=== modified file 'Makefile'
--- Makefile 2008-08-17 06:01:58 +0000
+++ Makefile 2008-08-17 20:34:18 +0000
@@ -39,7 +39,7 @@
--param man.output.quietly 1 \
--param man.authors.section.enabled 0
# DocBook-to-man post-processing to fix a \n escape bug
-MANPOST=sed --in-place --expression='s,\\en,\en,g;s,\een,\en,g'
+MANPOST=sed --in-place --expression='s,\\en,\en,g;s,\\een,\\en,g'
PLUGINS=plugins.d/password-prompt plugins.d/password-request
PROGS=plugin-runner $(PLUGINS)
=== modified file 'TODO'
--- TODO 2008-08-17 06:17:10 +0000
+++ TODO 2008-08-17 20:34:18 +0000
@@ -11,7 +11,7 @@
Text needed
*** EXAMPLES
Examples of normal usage, debug usage, debugging single or all
- plugins, examples of crypttab lines with plus syntax, etc.
+ plugins, etc.
*** FILES
Text needed
*** SECURITY
@@ -84,18 +84,6 @@
* Mandos (server)
** [#A] Command man page: man8/mandos.8
-*** EXAMPLES
- Create this section
-*** FILES
- Describe briefly that the server gets global settings from
- mandos.conf and clients from clients.conf, but refer to their man
- pages for more details.
-*** DIAGNOSTICS
- Create this section
-*** SECURITY
- Create this section
-*** BUGS
- Create this section
** [#A] Config file man page: man5/mandos.conf (mandos.conf)
** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)
** [#A] /etc/init.d/mandos-server :teddy:
=== modified file 'mandos.xml'
--- mandos.xml 2008-08-17 06:01:58 +0000
+++ mandos.xml 2008-08-17 20:34:18 +0000
@@ -103,7 +103,7 @@
&COMMANDNAME;--check
-
+
@@ -115,12 +115,12 @@
announce itself on the local network, and uses GnuTLS to
communicate securely with and to authenticate the clients.
Mandos uses IPv6 link-local addresses, since the clients are
- assumed to not have any other addresses configured yet. Any
+ assumed to not have any other addresses configured. Any
authenticated client is then given the pre-encrypted password
for that specific client.
-
+
PURPOSE
@@ -137,7 +137,7 @@
normally.
-
+
OPTIONS
@@ -162,7 +162,7 @@
use all available interfaces.
-
+
-a, --address
@@ -172,14 +172,14 @@
If this option is used, the server will only listen to a
specific address. This must currently be an IPv6 address;
an IPv4 address can be specified using the
- "::FFFF:192.0.2.3" syntax. Also, if a
- link-local address is specified, an interface should be
- set, since a link-local address is only valid on a single
- interface. By default, the server will listen to all
- available addresses.
+ ::FFFF:192.0.2.3 syntax.
+ Also, if a link-local address is specified, an interface
+ should be set, since a link-local address is only valid on
+ a single interface. By default, the server will listen to
+ all available addresses.
-
+
-p, --port
@@ -191,7 +191,7 @@
port given by the operating system.
-
+
--check
@@ -201,7 +201,7 @@
tests, etc.
-
+
--debug
@@ -224,13 +224,13 @@
gnutls_priority_init
3
for the syntax. The default is
- "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP".
+ SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP.
Warning: changing this may make the
TLS handshake fail, making communication with clients
impossible.
-
+
--servicename NAME
@@ -238,15 +238,17 @@
Zeroconf service name. The default is
- "Mandos". You only need to change this
- if you for some reason want to run more than one server on
- the same host. If there are name
+ Mandos. You only need
+ to change this if you for some reason want to run more
+ than one server on the same host,
+ which would not normally be useful. If there are name
collisions on the same network, the
- new server will automatically rename itself to "Mandos
- #2", etc.
+ newer server will automatically rename itself to
+ Mandos #2, and so on,
+ therefore this option is not needed in that case.
-
+
--configdir DIR
@@ -254,8 +256,8 @@
Directory to search for configuration files. Default is
- "/etc/mandos". See
- mandos.conf
+ /etc/mandos. See
+ mandos.conf5 and mandos-clients.conf5.
@@ -270,7 +272,7 @@
Prints the program version and exit.
-
+
@@ -278,20 +280,22 @@
NETWORK PROTOCOL
The Mandos server announces itself as a Zeroconf service of type
- "_mandos._tcp". The Mandos client connects
- to the announced address and port, and sends a line of text
- where the first whitespace-separated field is the protocol
- version, which currently is "1". The client
- and server then start a TLS protocol handshake with a slight
- quirk: the Mandos server program acts as a TLS "client" while
- the connecting Mandos client acts as a TLS "server". The Mandos
- client must supply an OpenPGP certificate, and the fingerprint
- of this certificate is used by the Mandos server to look up (in
- a list read from a file at start time) which binary blob to give
- the client. No other authentication or authorization is done by
- the server.
+ _mandos._tcp. The Mandos
+ client connects to the announced address and port, and sends a
+ line of text where the first whitespace-separated field is the
+ protocol version, which currently is
+ 1. The client and server then
+ start a TLS protocol handshake with a slight quirk: the Mandos
+ server program acts as a TLS client while the
+ connecting Mandos client acts as a TLS server.
+ The Mandos client must supply an OpenPGP certificate, and the
+ fingerprint of this certificate is used by the Mandos server to
+ look up (in a list read from clients.conf
+ at start time) which binary blob to give the client. No other
+ authentication or authorization is done by the server.
-
+
+
+
+
+ CHECKING
+
+ The server will, by default, continually check that the clients
+ are still up. If a client has not been confirmed as being up
+ for some time, the client is assumed to be compromised and is no
+ longer eligible to receive the encrypted password. The timeout,
+ checker program and interval between checks can be configured
+ both globally and per client; see
+ mandos.conf
+ 5 and
+ mandos-clients.conf
+ 5.
+ LOGGING
- The server will log a lot of information with various severity
- levels to
- syslog
- 8. With the
+ The server will send log messaged with various severity levels
+ to /dev/log. With the
option, it will log even more messages,
and also show them on the console.
@@ -351,40 +371,125 @@
FILES
-
-
- /etc/mandos/mandos.conf See
- mandos.conf
- 5.
-
-
- /etc/mandos/clients.conf See
- mandos-clients.conf
- 5.
-
-
- /var/run/mandos/mandos.pid
-
-
+ Use the option to change where
+ &COMMANDNAME; looks for its configurations
+ files. The default file names are listed here.
-
+
+
+ /etc/mandos/mandos.conf
+
+
+ Server-global settings. See
+ mandos.conf
+ 5 for details.
+
+
+
+
+ /etc/mandos/clients.conf
+
+
+ List of clients and client-specific settings. See
+ mandos-clients.conf
+ 5 for details.
+
+
+
+
+ /var/run/mandos/mandos.pid
+
+
+ The file containing the process id of
+ &COMMANDNAME;.
+
+
+
+
+ /dev/log
+
+
+ The Unix domain socket to where local syslog messages are
+ sent.
+
+
+
+
+ BUGS
+ This server might, on especially fatal errors, emit a Python
+ backtrace. This could be considered a feature.
-
+
EXAMPLES
-
-
+
+
+ Normal invocation needs no options:
+
+
+ mandos
+
+
+
+
+ Run the server in debug mode and read configuration files from
+ the ~/mandos directory:
+
+
+
+
+mandos --debug --configdir ~/mandos --servicename Test
+
+
+
+
+
+ Run the server normally, but only listen to one interface and
+ only on the link-local address on that interface:
+
+
+
+
+mandos --interface eth7 --address fe80::aede:48ff:fe71:f6f2
+
+
+ SECURITY
-
-
+
+ SERVER
+
+ Running the server should not in itself present any security
+ risk to the host computer running it.
+
+
+
+ CLIENTS
+
+ The server only gives out its stored data to clients which
+ does have the OpenPGP key of the stored fingerprint. This is
+ guaranteed by the fact that the client sends its OpenPGP
+ public key in the TLS handshake; this ensures it to be
+ genuine. The server computes the fingerprint of the key
+ itself and looks up the fingerprint in its list of
+ clients. The clients.conf file (see
+ mandos-clients.conf
+ 5) must be non-readable
+ by anyone except the user running the server.
+
+
+ For more details on client-side security, see
+ password-request
+ 8mandos.
+
+