bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
1 |
Template: mandos/key_id |
2 |
Type: note |
|
|
1222
by teddy at recompile
Fix debconf template syntax |
3 |
Description: New client option "key_id" is REQUIRED on server |
|
1128
by Teddy Hogeborn
Add debconf translation support |
4 |
A new "key_id" client option is REQUIRED in the clients.conf file, |
5 |
otherwise the client most likely will not reboot unattended. This option: |
|
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
6 |
. |
|
1150
by Teddy Hogeborn
Create a debconf translation file |
7 |
key_id = <HEXSTRING> |
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
8 |
. |
|
1128
by Teddy Hogeborn
Add debconf translation support |
9 |
must be added in the file /etc/mandos/clients.conf, right before the |
10 |
"fingerprint" option, for each Mandos client. You must edit that file and |
|
11 |
add this option for all clients. To see the correct key ID for each |
|
12 |
client, run this command (on each client): |
|
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
13 |
. |
|
1150
by Teddy Hogeborn
Create a debconf translation file |
14 |
mandos-keygen -F/dev/null|grep ^key_id |
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
15 |
. |
|
1128
by Teddy Hogeborn
Add debconf translation support |
16 |
Note: the clients must all also be using GnuTLS 3.6.6 or later; the server |
17 |
cannot serve passwords for both old and new clients! |
|
|
967
by Teddy Hogeborn
Show debconf note about new TLS key IDs |
18 |
. |
|
1128
by Teddy Hogeborn
Add debconf translation support |
19 |
Rationale: With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP |
20 |
keys as TLS session keys. A new TLS key pair will be generated on each |
|
21 |
client and will be used as identification, but the key ID of the public |
|
22 |
key needs to be added to this server, since this will now be used to |
|
23 |
identify the client to the server. |
|
|
971
by Teddy Hogeborn
Bug fix: Only create TLS key with certtool, and read correct key file |
24 |
|
25 |
Template: mandos/removed_bad_key_ids |
|
26 |
Type: note |
|
|
1222
by teddy at recompile
Fix debconf template syntax |
27 |
Description: Bad key IDs have been removed from clients.conf |
|
1128
by Teddy Hogeborn
Add debconf translation support |
28 |
Bad key IDs, which were created by a bug in Mandos client 1.8.0, have been |
29 |
removed from /etc/mandos/clients.conf |