer running it.  The program does not need any special

491

 

        privileges to run, and is designed to run as a non-root user.

 

492

        computer running it.  The program switches to a non-root user

 

493

        soon after startup.

492

494

      </para>

493

495

    </refsect2>

494

 

    <refsect2 id="CLIENTS">

 

496

    <refsect2 id="clients">

495

497

      <title>CLIENTS</title>

496

498

      <para>

497

499

        The server only gives out its stored data to clients which

504

506

        <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

505

507

        <manvolnum>5</manvolnum></citerefentry>)

506

508

        <emphasis>must</emphasis> be made non-readable by anyone

507

 

        except the user running the server.

 

509

        except the user starting the server (usually root).

508

510

      </para>

509

511

      <para>

510

512

        As detailed in <xref linkend="checking"/>, the status of all

529

531

      </para>

530

532

      <para>

531

533

        For more details on client-side security, see

532

 

        <citerefentry><refentrytitle>password-request</refentrytitle>

 

534

        <citerefentry><refentrytitle>mandos-client</refentrytitle>

533

535

        <manvolnum>8mandos</manvolnum></citerefentry>.

534

536

      </para>

535

537

    </refsect2>

536

538

  </refsect1>

537

 

 

 

539

  

538

540

  <refsect1 id="see_also">

539

541

    <title>SEE ALSO</title>

540

542

    <para>

543

545

        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>

544

546

        <refentrytitle>mandos.conf</refentrytitle>

545

547

        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>

546

 

        <refentrytitle>password-request</refentrytitle>

 

548

        <refentrytitle>mandos-client</refentrytitle>

547

549

        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

548

550

        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>

549

551

      </citerefentry>

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0