=== modified file 'INSTALL' --- INSTALL 2008-09-08 18:54:47 +0000 +++ INSTALL 2008-10-05 17:38:31 +0000 @@ -97,10 +97,28 @@ and append this to the file "/etc/mandos/clients.conf" *on the server computer*. - 4. On the server computer, start the server by running the command + 4. Configure the client to use the correct network interface. The + default is "eth0", and if this needs to be adjusted, it will be + necessary to edit /etc/mandos/plugin-runner.conf to uncomment and + change the line there. If that file is changed, the initrd.img + file must be updated, possibly using the following command: + + # update-initramfs -k all -u + + 5. On the server computer, start the server by running the command For Debian: su -c 'invoke-rc.d mandos start' For Ubuntu: sudo invoke-rc.d mandos start + At this point, it is possible to verify that the correct password + will be received by the client by running the command: + + # /usr/lib/mandos/plugins.d/mandos-client \ + --pubkey=/etc/keys/mandos/pubkey.txt \ + --seckey=/etc/keys/mandos/seckey.txt; echo + + This command should retrieve the password from the server, + decrypt it, and output it to standard output. + After this, the client computer should be able to reboot without needing a password entered on the console, as long as it does not take more than an hour to reboot. === modified file 'TODO' --- TODO 2008-09-30 03:19:39 +0000 +++ TODO 2008-10-05 17:38:31 +0000 @@ -1,14 +1,10 @@ -*- org -*- -* DONE plugin-runner - * mandos-client ** TODO [#B] Temporarily lower kernel log level for less printouts during sucessfull boot. ** TODO [#C] IPv4 support -* DONE password-prompt - * mandos (server) ** TODO [#B] Log level :bugs: ** TODO /etc/mandos/clients.d/*.conf @@ -32,19 +28,11 @@ ** TODO Enable client ** TODO Reset timer -* Man pages -** TODO Use xinclude for all common sections - Like authors, etc. - - -* Installer -** Client-side -*** mandos-keygen -**** TODO "--secfile" option - Using the "secfile" option instead of "secret" -**** TODO [#B] "--test" option - For testing decryption before rebooting. - +* mandos-keygen +** TODO "--secfile" option + Using the "secfile" option instead of "secret" +** TODO [#B] "--test" option + For testing decryption before rebooting. * [#A] Package ** /usr/share/initramfs-tools/hooks/mandos @@ -53,20 +41,6 @@ question. ** TODO /etc/bash_completion.d/mandos From XML sources directly? -** TODO unperish - -* TODO Web site -** DONE http://www.fukt.bsnet.se/mandos - Redirects to the wiki page -** TODO http://wiki.fukt.bsnet.se/wiki/Mandos - http://liw.fi/free-software-website/ - -* Mailing list -** DONE mandos-dev -*** TODO http://gmane.org/subscribe.php - -* TODO Announce project on Usenet - [[news:comp.os.linux.announce]] #+STARTUP: showall === modified file 'debian/mandos-client.README.Debian' --- debian/mandos-client.README.Debian 2008-09-19 20:54:58 +0000 +++ debian/mandos-client.README.Debian 2008-10-05 17:38:31 +0000 @@ -1,23 +1,45 @@ -A client key has been automatically created in /etc/keys/mandos. The -next step is to run "mandos-keygen --password" to get a config file -stanza to copy and paste into /etc/mandos/clients.conf on the Mandos -server. - -Also, if some other network interface than "eth0" is used, it will be -necessary to edit /etc/mandos/plugin-runner.conf to uncomment and -change the line there. If this file is changed, it will be necessary -to update the initrd image by doing "update-initramfs -k all -u". - -Any plugins found in /etc/mandos/plugins.d will override and add to -the normal Mandos plugins. When adding or changing plugins, do not -forget to update the initital RAM disk image: - -# update-initramfs -k all -u - -It is NOT necessary to edit /etc/crypttab to specify -/usr/lib/mandos/plugin-runner as a keyscript for the root file system; -if no keyscript is given for the root file system, the Mandos client -will be the new default way for getting a password for the root file -system when booting. - - -- Teddy Hogeborn , Fri, 19 Sep 2008 22:50:16 +0200 +* Configure The Server + + A client key has been automatically created in /etc/keys/mandos. + The next step is to run "mandos-keygen --password" to get a config + file section. This should be appended to /etc/mandos/clients.conf + on the Mandos server. + +* Use the Correct Network Interface + + If some other network interface than "eth0" is used, it will be + necessary to edit /etc/mandos/plugin-runner.conf to uncomment and + change the line there. If this is done, it will be necessary to + update the initrd image by doing "update-initramfs -k all -u". + +* Test the Server + + After the server has been started and this client's key added, it is + possible to verify that the correct password will be received by + this client by running the command, on the client: + + # /usr/lib/mandos/plugins.d/mandos-client \ + --pubkey=/etc/keys/mandos/pubkey.txt \ + --seckey=/etc/keys/mandos/seckey.txt; echo + + This command should retrieve the password from the server, decrypt + it, and output it to standard output. It is now possible to verify + the correctness of the password before rebooting. + +* User-Supplied Plugins + + Any plugins found in /etc/mandos/plugins.d will override and add to + the normal Mandos plugins. When adding or changing plugins, do not + forget to update the initital RAM disk image: + + # update-initramfs -k all -u + +* Do *NOT* Edit /etc/crypttab + + It is NOT necessary to edit /etc/crypttab to specify + /usr/lib/mandos/plugin-runner as a keyscript for the root file + system; if no keyscript is given for the root file system, the + Mandos client will be the new default way for getting a password for + the root file system when booting. + + -- Teddy Hogeborn , Sun, 5 Oct 2008 19:04:26 +0200 === modified file 'plugin-runner.conf' --- plugin-runner.conf 2008-09-06 16:31:49 +0000 +++ plugin-runner.conf 2008-10-05 17:38:31 +0000 @@ -1,9 +1,11 @@ ## This is the configuration file for plugin-runner. It should be ## installed as "/etc/mandos/plugin-runner.conf", which will be copied ## to "/conf/conf.d/mandos/plugin-runner.conf" in the initrd.img file. +## +## After editing this file, the initrd image file must be updated for +## the changes to take effect! ## ## The default network interface for mandos-client(8mandos) is ## "eth0". Uncomment this line and change it if necessary. ## - #--options-for=mandos-client:--interface=eth0