/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2014-06-06 02:29:14 UTC
  • Revision ID: teddy@recompile.se-20140606022914-qc2q0bg0rtus8s2g
Tags: version-1.6.5-3
* debian/changelog (1.6.5-3): New entry.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2015-06-29">
 
5
<!ENTITY TIMESTAMP "2014-03-05">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
36
36
      <year>2012</year>
37
37
      <year>2013</year>
38
38
      <year>2014</year>
39
 
      <year>2015</year>
40
39
      <holder>Teddy Hogeborn</holder>
41
40
      <holder>Björn Påhlsson</holder>
42
41
    </copyright>
445
444
  
446
445
  <refsect1 id="environment">
447
446
    <title>ENVIRONMENT</title>
448
 
    <variablelist>
449
 
      <varlistentry>
450
 
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
451
 
        <listitem>
452
 
          <para>
453
 
            This environment variable will be assumed to contain the
454
 
            directory containing any helper executables.  The use and
455
 
            nature of these helper executables, if any, is
456
 
            purposefully not documented.
457
 
        </para>
458
 
        </listitem>
459
 
      </varlistentry>
460
 
    </variablelist>
461
447
    <para>
462
 
      This program does not use any other environment variables, not
463
 
      even the ones provided by <citerefentry><refentrytitle
 
448
      This program does not use any environment variables, not even
 
449
      the ones provided by <citerefentry><refentrytitle
464
450
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
465
451
    </citerefentry>.
466
452
    </para>
762
748
    <para>
763
749
      It will also help if the checker program on the server is
764
750
      configured to request something from the client which can not be
765
 
      spoofed by someone else on the network, like SSH server key
766
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
767
 
      echo (<quote>ping</quote>) replies.
 
751
      spoofed by someone else on the network, unlike unencrypted
 
752
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
768
753
    </para>
769
754
    <para>
770
755
      <emphasis>Note</emphasis>: This makes it completely insecure to