/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-10-24 20:25:54 UTC
  • mfrom: (237.7.182 trunk)
  • Revision ID: teddy@recompile.se-20131024202554-nb00jm6khi280lum
Merge from trunk.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2015-07-06">
 
5
<!ENTITY TIMESTAMP "2013-10-20">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
37
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
38
      <holder>Teddy Hogeborn</holder>
41
39
      <holder>Björn Påhlsson</holder>
42
40
    </copyright>
221
219
            assumed to separate the address from the port number.
222
220
          </para>
223
221
          <para>
224
 
            Normally, Zeroconf would be used to locate Mandos servers,
225
 
            in which case this option would only be used when testing
226
 
            and debugging.
 
222
            This option is normally only useful for testing and
 
223
            debugging.
227
224
          </para>
228
225
        </listitem>
229
226
      </varlistentry>
262
259
          <para>
263
260
            <replaceable>NAME</replaceable> can be the string
264
261
            <quote><literal>none</literal></quote>; this will make
265
 
            <command>&COMMANDNAME;</command> only bring up interfaces
266
 
            specified <emphasis>before</emphasis> this string.  This
267
 
            is not recommended, and only meant for advanced users.
 
262
            <command>&COMMANDNAME;</command> not bring up
 
263
            <emphasis>any</emphasis> interfaces specified
 
264
            <emphasis>after</emphasis> this string.  This is not
 
265
            recommended, and only meant for advanced users.
268
266
          </para>
269
267
        </listitem>
270
268
      </varlistentry>
312
310
        <listitem>
313
311
          <para>
314
312
            Sets the number of bits to use for the prime number in the
315
 
            TLS Diffie-Hellman key exchange.  The default value is
316
 
            selected automatically based on the OpenPGP key.
 
313
            TLS Diffie-Hellman key exchange.  Default is 1024.
317
314
          </para>
318
315
        </listitem>
319
316
      </varlistentry>
446
443
  
447
444
  <refsect1 id="environment">
448
445
    <title>ENVIRONMENT</title>
449
 
    <variablelist>
450
 
      <varlistentry>
451
 
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
452
 
        <listitem>
453
 
          <para>
454
 
            This environment variable will be assumed to contain the
455
 
            directory containing any helper executables.  The use and
456
 
            nature of these helper executables, if any, is
457
 
            purposefully not documented.
458
 
        </para>
459
 
        </listitem>
460
 
      </varlistentry>
461
 
    </variablelist>
462
446
    <para>
463
 
      This program does not use any other environment variables, not
464
 
      even the ones provided by <citerefentry><refentrytitle
 
447
      This program does not use any environment variables, not even
 
448
      the ones provided by <citerefentry><refentrytitle
465
449
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
466
450
    </citerefentry>.
467
451
    </para>
763
747
    <para>
764
748
      It will also help if the checker program on the server is
765
749
      configured to request something from the client which can not be
766
 
      spoofed by someone else on the network, like SSH server key
767
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
768
 
      echo (<quote>ping</quote>) replies.
 
750
      spoofed by someone else on the network, unlike unencrypted
 
751
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
769
752
    </para>
770
753
    <para>
771
754
      <emphasis>Note</emphasis>: This makes it completely insecure to