/mandos/release : revision 90

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-19 13:25:14 UTC
Revision ID: teddy@fukt.bsnet.se-20080819132514-wawrvgmfjovg9poj

* Makefile (DOCBOOKTOMAN): Added "--xinclude".

* mandos-options.xml: New file; moved mandos(8) option descriptions
                      here.

* mandos.conf.xml: Add XInclude namespace.
  (OPTIONS): New separate section with options from old "DESCRIPTION"
             section.  Changed all options to include a synopsis and
             include its paragraph from "mandos-options.xml".
  (FILES): Moved to before "EXAMPLES".
  (BUGS): New section.
  (EXAMPLES): Renamed to "EXAMPLE", as per man-pages(7).  Unindented
              example text.

* mandos.xml: Removed OVERVIEW entity.  Add XInclude namespace.
  (OPTIONS): Moved all descriptive paragraphs to "mandos-options.xml"
             and just <xi:include/> them from here.
  (OVERVIEW): Changed to do <xi:include/>.

* overview.xml: Added DOCTYPE; reportedly needed for XInclude to work.

files removed:
.bzrignore

files modified:
Makefile

TODO

clients.conf

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<title>Mandos Manual</title>

<title>&COMMANDNAME;</title>

<productname>Mandos</productname>

<productname>&COMMANDNAME;</productname>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<refname><command>&COMMANDNAME;</command></refname>

Gives encrypted passwords to authenticated Mandos clients

Sends encrypted passwords to authenticated Mandos clients

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

<arg choice="plain"><option>--address

<replaceable>ADDRESS</replaceable></option></arg>

<arg choice="plain"><option>-a

<replaceable>ADDRESS</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--port

<arg choice="plain"><option>-p

</group>

<sbr/>

<arg><option>--priority

<replaceable>PRIORITY</replaceable></option></arg>

100

<sbr/>

101

<arg><option>--servicename

102

103

<sbr/>

104

<arg><option>--configdir

105

<replaceable>DIRECTORY</replaceable></option></arg>

106

<sbr/>

107

<arg><option>--debug</option></arg>

<arg>--interface<arg choice="plain">IF</arg></arg>

<arg>--address<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

</cmdsynopsis>

<command>&COMMANDNAME;</command>

<arg>-a<arg choice="plain">ADDRESS</arg></arg>

<arg>--priority<arg choice="plain">PRIORITY</arg></arg>

<arg>--servicename<arg choice="plain">NAME</arg></arg>

<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>

<arg>--debug</arg>

108

</cmdsynopsis>

109

110

<command>&COMMANDNAME;</command>

111

112

113

114

</group>

115

</cmdsynopsis>

116

100

117

101

<command>&COMMANDNAME;</command>

118

<arg choice="plain"><option>--version</option></arg>

102

<arg choice="plain">--version</arg>

119

103

</cmdsynopsis>

120

104

121

105

<command>&COMMANDNAME;</command>

122

<arg choice="plain"><option>--check</option></arg>

106

<arg choice="plain">--check</arg>

123

107

</cmdsynopsis>

124

108

</refsynopsisdiv>

125

109

149

133

<emphasis>encrypted root file system</emphasis>. See <xref

150

134

linkend="overview"/> for details.

151

135

</para>

152

136

153

137

</refsect1>

154

138

155

139

156

140

<title>OPTIONS</title>

157

141

158

142

159

143

160

161

144

162

145

163

146

<para>

164

147

Show a help message and exit

165

148

</para>

166

149

</listitem>

167

150

</varlistentry>

168

151

169

152

170

<term><option>--interface</option>

171

172

173

153

<term><literal>-i</literal>, <literal>--interface <replaceable>

154

IF</replaceable></literal></term>

174

155

175

156

<xi:include href="mandos-options.xml" xpointer="interface"/>

176

157

</listitem>

177

158

</varlistentry>

178

159

179

160

180

<term><option>--address

181

<replaceable>ADDRESS</replaceable></option></term>

182

<term><option>-a

183

<replaceable>ADDRESS</replaceable></option></term>

161

<term><literal>-a</literal>, <literal>--address <replaceable>

162

ADDRESS</replaceable></literal></term>

184

163

185

164

<xi:include href="mandos-options.xml" xpointer="address"/>

186

165

</listitem>

187

166

</varlistentry>

188

167

189

168

190

<term><option>--port

191

192

<term><option>-p

193

169

170

PORT</replaceable></literal></term>

194

171

195

172

<xi:include href="mandos-options.xml" xpointer="port"/>

196

173

</listitem>

197

174

</varlistentry>

198

175

199

176

200

<term><option>--check</option></term>

177

<term><literal>--check</literal></term>

201

178

202

179

<para>

203

180

Run the server’s self-tests. This includes any unit

205

182

</para>

206

183

</listitem>

207

184

</varlistentry>

208

185

209

186

210

<term><option>--debug</option></term>

187

<term><literal>--debug</literal></term>

211

188

212

189

<xi:include href="mandos-options.xml" xpointer="debug"/>

213

190

</listitem>

214

191

</varlistentry>

215

192

216

193

217

<term><option>--priority <replaceable>

218

PRIORITY</replaceable></option></term>

194

<term><literal>--priority <replaceable>

195

PRIORITY</replaceable></literal></term>

219

196

220

197

<xi:include href="mandos-options.xml" xpointer="priority"/>

221

198

</listitem>

222

199

</varlistentry>

223

200

224

201

225

<term><option>--servicename

226

202

<term><literal>--servicename <replaceable>NAME</replaceable>

203

</literal></term>

227

204

228

205

<xi:include href="mandos-options.xml"

229

206

xpointer="servicename"/>

231

208

</varlistentry>

232

209

233

210

234

<term><option>--configdir

235

<replaceable>DIRECTORY</replaceable></option></term>

211

<term><literal>--configdir <replaceable>DIR</replaceable>

212

</literal></term>

236

213

237

214

<para>

238

215

Directory to search for configuration files. Default is

246

223

</varlistentry>

247

224

248

225

249

<term><option>--version</option></term>

226

<term><literal>--version</literal></term>

250

227

251

228

<para>

252

229

Prints the program version and exit.

297

274

298

275

</row>

299

276

<row>

300

277

301

278

302

279

</row>

303

280

<row>

333

310

longer eligible to receive the encrypted password. The timeout,

334

311

checker program, and interval between checks can be configured

335

312

both globally and per client; see <citerefentry>

313

<refentrytitle>mandos.conf</refentrytitle>

314

336

315

<refentrytitle>mandos-clients.conf</refentrytitle>

337

316

<manvolnum>5</manvolnum></citerefentry>.

338

317

</para>

341

320

342

321

<title>LOGGING</title>

343

322

<para>

344

The server will send log message with various severity levels to

345

<filename>/dev/log</filename>. With the

323

The server will send log messaged with various severity levels

324

to <filename>/dev/log</filename>. With the

346

325

<option>--debug</option> option, it will log even more messages,

347

326

and also show them on the console.

348

327

</para>

360

339

<title>ENVIRONMENT</title>

361

340

362

341

363

342

364

343

365

344

<para>

366

345

To start the configured checker (see <xref

369

348

<varname>PATH</varname> to search for matching commands if

370

349

an absolute path is not given. See <citerefentry>

371

350

372

</citerefentry>.

351

</citerefentry>

373

352

</para>

374

353

</listitem>

375

354

</varlistentry>

471

450

Normal invocation needs no options:

472

451

</para>

473

452

<para>

474

<userinput>&COMMANDNAME;</userinput>

453

<userinput>mandos</userinput>

475

454

</para>

476

455

</informalexample>

477

456

484

463

<para>

485

464

486

465

487

<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>

466

<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>

488

467

489

468

</para>

490

469

</informalexample>

496

475

<para>

497

476

498

477

499

<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

478

<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>

500

479

501

480

</para>

502

481

</informalexample>

559

538

560

539

561

540

562

<para>

563

564

<refentrytitle>mandos-clients.conf</refentrytitle>

565

566

<refentrytitle>mandos.conf</refentrytitle>

567

568

<refentrytitle>password-request</refentrytitle>

569

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

570

571

</citerefentry>

572

</para>

573

541

574

542

575

543

<term>

544

545

<refentrytitle>password-request</refentrytitle>

546

<manvolnum>8mandos</manvolnum>

547

</citerefentry>

548

</term>

549

550

<para>

551

This is the actual program which talks to this server.

552

Note that it is normally not invoked directly, and is only

553

run in the initial RAM disk environment, and not on a

554

fully started system.

555

</para>

556

</listitem>

557

</varlistentry>

558

559

<term>

576

560

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

577

561

</term>

578

562

595

579

</varlistentry>

596

580

597

581

<term>

598

<ulink url="http://www.gnu.org/software/gnutls/"

599

>GnuTLS</ulink>

582

<ulink

583

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

600

584

</term>

601

585

602

586

<para>

608

592

</varlistentry>

609

593

610

594

<term>

611

RFC 4291: <citetitle>IP Version 6 Addressing

612

Architecture</citetitle>

595

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

596

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

597

Unicast Addresses</citation>

613

598

</term>

614

599

615

616

617

<term>Section 2.2: <citetitle>Text Representation of

618

Addresses</citetitle></term>

619

620

</varlistentry>

621

622

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

623

Address</citetitle></term>

624

625

</varlistentry>

626

627

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

628

Addresses</citetitle></term>

629

630

<para>

631

The clients use IPv6 link-local addresses, which are

632

immediately usable since a link-local addresses is

633

automatically assigned to a network interfaces when it

634

is brought up.

635

</para>

636

</listitem>

637

</varlistentry>

638

</variablelist>

600

<para>

601

The clients use IPv6 link-local addresses, which are

602

immediately usable since a link-local addresses is

603

automatically assigned to a network interfaces when it is

604

brought up.

605

</para>

639

606

</listitem>

640

607

</varlistentry>

641

608

642

609

<term>

643

RFC 4346: <citetitle>The Transport Layer Security (TLS)

644

Protocol Version 1.1</citetitle>

610

<citation>RFC 4346: <citetitle>The Transport Layer Security

611

(TLS) Protocol Version 1.1</citetitle></citation>

645

612

</term>

646

613

647

614

<para>

651

618

</varlistentry>

652

619

653

620

<term>

654

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

621

<citation>RFC 4880: <citetitle>OpenPGP Message

622

Format</citetitle></citation>

655

623

</term>

656

624

657

625

<para>

661

629

</varlistentry>

662

630

663

631

<term>

664

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

665

Security</citetitle>

632

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

633

Transport Layer Security</citetitle></citation>

666

634

</term>

667

635

668

636

<para>

674

642

</variablelist>

675

643

</refsect1>

676

644

</refentry>

677

678

679

680

681

Older »