/mandos/release

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/release

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-22 00:16:20 UTC
  • mfrom: (24.1.57 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20080822001620-vxpn1evy0t0kyvj0
* clients.conf ([DEFAULT]/checker): Update to new default value.

* mandos (Client.start_checker): Bug fix: OSError, not
                                 subprocess.OSError.
  (main): Use "fping -q -- %(host)s" instead of "fping -q --
          %%(host)s" as default value for "checker".  Always redirect
          stdin to be from /dev/null, even if in debug mode.

* mandos-clients.conf.xml (DESCRIPTION): Improved wording and refer to
                                         the EXPANSION section.
  (OPTIONS): Added synopsis and improved wording for "checker",
             "fingerprint", and "secret".  Refer to the RUNTIME
             EXPANSION section for the "checker" option.
  (EXAMPLE): Update to new default value for "checker".

* mandos-keygen (trap): Split lines and add "set +e".

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos">
6
 
<!ENTITY TIMESTAMP "2008-08-31">
7
6
]>
8
7
 
9
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
9
  <refentryinfo>
11
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
12
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
 
    <productname>Mandos</productname>
 
12
    <productname>&COMMANDNAME;</productname>
14
13
    <productnumber>&VERSION;</productnumber>
15
 
    <date>&TIMESTAMP;</date>
16
14
    <authorgroup>
17
15
      <author>
18
16
        <firstname>Björn</firstname>
67
65
  <refnamediv>
68
66
    <refname><command>&COMMANDNAME;</command></refname>
69
67
    <refpurpose>
70
 
      Gives encrypted passwords to authenticated Mandos clients
 
68
      Sends encrypted passwords to authenticated Mandos clients
71
69
    </refpurpose>
72
70
  </refnamediv>
73
71
 
74
72
  <refsynopsisdiv>
75
73
    <cmdsynopsis>
76
74
      <command>&COMMANDNAME;</command>
77
 
      <group>
78
 
        <arg choice="plain"><option>--interface
79
 
        <replaceable>NAME</replaceable></option></arg>
80
 
        <arg choice="plain"><option>-i
81
 
        <replaceable>NAME</replaceable></option></arg>
82
 
      </group>
83
 
      <sbr/>
84
 
      <group>
85
 
        <arg choice="plain"><option>--address
86
 
        <replaceable>ADDRESS</replaceable></option></arg>
87
 
        <arg choice="plain"><option>-a
88
 
        <replaceable>ADDRESS</replaceable></option></arg>
89
 
      </group>
90
 
      <sbr/>
91
 
      <group>
92
 
        <arg choice="plain"><option>--port
93
 
        <replaceable>PORT</replaceable></option></arg>
94
 
        <arg choice="plain"><option>-p
95
 
        <replaceable>PORT</replaceable></option></arg>
96
 
      </group>
97
 
      <sbr/>
98
 
      <arg><option>--priority
99
 
      <replaceable>PRIORITY</replaceable></option></arg>
100
 
      <sbr/>
101
 
      <arg><option>--servicename
102
 
      <replaceable>NAME</replaceable></option></arg>
103
 
      <sbr/>
104
 
      <arg><option>--configdir
105
 
      <replaceable>DIRECTORY</replaceable></option></arg>
106
 
      <sbr/>
107
 
      <arg><option>--debug</option></arg>
 
75
      <arg>--interface<arg choice="plain">IF</arg></arg>
 
76
      <arg>--address<arg choice="plain">ADDRESS</arg></arg>
 
77
      <arg>--port<arg choice="plain">PORT</arg></arg>
 
78
      <arg>--priority<arg choice="plain">PRIORITY</arg></arg>
 
79
      <arg>--servicename<arg choice="plain">NAME</arg></arg>
 
80
      <arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
 
81
      <arg>--debug</arg>
 
82
    </cmdsynopsis>
 
83
    <cmdsynopsis>
 
84
      <command>&COMMANDNAME;</command>
 
85
      <arg>-i<arg choice="plain">IF</arg></arg>
 
86
      <arg>-a<arg choice="plain">ADDRESS</arg></arg>
 
87
      <arg>-p<arg choice="plain">PORT</arg></arg>
 
88
      <arg>--priority<arg choice="plain">PRIORITY</arg></arg>
 
89
      <arg>--servicename<arg choice="plain">NAME</arg></arg>
 
90
      <arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
 
91
      <arg>--debug</arg>
108
92
    </cmdsynopsis>
109
93
    <cmdsynopsis>
110
94
      <command>&COMMANDNAME;</command>
111
95
      <group choice="req">
112
 
        <arg choice="plain"><option>--help</option></arg>
113
 
        <arg choice="plain"><option>-h</option></arg>
 
96
        <arg choice="plain">-h</arg>
 
97
        <arg choice="plain">--help</arg>
114
98
      </group>
115
99
    </cmdsynopsis>
116
100
    <cmdsynopsis>
117
101
      <command>&COMMANDNAME;</command>
118
 
      <arg choice="plain"><option>--version</option></arg>
 
102
      <arg choice="plain">--version</arg>
119
103
    </cmdsynopsis>
120
104
    <cmdsynopsis>
121
105
      <command>&COMMANDNAME;</command>
122
 
      <arg choice="plain"><option>--check</option></arg>
 
106
      <arg choice="plain">--check</arg>
123
107
    </cmdsynopsis>
124
108
  </refsynopsisdiv>
125
109
 
157
141
 
158
142
    <variablelist>
159
143
      <varlistentry>
160
 
        <term><option>-h</option></term>
161
 
        <term><option>--help</option></term>
 
144
        <term><literal>-h</literal>, <literal>--help</literal></term>
162
145
        <listitem>
163
146
          <para>
164
147
            Show a help message and exit
167
150
      </varlistentry>
168
151
 
169
152
      <varlistentry>
170
 
        <term><option>-i</option>
171
 
        <replaceable>NAME</replaceable></term>
172
 
        <term><option>--interface</option>
173
 
        <replaceable>NAME</replaceable></term>
 
153
        <term><literal>-i</literal>, <literal>--interface <replaceable>
 
154
        IF</replaceable></literal></term>
174
155
        <listitem>
175
156
          <xi:include href="mandos-options.xml" xpointer="interface"/>
176
157
        </listitem>
356
337
    <title>ENVIRONMENT</title>
357
338
    <variablelist>
358
339
      <varlistentry>
359
 
        <term><envar>PATH</envar></term>
 
340
        <term><varname>PATH</varname></term>
360
341
        <listitem>
361
342
          <para>
362
343
            To start the configured checker (see <xref
467
448
        Normal invocation needs no options:
468
449
      </para>
469
450
      <para>
470
 
        <userinput>&COMMANDNAME;</userinput>
 
451
        <userinput>mandos</userinput>
471
452
      </para>
472
453
    </informalexample>
473
454
    <informalexample>
480
461
      <para>
481
462
 
482
463
<!-- do not wrap this line -->
483
 
<userinput>&COMMANDNAME; --debug --configdir ~/mandos --servicename Test</userinput>
 
464
<userinput>mandos --debug --configdir ~/mandos --servicename Test</userinput>
484
465
 
485
466
      </para>
486
467
    </informalexample>
492
473
      <para>
493
474
 
494
475
<!-- do not wrap this line -->
495
 
<userinput>&COMMANDNAME; --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
 
476
<userinput>mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2</userinput>
496
477
 
497
478
      </para>
498
479
    </informalexample>
557
538
    <title>SEE ALSO</title>
558
539
    <para>
559
540
      <citerefentry>
 
541
        <refentrytitle>mandos.conf</refentrytitle>
 
542
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
560
543
        <refentrytitle>mandos-clients.conf</refentrytitle>
561
544
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
562
 
        <refentrytitle>mandos.conf</refentrytitle>
563
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
564
545
        <refentrytitle>password-request</refentrytitle>
565
546
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
566
547
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
591
572
      </varlistentry>
592
573
      <varlistentry>
593
574
        <term>
594
 
          <ulink url="http://www.gnu.org/software/gnutls/"
595
 
          >GnuTLS</ulink>
 
575
          <ulink
 
576
              url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>
596
577
        </term>
597
578
      <listitem>
598
579
        <para>
604
585
      </varlistentry>
605
586
      <varlistentry>
606
587
        <term>
607
 
          RFC 4291: <citetitle>IP Version 6 Addressing
608
 
          Architecture</citetitle>
 
588
          <citation>RFC 4291: <citetitle>IP Version 6 Addressing
 
589
          Architecture</citetitle>, section 2.5.6, Link-Local IPv6
 
590
          Unicast Addresses</citation>
609
591
        </term>
610
592
        <listitem>
611
 
          <variablelist>
612
 
            <varlistentry>
613
 
              <term>Section 2.2: <citetitle>Text Representation of
614
 
              Addresses</citetitle></term>
615
 
              <listitem><para/></listitem>
616
 
            </varlistentry>
617
 
            <varlistentry>
618
 
              <term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6
619
 
              Address</citetitle></term>
620
 
              <listitem><para/></listitem>
621
 
            </varlistentry>
622
 
            <varlistentry>
623
 
            <term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast
624
 
            Addresses</citetitle></term>
625
 
            <listitem>
626
 
              <para>
627
 
                The clients use IPv6 link-local addresses, which are
628
 
                immediately usable since a link-local addresses is
629
 
                automatically assigned to a network interfaces when it
630
 
                is brought up.
631
 
              </para>
632
 
            </listitem>
633
 
            </varlistentry>
634
 
          </variablelist>
 
593
          <para>
 
594
            The clients use IPv6 link-local addresses, which are
 
595
            immediately usable since a link-local addresses is
 
596
            automatically assigned to a network interfaces when it is
 
597
            brought up.
 
598
          </para>
635
599
        </listitem>
636
600
      </varlistentry>
637
601
      <varlistentry>
638
602
        <term>
639
 
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
640
 
          Protocol Version 1.1</citetitle>
 
603
          <citation>RFC 4346: <citetitle>The Transport Layer Security
 
604
          (TLS) Protocol Version 1.1</citetitle></citation>
641
605
        </term>
642
606
      <listitem>
643
607
        <para>
647
611
      </varlistentry>
648
612
      <varlistentry>
649
613
        <term>
650
 
          RFC 4880: <citetitle>OpenPGP Message Format</citetitle>
 
614
          <citation>RFC 4880: <citetitle>OpenPGP Message
 
615
          Format</citetitle></citation>
651
616
        </term>
652
617
      <listitem>
653
618
        <para>
657
622
      </varlistentry>
658
623
      <varlistentry>
659
624
        <term>
660
 
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
661
 
          Security</citetitle>
 
625
          <citation>RFC 5081: <citetitle>Using OpenPGP Keys for
 
626
          Transport Layer Security</citetitle></citation>
662
627
        </term>
663
628
      <listitem>
664
629
        <para>
670
635
    </variablelist>
671
636
  </refsect1>
672
637
</refentry>
673
 
<!-- Local Variables: -->
674
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
675
 
<!-- time-stamp-end: "[\"']>" -->
676
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
677
 
<!-- End: -->