=== modified file 'TODO'
--- TODO	2008-08-18 03:25:01 +0000
+++ TODO	2008-08-18 03:50:28 +0000
@@ -83,7 +83,6 @@
    [[http://www.steve.org.uk/Reference/Unix/faq_4.html#SEC48][Unix Programming FAQ 3.1 How can I make my program not echo input?]]
 
 * Mandos (server)
-** [#A] Command man page: man8/mandos.8
 ** [#A] Config file man page: man5/mandos.conf (mandos.conf)
 ** [#A] Config file man page: man5/mandos-clients.conf (clients.conf)
 ** [#A] /etc/init.d/mandos-server		:teddy:
@@ -109,10 +108,8 @@
 
 * Installer
 ** Client
-*** DONE [#A] Change initrd.img file to not be publically readable
-    /usr/share/initramfs-tools/conf-hooks.d/mandos
-    UMASK=027
 *** Update initrd.img after installation
+    This seems to use some kind of "trigger" system
 ** Server
 *** [#A] Create mandos user and group for server
 *** [#A] Create /var/run/mandos directory with perm and ownership

=== modified file 'mandos-keygen.xml'
--- mandos-keygen.xml	2008-08-17 06:17:10 +0000
+++ mandos-keygen.xml	2008-08-18 03:50:28 +0000
@@ -1,10 +1,9 @@
 <?xml version='1.0' encoding='UTF-8'?>
-<?xml-stylesheet type="text/xsl"
-	href="http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl"?>
 <!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
 	"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 <!ENTITY VERSION "1.0">
 <!ENTITY COMMANDNAME "mandos-keygen">
+<!ENTITY OVERVIEW SYSTEM "overview.xml">
 ]>
 
 <refentry>
@@ -169,6 +168,18 @@
     </para>
   </refsect1>
   
+  <refsect1 id="purpose">
+    <title>PURPOSE</title>
+
+    <para>
+      The purpose of this is to enable <emphasis>remote and unattended
+      rebooting</emphasis> of client host computer with an
+      <emphasis>encrypted root file system</emphasis>.  See <xref
+      linkend="overview"/> for details.
+    </para>
+
+  </refsect1>
+  
   <refsect1 id="options">
     <title>OPTIONS</title>
 
@@ -256,6 +267,15 @@
     </variablelist>
   </refsect1>
 
+  <refsect1 id="overview">
+    <title>OVERVIEW</title>
+    &OVERVIEW;
+    <para>
+      This program is a small program to generate new OpenPGP keys for
+      new Mandos clients.
+    </para>
+  </refsect1>
+
   <refsect1 id="exit_status">
     <title>EXIT STATUS</title>
     <para>
@@ -274,8 +294,8 @@
     </para>
   </refsect1>
 
-  <refsect1 id="examples">
-    <title>EXAMPLES</title>
+  <refsect1 id="example">
+    <title>EXAMPLE</title>
     <para>
     </para>
   </refsect1>

=== modified file 'mandos.xml'
--- mandos.xml	2008-08-18 03:25:01 +0000
+++ mandos.xml	2008-08-18 03:50:28 +0000
@@ -237,14 +237,15 @@
 	<listitem>
 	  <para>
 	    Zeroconf service name.  The default is
-	    <quote><literal>Mandos</literal></quote>.  You only need
-	    to change this if you for some reason want to run more
-	    than one server on the same <emphasis>host</emphasis>,
-	    which would not normally be useful.  If there are name
-	    collisions on the same <emphasis>network</emphasis>, the
-	    newer server will automatically rename itself to
-	    <quote><literal>Mandos #2</literal></quote>, and so on;
-	    therefore, this option is not needed in that case.
+	    <quote><literal>Mandos</literal></quote>.  This only needs
+	    to be changed this if it, for some reason, is necessary to
+	    run more than one server on the same
+	    <emphasis>host</emphasis>, which would not normally be
+	    useful.  If there are name collisions on the same
+	    <emphasis>network</emphasis>, the newer server will
+	    automatically rename itself to <quote><literal>Mandos
+	    #2</literal></quote>, and so on; therefore, this option is
+	    not needed in that case.
 	  </para>
 	</listitem>
       </varlistentry>
@@ -561,13 +562,14 @@
 	re-read its client list from its configuration file and again
 	regard all clients therein as valid, and hence eligible to
 	receive their passwords.  Therefore, be careful when
-	restarting servers if you suspect that a client has, in fact,
-	been compromised by parties who may now be running a fake
-	Mandos client with the keys from the non-encrypted initial RAM
-	image of the client host.  What should be done in that case
-	(if restarting the server program really is necessary) is to
-	stop the server program, edit the configuration file to omit
-	any suspect clients, and restart the server program.
+	restarting servers if it is suspected that a client has, in
+	fact, been compromised by parties who may now be running a
+	fake Mandos client with the keys from the non-encrypted
+	initial RAM image of the client host.  What should be done in
+	that case (if restarting the server program really is
+	necessary) is to stop the server program, edit the
+	configuration file to omit any suspect clients, and restart
+	the server program.
       </para>
       <para>
 	For more details on client-side security, see