bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
24.1.23
by Björn Påhlsson
Added manual pages for: |
1 |
<?xml version='1.0' encoding='UTF-8'?>
|
2 |
<?xml-stylesheet type="text/xsl"
|
|
3 |
href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
|
|
4 |
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
5 |
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
|
|
6 |
<!ENTITY VERSION "1.0">
|
|
24.1.24
by Björn Påhlsson
minor edits |
7 |
<!ENTITY CONFNAME "mandos-clients.conf">
|
24.1.23
by Björn Påhlsson
Added manual pages for: |
8 |
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>"> |
9 |
]> |
|
10 |
||
11 |
<refentry>
|
|
12 |
<refentryinfo> |
|
13 |
<title>&CONFNAME;</title> |
|
14 |
<!-- NWalsh's docbook scripts use this to generate the footer: --> |
|
15 |
<productname>&CONFNAME;</productname> |
|
16 |
<productnumber>&VERSION;</productnumber> |
|
17 |
<authorgroup> |
|
18 |
<author> |
|
19 |
<firstname>Björn</firstname> |
|
20 |
<surname>Påhlsson</surname> |
|
21 |
<address> |
|
22 |
<email>belorn@fukt.bsnet.se</email> |
|
23 |
</address> |
|
24 |
</author> |
|
25 |
<author> |
|
26 |
<firstname>Teddy</firstname> |
|
27 |
<surname>Hogeborn</surname> |
|
28 |
<address> |
|
29 |
<email>teddy@fukt.bsnet.se</email> |
|
30 |
</address> |
|
31 |
</author> |
|
32 |
</authorgroup> |
|
33 |
<copyright> |
|
34 |
<year>2008</year> |
|
35 |
<holder>Teddy Hogeborn & Björn Påhlsson</holder> |
|
36 |
</copyright> |
|
37 |
<legalnotice> |
|
38 |
<para> |
|
39 |
This manual page is free software: you can redistribute it |
|
40 |
and/or modify it under the terms of the GNU General Public |
|
41 |
License as published by the Free Software Foundation, |
|
42 |
either version 3 of the License, or (at your option) any |
|
43 |
later version. |
|
44 |
</para> |
|
45 |
||
46 |
<para> |
|
47 |
This manual page is distributed in the hope that it will |
|
48 |
be useful, but WITHOUT ANY WARRANTY; without even the |
|
49 |
implied warranty of MERCHANTABILITY or FITNESS FOR A |
|
50 |
PARTICULAR PURPOSE. See the GNU General Public License |
|
51 |
for more details. |
|
52 |
</para> |
|
53 |
||
54 |
<para> |
|
55 |
You should have received a copy of the GNU General Public |
|
56 |
License along with this program; If not, see |
|
57 |
<ulink url="http://www.gnu.org/licenses/"/>. |
|
58 |
</para> |
|
59 |
</legalnotice> |
|
60 |
</refentryinfo> |
|
61 |
||
62 |
<refmeta> |
|
63 |
<refentrytitle>&CONFNAME;</refentrytitle> |
|
64 |
<manvolnum>5</manvolnum> |
|
65 |
</refmeta> |
|
66 |
|
|
67 |
<refnamediv> |
|
68 |
<refname><filename>&CONFNAME;</filename></refname> |
|
69 |
<refpurpose> |
|
70 |
Configuration file for Mandos clients |
|
71 |
</refpurpose> |
|
72 |
</refnamediv> |
|
73 |
||
74 |
<refsynopsisdiv> |
|
75 |
<synopsis> |
|
76 |
&CONFPATH; |
|
77 |
</synopsis> |
|
78 |
</refsynopsisdiv> |
|
79 |
||
80 |
<refsect1 id="description"> |
|
81 |
<title>DESCRIPTION</title> |
|
82 |
<para> |
|
83 |
The file &CONFPATH; is the configuration file for mandos where |
|
84 |
each client that will be abel to use the service need to be |
|
85 |
specified. The configuration file is looked on at the startup of |
|
86 |
the service, so to reenable timedout clients one need to only |
|
87 |
restart the server. The format starts with a section under [] |
|
88 |
which is eather <literal>[DEFAULT]</literal> or a client |
|
89 |
name. Values is set through the use of VAR = VALUE pair. Values |
|
90 |
may not be empty. |
|
91 |
</para> |
|
92 |
</refsect1> |
|
93 |
||
94 |
<refsect1 id="default"> |
|
24.1.24
by Björn Påhlsson
minor edits |
95 |
<title>DEFAULTS</title> |
24.1.23
by Björn Påhlsson
Added manual pages for: |
96 |
<para> |
97 |
The paramters for <literal>[DEFAULT]</literal> are: |
|
98 |
</para> |
|
99 |
||
100 |
<variablelist> |
|
101 |
|
|
102 |
<varlistentry> |
|
103 |
<term><literal>timeout</literal></term> |
|
104 |
<listitem> |
|
105 |
<para> |
|
106 |
This option allows you to override the default timeout |
|
107 |
that clients will get. By default mandos will use 1hr. |
|
108 |
</para> |
|
109 |
</listitem> |
|
110 |
</varlistentry> |
|
111 |
||
112 |
<varlistentry> |
|
113 |
<term><literal>interval</literal></term> |
|
114 |
<listitem> |
|
115 |
<para> |
|
116 |
This option allows you to override the default interval |
|
117 |
used between checkups for disconnected clients. By default |
|
118 |
mandos will use 5m. |
|
119 |
</para> |
|
120 |
</listitem> |
|
121 |
</varlistentry> |
|
122 |
||
123 |
<varlistentry> |
|
124 |
<term><literal>checker</literal></term> |
|
125 |
<listitem> |
|
126 |
<para> |
|
127 |
This option allows you to override the default shell |
|
128 |
command that the server will use to check up if the client |
|
129 |
is still up. By default mandos will "fping -q -- %%(fqdn)s" |
|
130 |
</para> |
|
131 |
</listitem> |
|
132 |
</varlistentry> |
|
133 |
|
|
134 |
</variablelist> |
|
135 |
</refsect1> |
|
136 |
||
137 |
<refsect1 id="clients"> |
|
138 |
<title>CLIENTS</title> |
|
139 |
<para> |
|
140 |
The paramters for clients are: |
|
141 |
</para> |
|
142 |
||
143 |
<variablelist> |
|
144 |
|
|
145 |
<varlistentry> |
|
146 |
<term><literal>fingerprint</literal></term> |
|
147 |
<listitem> |
|
148 |
<para> |
|
149 |
This option sets the openpgp fingerprint that identifies |
|
150 |
the public certificate that clients authenticates themself |
|
151 |
through gnutls. The string need to be in hex-decimal form. |
|
152 |
</para> |
|
153 |
</listitem> |
|
154 |
</varlistentry> |
|
155 |
|
|
156 |
<varlistentry> |
|
157 |
<term><literal>secret</literal></term> |
|
158 |
<listitem> |
|
159 |
<para> |
|
160 |
Base 64 encoded OpenPGP encrypted password encrypted by |
|
161 |
the clients openpgp certificate. |
|
162 |
</para> |
|
163 |
</listitem> |
|
164 |
</varlistentry> |
|
165 |
||
166 |
<varlistentry> |
|
167 |
<term><literal>secfile</literal></term> |
|
168 |
<listitem> |
|
169 |
<para> |
|
170 |
Base 64 encoded OpenPGP encrypted password encrypted by |
|
171 |
the clients openpgp certificate as a binary file. |
|
172 |
</para> |
|
173 |
</listitem> |
|
174 |
</varlistentry> |
|
175 |
||
176 |
<varlistentry> |
|
177 |
<term><literal>fqdn</literal></term> |
|
178 |
<listitem> |
|
179 |
<para> |
|
180 |
FQDN, that can be used in for checking that the client is up. |
|
181 |
</para> |
|
182 |
</listitem> |
|
183 |
</varlistentry> |
|
184 |
||
185 |
<varlistentry> |
|
186 |
<term><literal>checker</literal></term> |
|
187 |
<listitem> |
|
188 |
<para> |
|
24.1.24
by Björn Påhlsson
minor edits |
189 |
Shell command that the server will use to check up if a |
24.1.23
by Björn Påhlsson
Added manual pages for: |
190 |
client is still up. |
191 |
</para> |
|
192 |
</listitem> |
|
193 |
</varlistentry> |
|
194 |
||
195 |
<varlistentry> |
|
196 |
<term><literal>timeout</literal></term> |
|
197 |
<listitem> |
|
198 |
<para> |
|
199 |
Duration that a client can be down whitout be removed from |
|
200 |
the client list. |
|
201 |
</para> |
|
202 |
</listitem> |
|
203 |
</varlistentry> |
|
204 |
|
|
205 |
</variablelist> |
|
206 |
</refsect1> |
|
207 |
||
208 |
<refsect1 id="examples"> |
|
209 |
<title>EXAMPLES</title> |
|
210 |
<informalexample> |
|
211 |
<programlisting> |
|
212 |
[DEFAULT] |
|
213 |
timeout = 1h |
|
214 |
interval = 5m |
|
215 |
checker = fping -q -- %%(fqdn)s |
|
216 |
||
217 |
[example_client] |
|
218 |
fingerprint = 7788 2722 5BA7 DE53 9C5A 7CFA 59CF F7CD BD9A 5920 |
|
219 |
||
220 |
secret =
|
|
24.1.24
by Björn Påhlsson
minor edits |
221 |
hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234
|
222 |
REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N
|
|
223 |
Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz
|
|
224 |
3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI
|
|
225 |
Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW
|
|
226 |
QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo
|
|
227 |
t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ
|
|
228 |
3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz
|
|
229 |
dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq
|
|
230 |
WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs
|
|
231 |
zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/
|
|
232 |
vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW
|
|
233 |
5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm
|
|
234 |
4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
|
|
235 |
QlnHIvPzEArRQLo=
|
|
236 |
=iHhv
|
|
24.1.23
by Björn Påhlsson
Added manual pages for: |
237 |
|
238 |
fqdn = localhost |
|
239 |
interval = 5m |
|
240 |
</programlisting> |
|
241 |
</informalexample> |
|
242 |
</refsect1> |
|
243 |
|
|
244 |
<refsect1 id="files"> |
|
245 |
<title>FILES</title> |
|
246 |
<para> |
|
247 |
The file described here is &CONFPATH; |
|
248 |
</para> |
|
249 |
</refsect1> |
|
250 |
</refentry>
|