=== modified file 'mandos.conf.xml'
--- mandos.conf.xml 2019-06-20 18:54:10 +0000
+++ mandos.conf.xml 2024-09-08 00:08:15 +0000
@@ -3,7 +3,7 @@
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
/etc/mandos/mandos.conf">
-
+
%common;
]>
@@ -69,7 +69,7 @@
DESCRIPTION
- The file &CONFPATH; is a simple configuration file for
+ The file &CONFPATH; is a configuration file for
mandos8, and is read by it at
startup. The configuration file starts with
-
+
%common;
]>
@@ -423,9 +423,9 @@
PLUGINS
This program will get a password by running a number of
- plugins, which are simply executable
- programs in a directory in the initial RAM
- disk environment. The default directory is
+ plugins, which are executable programs in
+ a directory in the initial RAM disk
+ environment. The default directory is
/lib/mandos/plugins.d, but this can be
changed with the option. The
plugins are started in parallel, and the first plugin to output
@@ -437,9 +437,9 @@
WRITING PLUGINS
- A plugin is simply a program which prints a password to its
- standard output and then exits with a successful (zero) exit
- status. If the exit status is not zero, any output on
+ A plugin is an executable program which prints a password to
+ its standard output and then exits with a successful (zero)
+ exit status. If the exit status is not zero, any output on
standard output will be ignored by the plugin runner. Any
output on its standard error channel will simply be passed to
the standard error of the plugin runner, usually the system
=== modified file 'plugins.d/mandos-client.xml'
--- plugins.d/mandos-client.xml 2019-07-27 10:11:45 +0000
+++ plugins.d/mandos-client.xml 2024-09-08 00:08:15 +0000
@@ -2,7 +2,7 @@
-
+
%common;
]>
@@ -196,13 +196,9 @@
This program is not meant to be run directly; it is really meant
- to run as a plugin of the Mandos
- plugin-runner
- 8mandos, which runs in the
- initial RAM disk environment because it is
- specified as a keyscript in the
- crypttab5
- file.
+ to be run by other programs in the initial
+ RAM disk environment; see .
@@ -220,12 +216,10 @@
OPTIONS
This program is commonly not invoked from the command line; it
- is normally started by the Mandos
- plugin runner, see plugin-runner8mandos
- . Any command line options this program accepts
- are therefore normally provided by the plugin runner, and not
- directly.
+ is normally started by another program as described in . Any command line options this program
+ accepts are therefore normally provided by the invoking program,
+ and not directly.
@@ -482,24 +476,38 @@
OVERVIEW
- This program is the client part. It is a plugin started by
- plugin-runner
- 8mandos which will run in
- an initial RAM disk environment.
+ This program is the client part. It is run automatically in an
+ initial RAM disk environment.
+
+
+ In an initial RAM disk environment using
+ systemd
+ 1, this program is started
+ by the Mandos
+ password-agent
+ 8mandos, which in turn is
+ started automatically by the
+ systemd1
+ Password Agent system.
+
+
+ In the case of a non-
+ systemd1
+ environment, this program is started as a plugin
+ of the Mandos
+ plugin-runner
+ 8mandos, which runs in the
+ initial RAM disk environment because it is
+ specified as a keyscript in the
+ crypttab5
+ file.
This program could, theoretically, be used as a keyscript in
/etc/crypttab, but it would then be
impossible to enter a password for the encrypted root disk at
the console, since this program does not read from the console
- at all. This is why a separate plugin runner (
- plugin-runner
- 8mandos) is used to run
- both this program and others in in parallel,
- one of which (
- password-prompt
- 8mandos) will prompt for
- passwords on the system console.
+ at all.
@@ -762,9 +770,8 @@
EXAMPLE
Note that normally, command line options will not be given
- directly, but via options for the Mandos plugin-runner
- 8mandos.
+ directly, but passed on via the program responsible for starting
+ this program; see .
@@ -872,7 +879,7 @@
5,
mandos8,
- password-prompt
+ password-agent8mandos,
plugin-runner8mandos