/mandos/release : revision 90

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-19 13:25:14 UTC
Revision ID: teddy@fukt.bsnet.se-20080819132514-wawrvgmfjovg9poj

* Makefile (DOCBOOKTOMAN): Added "--xinclude".

* mandos-options.xml: New file; moved mandos(8) option descriptions
                      here.

* mandos.conf.xml: Add XInclude namespace.
  (OPTIONS): New separate section with options from old "DESCRIPTION"
             section.  Changed all options to include a synopsis and
             include its paragraph from "mandos-options.xml".
  (FILES): Moved to before "EXAMPLES".
  (BUGS): New section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).  Unindented
              example text.

* mandos.xml: Removed OVERVIEW entity.  Add XInclude namespace.
  (OPTIONS): Moved all descriptive paragraphs to "mandos-options.xml"
             and just <xi:include/> them from here.
  (OVERVIEW): Changed to do <xi:include/>.

* overview.xml: Added DOCTYPE; reportedly needed for XInclude to work.

files removed:
.bzrignore

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

100

<sbr/>

101

<arg><option>--servicename

102

103

<sbr/>

104

<arg><option>--configdir

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

111

112

113

114

</group>

115

</cmdsynopsis>

116

100

117

101

<command>&COMMANDNAME;</command>

118

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

119

103

</cmdsynopsis>

120

104

121

105

<command>&COMMANDNAME;</command>

122

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

123

107

</cmdsynopsis>

124

108

</refsynopsisdiv>

125

109

157

141

158

142

159

143

160

161

144

162

145

163

146

<para>

164

147

Show a help message and exit

167

150

</varlistentry>

168

151

169

152

170

171

172

<term><option>--interface</option>

173

153

<term><literal>-i</literal>, <literal>--interface <replaceable>

154

IF</replaceable></literal></term>

174

155

175

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

176

157

</listitem>

293

274

294

275

</row>

295

276

<row>

296

277

297

278

298

279

</row>

299

280

<row>

329

310

longer eligible to receive the encrypted password. The timeout,

330

311

checker program, and interval between checks can be configured

331

312

both globally and per client; see <citerefentry>

313

<refentrytitle>mandos.conf</refentrytitle>

314

332

315

<refentrytitle>mandos-clients.conf</refentrytitle>

333

316

<manvolnum>5</manvolnum></citerefentry>.

334

317

</para>

337

320

338

321

<title>LOGGING</title>

339

322

<para>

340

The server will send log message with various severity levels to

341

<filename>/dev/log</filename>. With the

323

The server will send log messaged with various severity levels

324

to <filename>/dev/log</filename>. With the

342

325

<option>--debug</option> option, it will log even more messages,

343

326

and also show them on the console.

344

327

</para>

356

339

<title>ENVIRONMENT</title>

357

340

358

341

359

342

360

343

361

344

<para>

362

345

To start the configured checker (see <xref

365

348

<varname>PATH</varname> to search for matching commands if

366

349

an absolute path is not given. See <citerefentry>

367

350

368

</citerefentry>.

351

</citerefentry>

369

352

</para>

370

353

</listitem>

371

354

</varlistentry>

467

450

Normal invocation needs no options:

468

451

</para>

469

452

<para>

470

<userinput>&COMMANDNAME;</userinput>

453

<userinput>mandos</userinput>

471

454

</para>

472

455

</informalexample>

473

456

480

463

<para>

481

464

482

465

483

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

466

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

484

467

485

468

</para>

486

469

</informalexample>

492

475

<para>

493

476

494

477

495

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

478

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

496

479

497

480

</para>

498

481

</informalexample>

555

538

556

539

557

540

558

<para>

559

560

<refentrytitle>mandos-clients.conf</refentrytitle>

561

562

<refentrytitle>mandos.conf</refentrytitle>

563

564

<refentrytitle>password-request</refentrytitle>

565

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

566

567

</citerefentry>

568

</para>

569

541

570

542

571

543

<term>

544

545

<refentrytitle>password-request</refentrytitle>

546

<manvolnum>8mandos</manvolnum>

547

</citerefentry>

548

</term>

549

550

<para>

551

This is the actual program which talks to this server.

552

Note that it is normally not invoked directly, and is only

553

run in the initial RAM disk environment, and not on a

554

fully started system.

555

</para>

556

</listitem>

557

</varlistentry>

558

559

<term>

572

560

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

573

561

</term>

574

562

591

579

</varlistentry>

592

580

593

581

<term>

594

<ulink url="http://www.gnu.org/software/gnutls/"

595

>GnuTLS</ulink>

582

<ulink

583

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

596

584

</term>

597

585

598

586

<para>

604

592

</varlistentry>

605

593

606

594

<term>

607

RFC 4291: <citetitle>IP Version 6 Addressing

608

Architecture</citetitle>

595

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

596

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

597

Unicast Addresses</citation>

609

598

</term>

610

599

611

612

613

<term>Section 2.2: <citetitle>Text Representation of

614

Addresses</citetitle></term>

615

616

</varlistentry>

617

618

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

619

Address</citetitle></term>

620

621

</varlistentry>

622

623

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

624

Addresses</citetitle></term>

625

626

<para>

627

The clients use IPv6 link-local addresses, which are

628

immediately usable since a link-local addresses is

629

automatically assigned to a network interfaces when it

630

is brought up.

631

</para>

632

</listitem>

633

</varlistentry>

634

</variablelist>

600

<para>

601

The clients use IPv6 link-local addresses, which are

602

immediately usable since a link-local addresses is

603

automatically assigned to a network interfaces when it is

604

brought up.

605

</para>

635

606

</listitem>

636

607

</varlistentry>

637

608

638

609

<term>

639

RFC 4346: <citetitle>The Transport Layer Security (TLS)

640

Protocol Version 1.1</citetitle>

610

<citation>RFC 4346: <citetitle>The Transport Layer Security

611

(TLS) Protocol Version 1.1</citetitle></citation>

641

612

</term>

642

613

643

614

<para>

647

618

</varlistentry>

648

619

649

620

<term>

650

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

621

<citation>RFC 4880: <citetitle>OpenPGP Message

622

Format</citetitle></citation>

651

623

</term>

652

624

653

625

<para>

657

629

</varlistentry>

658

630

659

631

<term>

660

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

661

Security</citetitle>

632

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

633

Transport Layer Security</citetitle></citation>

662

634

</term>

663

635

664

636

<para>

670

642

</variablelist>

671

643

</refsect1>

672

644

</refentry>

673

674

675

676

677

Older »