/mandos/trunk : contents of clients.conf.xml at revision 24.1.23

: (revision 24.1.23)

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet type="text/xsl"
	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
<!ENTITY VERSION "1.0">
<!ENTITY CONFNAME "clients.conf">
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
]>

<refentry>
  <refentryinfo>
    <title>&CONFNAME;</title>
    <!-- NWalsh's docbook scripts use this to generate the footer: -->
    <productname>&CONFNAME;</productname>
    <productnumber>&VERSION;</productnumber>
    <authorgroup>
      <author>
	<firstname>Björn</firstname>
	<surname>Påhlsson</surname>
	<address>
	  <email>belorn@fukt.bsnet.se</email>
	</address>
      </author>
      <author>
	<firstname>Teddy</firstname>
	<surname>Hogeborn</surname>
	<address>
	  <email>teddy@fukt.bsnet.se</email>
	</address>
      </author>
    </authorgroup>
    <copyright>
      <year>2008</year>
      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
    </copyright>
    <legalnotice>
      <para>
	This manual page is free software: you can redistribute it
	and/or modify it under the terms of the GNU General Public
	License as published by the Free Software Foundation,
	either version 3 of the License, or (at your option) any
	later version.
      </para>

      <para>
	This manual page is distributed in the hope that it will
	be useful, but WITHOUT ANY WARRANTY; without even the
	implied warranty of MERCHANTABILITY or FITNESS FOR A
	PARTICULAR PURPOSE.  See the GNU General Public License
	for more details.
      </para>

      <para>
	You should have received a copy of the GNU General Public
	License along with this program; If not, see
	<ulink url="http://www.gnu.org/licenses/"/>.
      </para>
    </legalnotice>
  </refentryinfo>

  <refmeta>
    <refentrytitle>&CONFNAME;</refentrytitle>
    <manvolnum>5</manvolnum>
  </refmeta>
  
  <refnamediv>
    <refname><filename>&CONFNAME;</filename></refname>
    <refpurpose>
      Configuration file for Mandos clients
    </refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <synopsis>
      &CONFPATH;
    </synopsis>
  </refsynopsisdiv>

  <refsect1 id="description">
    <title>DESCRIPTION</title>
    <para>
      The file &CONFPATH; is the configuration file for mandos where
      each client that will be abel to use the service need to be
      specified. The configuration file is looked on at the startup of
      the service, so to reenable timedout clients one need to only
      restart the server. The format starts with a section under []
      which is eather <literal>[DEFAULT]</literal> or a client
      name. Values is set through the use of VAR = VALUE pair. Values
      may not be empty.
    </para>
  </refsect1>

  <refsect1 id="default">
    <title>DEFAULT</title>
    <para>
      The paramters for <literal>[DEFAULT]</literal> are:
    </para>

    <variablelist>
      
      <varlistentry>
	<term><literal>timeout</literal></term>
	<listitem>
	  <para>
	    This option allows you to override the default timeout
	    that clients will get. By default mandos will use 1hr.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>interval</literal></term>
	<listitem>
	  <para>
	    This option allows you to override the default interval
	    used between checkups for disconnected clients. By default
	    mandos will use 5m.
	  </para>
	</listitem>
      </varlistentry>      

      <varlistentry>
	<term><literal>checker</literal></term>
	<listitem>
	  <para>
	    This option allows you to override the default shell
	    command that the server will use to check up if the client
	    is still up. By default mandos will "fping -q -- %%(fqdn)s"
	  </para>
	</listitem>
      </varlistentry>
      
    </variablelist>
  </refsect1>

  <refsect1 id="clients">
    <title>CLIENTS</title>
    <para>
      The paramters for clients are:
    </para>

    <variablelist>
      
      <varlistentry>
	<term><literal>fingerprint</literal></term>
	<listitem>
	  <para>
	    This option sets the openpgp fingerprint that identifies
	    the public certificate that clients authenticates themself
	    through gnutls. The string need to be in hex-decimal form.
	  </para>
	</listitem>
      </varlistentry>
      
      <varlistentry>
	<term><literal>secret</literal></term>
	<listitem>
	  <para>
	    Base 64 encoded OpenPGP encrypted password encrypted by
	    the clients openpgp certificate.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>secfile</literal></term>
	<listitem>
	  <para>
	    Base 64 encoded OpenPGP encrypted password encrypted by
	    the clients openpgp certificate as a binary file.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>fqdn</literal></term>
	<listitem>
	  <para>
	    FQDN, that can be used in for checking that the client is up.
	  </para>
	</listitem>
      </varlistentry>

      <varlistentry>
	<term><literal>checker</literal></term>
	<listitem>
	  <para>
	    Shell command that the server will use to check up if the
	    client is still up.
	  </para>
	</listitem>
      </varlistentry>      

      <varlistentry>
	<term><literal>timeout</literal></term>
	<listitem>
	  <para>
	    Duration that a client can be down whitout be removed from
	    the client list.
	  </para>
	</listitem>
      </varlistentry> 
      
    </variablelist>
  </refsect1>  

  <refsect1 id="examples">
    <title>EXAMPLES</title>
    <informalexample>
      <programlisting>
[DEFAULT]
timeout = 1h
interval = 5m
checker = fping -q -- %%(fqdn)s

[example_client]
fingerprint =  7788 2722 5BA7 DE53 9C5A  7CFA 59CF F7CD BD9A 5920

secret =
hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234REJMVv
7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+NXl89vGvdU1Xf
hKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz3Z20erVNbdcvyBnuoj
coWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGITb8A/ar0tVA5crSQmaSotm6K
mNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqWQHC7OASxK5E6RXPBuFH5IohUA2Qbk5
AHt99pYvsIPX88j2rWauOokoiKZot/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nq
h4uwGNbCgKMyT+AnvH7kMJ3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr
/at8/NSLe2OhLchzdC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21Lpi
XqXHV2mIgqWnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3
+bFszYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/vJ
M2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW5MHdW9AY
sNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm4T2zw4dxS5NswX
WU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2OQlnHIvPzEArRQLo=
=iHhv

fqdn = localhost
interval = 5m
      </programlisting>
    </informalexample>
  </refsect1>  
  
  <refsect1 id="files">
    <title>FILES</title>
    <para>
      The file described here is &CONFPATH;
    </para>
  </refsect1>
</refentry>

24.1.23 by Björn Påhlsson Added manual pages for:	1	<?xml version='1.0' encoding='UTF-8'?>
	2	<?xml-stylesheet type="text/xsl"
	3	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
	4	<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
	5	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
	6	<!ENTITY VERSION "1.0">
	7	<!ENTITY CONFNAME "clients.conf">
	8	<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
	9	]>
	10
	11	<refentry>
	12	<refentryinfo>
	13	<title>&CONFNAME;</title>
	14	<!-- NWalsh's docbook scripts use this to generate the footer: -->
	15	<productname>&CONFNAME;</productname>
	16	<productnumber>&VERSION;</productnumber>
	17	<authorgroup>
	18	<author>
	19	<firstname>Björn</firstname>
	20	<surname>Påhlsson</surname>
	21	<address>
	22	<email>belorn@fukt.bsnet.se</email>
	23	</address>
	24	</author>
	25	<author>
	26	<firstname>Teddy</firstname>
	27	<surname>Hogeborn</surname>
	28	<address>
	29	<email>teddy@fukt.bsnet.se</email>
	30	</address>
	31	</author>
	32	</authorgroup>
	33	<copyright>
	34	<year>2008</year>
	35	<holder>Teddy Hogeborn & Björn Påhlsson</holder>
	36	</copyright>
	37	<legalnotice>
	38	<para>
	39	This manual page is free software: you can redistribute it
	40	and/or modify it under the terms of the GNU General Public
	41	License as published by the Free Software Foundation,
	42	either version 3 of the License, or (at your option) any
	43	later version.
	44	</para>
	45
	46	<para>
	47	This manual page is distributed in the hope that it will
	48	be useful, but WITHOUT ANY WARRANTY; without even the
	49	implied warranty of MERCHANTABILITY or FITNESS FOR A
	50	PARTICULAR PURPOSE. See the GNU General Public License
	51	for more details.
	52	</para>
	53
	54	<para>
	55	You should have received a copy of the GNU General Public
	56	License along with this program; If not, see
	57	<ulink url="http://www.gnu.org/licenses/"/>.
	58	</para>
	59	</legalnotice>
	60	</refentryinfo>
	61
	62	<refmeta>
	63	<refentrytitle>&CONFNAME;</refentrytitle>
	64	<manvolnum>5</manvolnum>
65	</refmeta>
66
67	<refnamediv>
68	<refname><filename>&CONFNAME;</filename></refname>
69	<refpurpose>
70	Configuration file for Mandos clients
71	</refpurpose>
72	</refnamediv>
73
74	<refsynopsisdiv>
75	<synopsis>
76	&CONFPATH;
77	</synopsis>
78	</refsynopsisdiv>
79
80	<refsect1 id="description">
81	<title>DESCRIPTION</title>
82	<para>
83	The file &CONFPATH; is the configuration file for mandos where
84	each client that will be abel to use the service need to be
85	specified. The configuration file is looked on at the startup of
86	the service, so to reenable timedout clients one need to only
87	restart the server. The format starts with a section under []
88	which is eather <literal>[DEFAULT]</literal> or a client
89	name. Values is set through the use of VAR = VALUE pair. Values
90	may not be empty.
91	</para>
92	</refsect1>
93
94	<refsect1 id="default">
95	<title>DEFAULT</title>
96	<para>
97	The paramters for <literal>[DEFAULT]</literal> are:
98	</para>
99
100	<variablelist>
101
102	<varlistentry>
103	<term><literal>timeout</literal></term>
104	<listitem>
105	<para>
106	This option allows you to override the default timeout
107	that clients will get. By default mandos will use 1hr.
108	</para>
109	</listitem>
110	</varlistentry>
111
112	<varlistentry>
113	<term><literal>interval</literal></term>
114	<listitem>
115	<para>
116	This option allows you to override the default interval
117	used between checkups for disconnected clients. By default
118	mandos will use 5m.
119	</para>
120	</listitem>
121	</varlistentry>
122
123	<varlistentry>
124	<term><literal>checker</literal></term>
125	<listitem>
126	<para>
127	This option allows you to override the default shell
128	command that the server will use to check up if the client
129	is still up. By default mandos will "fping -q -- %%(fqdn)s"
130	</para>
131	</listitem>
132	</varlistentry>
133
134	</variablelist>
135	</refsect1>
136
137	<refsect1 id="clients">
138	<title>CLIENTS</title>
139	<para>
140	The paramters for clients are:
141	</para>
142
143	<variablelist>
144
145	<varlistentry>
146	<term><literal>fingerprint</literal></term>
147	<listitem>
148	<para>
149	This option sets the openpgp fingerprint that identifies
150	the public certificate that clients authenticates themself
151	through gnutls. The string need to be in hex-decimal form.
152	</para>
153	</listitem>
154	</varlistentry>
155
156	<varlistentry>
157	<term><literal>secret</literal></term>
158	<listitem>
159	<para>
160	Base 64 encoded OpenPGP encrypted password encrypted by
161	the clients openpgp certificate.
162	</para>
163	</listitem>
164	</varlistentry>
165
166	<varlistentry>
167	<term><literal>secfile</literal></term>
168	<listitem>
169	<para>
170	Base 64 encoded OpenPGP encrypted password encrypted by
171	the clients openpgp certificate as a binary file.
172	</para>
173	</listitem>
174	</varlistentry>
175
176	<varlistentry>
177	<term><literal>fqdn</literal></term>
178	<listitem>
179	<para>
180	FQDN, that can be used in for checking that the client is up.
181	</para>
182	</listitem>
183	</varlistentry>
184
185	<varlistentry>
186	<term><literal>checker</literal></term>
187	<listitem>
188	<para>
189	Shell command that the server will use to check up if the
190	client is still up.
191	</para>
192	</listitem>
193	</varlistentry>
194
195	<varlistentry>
196	<term><literal>timeout</literal></term>
197	<listitem>
198	<para>
199	Duration that a client can be down whitout be removed from
200	the client list.
201	</para>
202	</listitem>
203	</varlistentry>
204
205	</variablelist>
206	</refsect1>
207
208	<refsect1 id="examples">
209	<title>EXAMPLES</title>
210	<informalexample>
211	<programlisting>
212	[DEFAULT]
213	timeout = 1h
214	interval = 5m
215	checker = fping -q -- %%(fqdn)s
216
217	[example_client]
218	fingerprint = 7788 2722 5BA7 DE53 9C5A 7CFA 59CF F7CD BD9A 5920
219
220	secret =
221	hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234REJMVv
222	7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+NXl89vGvdU1Xf
223	hKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz3Z20erVNbdcvyBnuoj
224	coWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGITb8A/ar0tVA5crSQmaSotm6K
225	mNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqWQHC7OASxK5E6RXPBuFH5IohUA2Qbk5
226	AHt99pYvsIPX88j2rWauOokoiKZot/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nq
227	h4uwGNbCgKMyT+AnvH7kMJ3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr
228	/at8/NSLe2OhLchzdC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21Lpi
229	XqXHV2mIgqWnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3
230	+bFszYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/vJ
231	M2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW5MHdW9AY
232	sNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm4T2zw4dxS5NswX
233	WU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2OQlnHIvPzEArRQLo=
234	=iHhv
235
236	fqdn = localhost
237	interval = 5m
238	</programlisting>
239	</informalexample>
240	</refsect1>
241
242	<refsect1 id="files">
243	<title>FILES</title>
244	<para>
245	The file described here is &CONFPATH;
246	</para>
247	</refsect1>
248	</refentry>