/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-08-27 01:18:25 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080827011825-ka3ni6xvy2ehi1y8
* .bzrignore: New.

* clients.conf ([foo]): Remove Radix-64 checksum.

* mandos (AvahiService.rename, server_state_changed,
          entry_group_state_changed): Make Avahi log messages more
                                      clear that they are about
                                      Zeroconf.
  (fingerprint): Use plain "0" instead of "ctypes.c_uint(0)".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-keygen">
5
 
<!ENTITY TIMESTAMP "2018-02-08">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
6
]>
9
7
 
10
8
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
9
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
 
10
    <title>&COMMANDNAME;</title>
13
11
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
 
12
    <productname>&COMMANDNAME;</productname>
 
13
    <productnumber>&VERSION;</productnumber>
17
14
    <authorgroup>
18
15
      <author>
19
16
        <firstname>Björn</firstname>
20
17
        <surname>Påhlsson</surname>
21
18
        <address>
22
 
          <email>belorn@recompile.se</email>
 
19
          <email>belorn@fukt.bsnet.se</email>
23
20
        </address>
24
21
      </author>
25
22
      <author>
26
23
        <firstname>Teddy</firstname>
27
24
        <surname>Hogeborn</surname>
28
25
        <address>
29
 
          <email>teddy@recompile.se</email>
 
26
          <email>teddy@fukt.bsnet.se</email>
30
27
        </address>
31
28
      </author>
32
29
    </authorgroup>
33
30
    <copyright>
34
31
      <year>2008</year>
35
 
      <year>2009</year>
36
 
      <year>2010</year>
37
 
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
32
      <holder>Teddy Hogeborn</holder>
46
33
      <holder>Björn Påhlsson</holder>
47
34
    </copyright>
48
 
    <xi:include href="legalnotice.xml"/>
 
35
    <legalnotice>
 
36
      <para>
 
37
        This manual page is free software: you can redistribute it
 
38
        and/or modify it under the terms of the GNU General Public
 
39
        License as published by the Free Software Foundation,
 
40
        either version 3 of the License, or (at your option) any
 
41
        later version.
 
42
      </para>
 
43
 
 
44
      <para>
 
45
        This manual page is distributed in the hope that it will
 
46
        be useful, but WITHOUT ANY WARRANTY; without even the
 
47
        implied warranty of MERCHANTABILITY or FITNESS FOR A
 
48
        PARTICULAR PURPOSE.  See the GNU General Public License
 
49
        for more details.
 
50
      </para>
 
51
 
 
52
      <para>
 
53
        You should have received a copy of the GNU General Public
 
54
        License along with this program; If not, see
 
55
        <ulink url="http://www.gnu.org/licenses/"/>.
 
56
      </para>
 
57
    </legalnotice>
49
58
  </refentryinfo>
50
 
  
 
59
 
51
60
  <refmeta>
52
61
    <refentrytitle>&COMMANDNAME;</refentrytitle>
53
62
    <manvolnum>8</manvolnum>
56
65
  <refnamediv>
57
66
    <refname><command>&COMMANDNAME;</command></refname>
58
67
    <refpurpose>
59
 
      Generate key and password for Mandos client and server.
 
68
      Generate keys for <citerefentry><refentrytitle>password-request
 
69
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
60
70
    </refpurpose>
61
71
  </refnamediv>
62
 
  
 
72
 
63
73
  <refsynopsisdiv>
64
74
    <cmdsynopsis>
65
75
      <command>&COMMANDNAME;</command>
66
 
      <group>
67
 
        <arg choice="plain"><option>--dir
68
 
        <replaceable>DIRECTORY</replaceable></option></arg>
69
 
        <arg choice="plain"><option>-d
70
 
        <replaceable>DIRECTORY</replaceable></option></arg>
71
 
      </group>
72
 
      <sbr/>
73
 
      <group>
74
 
        <arg choice="plain"><option>--type
75
 
        <replaceable>KEYTYPE</replaceable></option></arg>
76
 
        <arg choice="plain"><option>-t
77
 
        <replaceable>KEYTYPE</replaceable></option></arg>
78
 
      </group>
79
 
      <sbr/>
80
 
      <group>
81
 
        <arg choice="plain"><option>--length
82
 
        <replaceable>BITS</replaceable></option></arg>
83
 
        <arg choice="plain"><option>-l
84
 
        <replaceable>BITS</replaceable></option></arg>
85
 
      </group>
86
 
      <sbr/>
87
 
      <group>
88
 
        <arg choice="plain"><option>--subtype
89
 
        <replaceable>KEYTYPE</replaceable></option></arg>
90
 
        <arg choice="plain"><option>-s
91
 
        <replaceable>KEYTYPE</replaceable></option></arg>
92
 
      </group>
93
 
      <sbr/>
94
 
      <group>
95
 
        <arg choice="plain"><option>--sublength
96
 
        <replaceable>BITS</replaceable></option></arg>
97
 
        <arg choice="plain"><option>-L
98
 
        <replaceable>BITS</replaceable></option></arg>
99
 
      </group>
100
 
      <sbr/>
101
 
      <group>
102
 
        <arg choice="plain"><option>--name
103
 
        <replaceable>NAME</replaceable></option></arg>
104
 
        <arg choice="plain"><option>-n
105
 
        <replaceable>NAME</replaceable></option></arg>
106
 
      </group>
107
 
      <sbr/>
108
 
      <group>
109
 
        <arg choice="plain"><option>--email
110
 
        <replaceable>ADDRESS</replaceable></option></arg>
111
 
        <arg choice="plain"><option>-e
112
 
        <replaceable>ADDRESS</replaceable></option></arg>
113
 
      </group>
114
 
      <sbr/>
115
 
      <group>
116
 
        <arg choice="plain"><option>--comment
117
 
        <replaceable>TEXT</replaceable></option></arg>
118
 
        <arg choice="plain"><option>-c
119
 
        <replaceable>TEXT</replaceable></option></arg>
120
 
      </group>
121
 
      <sbr/>
122
 
      <group>
123
 
        <arg choice="plain"><option>--expire
124
 
        <replaceable>TIME</replaceable></option></arg>
125
 
        <arg choice="plain"><option>-x
126
 
        <replaceable>TIME</replaceable></option></arg>
127
 
      </group>
128
 
      <sbr/>
129
 
      <group>
 
76
      <group choice="opt">
 
77
        <arg choice="plain"><option>--dir</option>
 
78
        <replaceable>directory</replaceable></arg>
 
79
      </group>
 
80
      <group choice="opt">
 
81
        <arg choice="plain"><option>--type</option>
 
82
        <replaceable>type</replaceable></arg>
 
83
      </group>
 
84
      <group choice="opt">
 
85
        <arg choice="plain"><option>--length</option>
 
86
        <replaceable>bits</replaceable></arg>
 
87
      </group>
 
88
      <group choice="opt">
 
89
        <arg choice="plain"><option>--subtype</option>
 
90
        <replaceable>type</replaceable></arg>
 
91
      </group>
 
92
      <group choice="opt">
 
93
        <arg choice="plain"><option>--sublength</option>
 
94
        <replaceable>bits</replaceable></arg>
 
95
      </group>
 
96
      <group choice="opt">
 
97
        <arg choice="plain"><option>--name</option>
 
98
        <replaceable>NAME</replaceable></arg>
 
99
      </group>
 
100
      <group choice="opt">
 
101
        <arg choice="plain"><option>--email</option>
 
102
        <replaceable>EMAIL</replaceable></arg>
 
103
      </group>
 
104
      <group choice="opt">
 
105
        <arg choice="plain"><option>--comment</option>
 
106
        <replaceable>COMMENT</replaceable></arg>
 
107
      </group>
 
108
      <group choice="opt">
 
109
        <arg choice="plain"><option>--expire</option>
 
110
        <replaceable>TIME</replaceable></arg>
 
111
      </group>
 
112
      <group choice="opt">
130
113
        <arg choice="plain"><option>--force</option></arg>
 
114
      </group>
 
115
    </cmdsynopsis>
 
116
    <cmdsynopsis>
 
117
      <command>&COMMANDNAME;</command>
 
118
      <group choice="opt">
 
119
        <arg choice="plain"><option>-d</option>
 
120
        <replaceable>directory</replaceable></arg>
 
121
      </group>
 
122
      <group choice="opt">
 
123
        <arg choice="plain"><option>-t</option>
 
124
        <replaceable>type</replaceable></arg>
 
125
      </group>
 
126
      <group choice="opt">
 
127
        <arg choice="plain"><option>-l</option>
 
128
        <replaceable>bits</replaceable></arg>
 
129
      </group>
 
130
      <group choice="opt">
 
131
        <arg choice="plain"><option>-s</option>
 
132
        <replaceable>type</replaceable></arg>
 
133
      </group>
 
134
      <group choice="opt">
 
135
        <arg choice="plain"><option>-L</option>
 
136
        <replaceable>bits</replaceable></arg>
 
137
      </group>
 
138
      <group choice="opt">
 
139
        <arg choice="plain"><option>-n</option>
 
140
        <replaceable>NAME</replaceable></arg>
 
141
      </group>
 
142
      <group choice="opt">
 
143
        <arg choice="plain"><option>-e</option>
 
144
        <replaceable>EMAIL</replaceable></arg>
 
145
      </group>
 
146
      <group choice="opt">
 
147
        <arg choice="plain"><option>-c</option>
 
148
        <replaceable>COMMENT</replaceable></arg>
 
149
      </group>
 
150
      <group choice="opt">
 
151
        <arg choice="plain"><option>-x</option>
 
152
        <replaceable>TIME</replaceable></arg>
 
153
      </group>
 
154
      <group choice="opt">
131
155
        <arg choice="plain"><option>-f</option></arg>
132
156
      </group>
133
157
    </cmdsynopsis>
134
158
    <cmdsynopsis>
135
159
      <command>&COMMANDNAME;</command>
136
160
      <group choice="req">
 
161
        <arg choice="plain"><option>-p</option></arg>
137
162
        <arg choice="plain"><option>--password</option></arg>
138
 
        <arg choice="plain"><option>-p</option></arg>
139
 
        <arg choice="plain"><option>--passfile
140
 
        <replaceable>FILE</replaceable></option></arg>
141
 
        <arg choice="plain"><option>-F</option>
142
 
        <replaceable>FILE</replaceable></arg>
143
 
      </group>
144
 
      <sbr/>
145
 
      <group>
146
 
        <arg choice="plain"><option>--dir
147
 
        <replaceable>DIRECTORY</replaceable></option></arg>
148
 
        <arg choice="plain"><option>-d
149
 
        <replaceable>DIRECTORY</replaceable></option></arg>
150
 
      </group>
151
 
      <sbr/>
152
 
      <group>
153
 
        <arg choice="plain"><option>--name
154
 
        <replaceable>NAME</replaceable></option></arg>
155
 
        <arg choice="plain"><option>-n
156
 
        <replaceable>NAME</replaceable></option></arg>
157
 
      </group>
158
 
      <group>
159
 
        <arg choice="plain"><option>--no-ssh</option></arg>
160
 
        <arg choice="plain"><option>-S</option></arg>
 
163
      </group>
 
164
      <group choice="opt">
 
165
        <arg choice="plain"><option>--dir</option>
 
166
        <replaceable>directory</replaceable></arg>
 
167
      </group>
 
168
      <group choice="opt">
 
169
        <arg choice="plain"><option>--name</option>
 
170
        <replaceable>NAME</replaceable></arg>
161
171
      </group>
162
172
    </cmdsynopsis>
163
173
    <cmdsynopsis>
164
174
      <command>&COMMANDNAME;</command>
165
175
      <group choice="req">
 
176
        <arg choice="plain"><option>-h</option></arg>
166
177
        <arg choice="plain"><option>--help</option></arg>
167
 
        <arg choice="plain"><option>-h</option></arg>
168
178
      </group>
169
179
    </cmdsynopsis>
170
180
    <cmdsynopsis>
171
181
      <command>&COMMANDNAME;</command>
172
182
      <group choice="req">
 
183
        <arg choice="plain"><option>-v</option></arg>
173
184
        <arg choice="plain"><option>--version</option></arg>
174
 
        <arg choice="plain"><option>-v</option></arg>
175
185
      </group>
176
186
    </cmdsynopsis>
177
187
  </refsynopsisdiv>
178
 
  
 
188
 
179
189
  <refsect1 id="description">
180
190
    <title>DESCRIPTION</title>
181
191
    <para>
182
192
      <command>&COMMANDNAME;</command> is a program to generate the
183
 
      OpenPGP key used by
184
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
185
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
 
193
      OpenPGP keys used by
 
194
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
195
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
186
196
      normally written to /etc/mandos for later installation into the
187
 
      initrd image, but this, and most other things, can be changed
188
 
      with command line options.
 
197
      initrd image, but this, like most things, can be changed with
 
198
      command line options.
189
199
    </para>
190
200
    <para>
191
 
      This program can also be used with the
192
 
      <option>--password</option> or <option>--passfile</option>
193
 
      options to generate a ready-made section for
194
 
      <filename>clients.conf</filename> (see
 
201
      It can also be used to generate ready-made sections for
195
202
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
196
 
      <manvolnum>5</manvolnum></citerefentry>).
 
203
      <manvolnum>5</manvolnum></citerefentry> using the
 
204
      <option>--password</option> option.
197
205
    </para>
198
206
  </refsect1>
199
207
  
200
208
  <refsect1 id="purpose">
201
209
    <title>PURPOSE</title>
 
210
 
202
211
    <para>
203
212
      The purpose of this is to enable <emphasis>remote and unattended
204
213
      rebooting</emphasis> of client host computer with an
205
214
      <emphasis>encrypted root file system</emphasis>.  See <xref
206
215
      linkend="overview"/> for details.
207
216
    </para>
 
217
 
208
218
  </refsect1>
209
219
  
210
220
  <refsect1 id="options">
211
221
    <title>OPTIONS</title>
212
 
    
 
222
 
213
223
    <variablelist>
214
224
      <varlistentry>
215
 
        <term><option>--help</option></term>
216
 
        <term><option>-h</option></term>
 
225
        <term><literal>-h</literal>, <literal>--help</literal></term>
217
226
        <listitem>
218
227
          <para>
219
228
            Show a help message and exit
220
229
          </para>
221
230
        </listitem>
222
231
      </varlistentry>
223
 
      
 
232
 
224
233
      <varlistentry>
225
 
        <term><option>--dir
226
 
        <replaceable>DIRECTORY</replaceable></option></term>
227
 
        <term><option>-d
228
 
        <replaceable>DIRECTORY</replaceable></option></term>
 
234
        <term><literal>-d</literal>, <literal>--dir
 
235
        <replaceable>directory</replaceable></literal></term>
229
236
        <listitem>
230
237
          <para>
231
238
            Target directory for key files.  Default is
232
 
            <filename class="directory">/etc/mandos</filename>.
233
 
          </para>
234
 
        </listitem>
235
 
      </varlistentry>
236
 
      
237
 
      <varlistentry>
238
 
        <term><option>--type
239
 
        <replaceable>TYPE</replaceable></option></term>
240
 
        <term><option>-t
241
 
        <replaceable>TYPE</replaceable></option></term>
242
 
        <listitem>
243
 
          <para>
244
 
            Key type.  Default is <quote>RSA</quote>.
245
 
          </para>
246
 
        </listitem>
247
 
      </varlistentry>
248
 
      
249
 
      <varlistentry>
250
 
        <term><option>--length
251
 
        <replaceable>BITS</replaceable></option></term>
252
 
        <term><option>-l
253
 
        <replaceable>BITS</replaceable></option></term>
254
 
        <listitem>
255
 
          <para>
256
 
            Key length in bits.  Default is 4096.
257
 
          </para>
258
 
        </listitem>
259
 
      </varlistentry>
260
 
      
261
 
      <varlistentry>
262
 
        <term><option>--subtype
263
 
        <replaceable>KEYTYPE</replaceable></option></term>
264
 
        <term><option>-s
265
 
        <replaceable>KEYTYPE</replaceable></option></term>
266
 
        <listitem>
267
 
          <para>
268
 
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
239
            <filename>/etc/mandos</filename>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
 
243
 
 
244
      <varlistentry>
 
245
        <term><literal>-t</literal>, <literal>--type
 
246
        <replaceable>type</replaceable></literal></term>
 
247
        <listitem>
 
248
          <para>
 
249
            Key type.  Default is <quote>DSA</quote>.
 
250
          </para>
 
251
        </listitem>
 
252
      </varlistentry>
 
253
 
 
254
      <varlistentry>
 
255
        <term><literal>-l</literal>, <literal>--length
 
256
        <replaceable>bits</replaceable></literal></term>
 
257
        <listitem>
 
258
          <para>
 
259
            Key length in bits.  Default is 2048.
 
260
          </para>
 
261
        </listitem>
 
262
      </varlistentry>
 
263
 
 
264
      <varlistentry>
 
265
        <term><literal>-s</literal>, <literal>--subtype
 
266
        <replaceable>type</replaceable></literal></term>
 
267
        <listitem>
 
268
          <para>
 
269
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
269
270
            encryption-only).
270
271
          </para>
271
272
        </listitem>
272
273
      </varlistentry>
273
 
      
 
274
 
274
275
      <varlistentry>
275
 
        <term><option>--sublength
276
 
        <replaceable>BITS</replaceable></option></term>
277
 
        <term><option>-L
278
 
        <replaceable>BITS</replaceable></option></term>
 
276
        <term><literal>-L</literal>, <literal>--sublength
 
277
        <replaceable>bits</replaceable></literal></term>
279
278
        <listitem>
280
279
          <para>
281
 
            Subkey length in bits.  Default is 4096.
 
280
            Subkey length in bits.  Default is 2048.
282
281
          </para>
283
282
        </listitem>
284
283
      </varlistentry>
285
 
      
 
284
 
286
285
      <varlistentry>
287
 
        <term><option>--email
288
 
        <replaceable>ADDRESS</replaceable></option></term>
289
 
        <term><option>-e
290
 
        <replaceable>ADDRESS</replaceable></option></term>
 
286
        <term><literal>-e</literal>, <literal>--email</literal>
 
287
        <replaceable>address</replaceable></term>
291
288
        <listitem>
292
289
          <para>
293
290
            Email address of key.  Default is empty.
294
291
          </para>
295
292
        </listitem>
296
293
      </varlistentry>
297
 
      
 
294
 
298
295
      <varlistentry>
299
 
        <term><option>--comment
300
 
        <replaceable>TEXT</replaceable></option></term>
301
 
        <term><option>-c
302
 
        <replaceable>TEXT</replaceable></option></term>
 
296
        <term><literal>-c</literal>, <literal>--comment</literal>
 
297
        <replaceable>comment</replaceable></term>
303
298
        <listitem>
304
299
          <para>
305
 
            Comment field for key.  Default is empty.
 
300
            Comment field for key.  The default value is
 
301
            <quote><literal>Mandos client key</literal></quote>.
306
302
          </para>
307
303
        </listitem>
308
304
      </varlistentry>
309
 
      
 
305
 
310
306
      <varlistentry>
311
 
        <term><option>--expire
312
 
        <replaceable>TIME</replaceable></option></term>
313
 
        <term><option>-x
314
 
        <replaceable>TIME</replaceable></option></term>
 
307
        <term><literal>-x</literal>, <literal>--expire</literal>
 
308
        <replaceable>time</replaceable></term>
315
309
        <listitem>
316
310
          <para>
317
311
            Key expire time.  Default is no expiration.  See
320
314
          </para>
321
315
        </listitem>
322
316
      </varlistentry>
323
 
      
 
317
 
324
318
      <varlistentry>
325
 
        <term><option>--force</option></term>
326
 
        <term><option>-f</option></term>
 
319
        <term><literal>-f</literal>, <literal>--force</literal></term>
327
320
        <listitem>
328
321
          <para>
329
 
            Force overwriting old key.
 
322
            Force overwriting old keys.
330
323
          </para>
331
324
        </listitem>
332
325
      </varlistentry>
333
326
      <varlistentry>
334
 
        <term><option>--password</option></term>
335
 
        <term><option>-p</option></term>
 
327
        <term><literal>-p</literal>, <literal>--password</literal
 
328
        ></term>
336
329
        <listitem>
337
330
          <para>
338
331
            Prompt for a password and encrypt it with the key already
344
337
            >8</manvolnum></citerefentry>.  The host name or the name
345
338
            specified with the <option>--name</option> option is used
346
339
            for the section header.  All other options are ignored,
347
 
            and no key is created.
348
 
          </para>
349
 
        </listitem>
350
 
      </varlistentry>
351
 
      <varlistentry>
352
 
        <term><option>--passfile
353
 
        <replaceable>FILE</replaceable></option></term>
354
 
        <term><option>-F
355
 
        <replaceable>FILE</replaceable></option></term>
356
 
        <listitem>
357
 
          <para>
358
 
            The same as <option>--password</option>, but read from
359
 
            <replaceable>FILE</replaceable>, not the terminal.
360
 
          </para>
361
 
        </listitem>
362
 
      </varlistentry>
363
 
      <varlistentry>
364
 
        <term><option>--no-ssh</option></term>
365
 
        <term><option>-S</option></term>
366
 
        <listitem>
367
 
          <para>
368
 
            When <option>--password</option> or
369
 
            <option>--passfile</option> is given, this option will
370
 
            prevent <command>&COMMANDNAME;</command> from calling
371
 
            <command>ssh-keyscan</command> to get an SSH fingerprint
372
 
            for this host and, if successful, output suitable config
373
 
            options to use this fingerprint as a
374
 
            <option>checker</option> option in the output.  This is
375
 
            otherwise the default behavior.
 
340
            and no keys are created.
376
341
          </para>
377
342
        </listitem>
378
343
      </varlistentry>
379
344
    </variablelist>
380
345
  </refsect1>
381
 
  
 
346
 
382
347
  <refsect1 id="overview">
383
348
    <title>OVERVIEW</title>
384
349
    <xi:include href="overview.xml"/>
385
350
    <para>
386
351
      This program is a small utility to generate new OpenPGP keys for
387
 
      new Mandos clients, and to generate sections for inclusion in
388
 
      <filename>clients.conf</filename> on the server.
 
352
      new Mandos clients.
389
353
    </para>
390
354
  </refsect1>
391
 
  
 
355
 
392
356
  <refsect1 id="exit_status">
393
357
    <title>EXIT STATUS</title>
394
358
    <para>
395
 
      The exit status will be 0 if a new key (or password, if the
396
 
      <option>--password</option> option was used) was successfully
397
 
      created, otherwise not.
 
359
      The exit status will be 0 if new keys were successfully created,
 
360
      otherwise not.
398
361
    </para>
399
362
  </refsect1>
400
363
  
402
365
    <title>ENVIRONMENT</title>
403
366
    <variablelist>
404
367
      <varlistentry>
405
 
        <term><envar>TMPDIR</envar></term>
 
368
        <term><varname>TMPDIR</varname></term>
406
369
        <listitem>
407
370
          <para>
408
371
            If set, temporary files will be created here. See
414
377
    </variablelist>
415
378
  </refsect1>
416
379
  
417
 
  <refsect1 id="files">
 
380
  <refsect1 id="file">
418
381
    <title>FILES</title>
419
382
    <para>
420
383
      Use the <option>--dir</option> option to change where
441
404
        </listitem>
442
405
      </varlistentry>
443
406
      <varlistentry>
444
 
        <term><filename class="directory">/tmp</filename></term>
 
407
        <term><filename>/tmp</filename></term>
445
408
        <listitem>
446
409
          <para>
447
410
            Temporary files will be written here if
451
414
      </varlistentry>
452
415
    </variablelist>
453
416
  </refsect1>
454
 
  
 
417
 
455
418
  <refsect1 id="bugs">
456
419
    <title>BUGS</title>
457
 
    <xi:include href="bugs.xml"/>
 
420
    <para>
 
421
      None are known at this time.
 
422
    </para>
458
423
  </refsect1>
459
 
  
 
424
 
460
425
  <refsect1 id="example">
461
426
    <title>EXAMPLE</title>
462
427
    <informalexample>
464
429
        Normal invocation needs no options:
465
430
      </para>
466
431
      <para>
467
 
        <userinput>&COMMANDNAME;</userinput>
 
432
        <userinput>mandos-keygen</userinput>
468
433
      </para>
469
434
    </informalexample>
470
435
    <informalexample>
471
436
      <para>
472
 
        Create key in another directory and of another type.  Force
 
437
        Create keys in another directory and of another type.  Force
473
438
        overwriting old key files:
474
439
      </para>
475
440
      <para>
476
441
 
477
442
<!-- do not wrap this line -->
478
 
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
479
 
 
480
 
      </para>
481
 
    </informalexample>
482
 
    <informalexample>
483
 
      <para>
484
 
        Prompt for a password, encrypt it with the key in <filename
485
 
        class="directory">/etc/mandos</filename> and output a section
486
 
        suitable for <filename>clients.conf</filename>.
487
 
      </para>
488
 
      <para>
489
 
        <userinput>&COMMANDNAME; --password</userinput>
490
 
      </para>
491
 
    </informalexample>
492
 
    <informalexample>
493
 
      <para>
494
 
        Prompt for a password, encrypt it with the key in the
495
 
        <filename>client-key</filename> directory and output a section
496
 
        suitable for <filename>clients.conf</filename>.
497
 
      </para>
498
 
      <para>
499
 
 
500
 
<!-- do not wrap this line -->
501
 
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
443
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
502
444
 
503
445
      </para>
504
446
    </informalexample>
505
447
  </refsect1>
506
 
  
 
448
 
507
449
  <refsect1 id="security">
508
450
    <title>SECURITY</title>
509
451
    <para>
510
452
      The <option>--type</option>, <option>--length</option>,
511
453
      <option>--subtype</option>, and <option>--sublength</option>
512
 
      options can be used to create keys of low security.  If in
513
 
      doubt, leave them to the default values.
 
454
      options can be used to create keys of insufficient security.  If
 
455
      in doubt, leave them to the default values.
514
456
    </para>
515
457
    <para>
516
 
      The key expire time is <emphasis>not</emphasis> guaranteed to be
517
 
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
458
      The key expire time is not guaranteed to be honored by
 
459
      <citerefentry><refentrytitle>mandos</refentrytitle>
518
460
      <manvolnum>8</manvolnum></citerefentry>.
519
461
    </para>
520
462
  </refsect1>
521
 
  
 
463
 
522
464
  <refsect1 id="see_also">
523
465
    <title>SEE ALSO</title>
524
466
    <para>
525
 
      <citerefentry><refentrytitle>intro</refentrytitle>
 
467
      <citerefentry><refentrytitle>password-request</refentrytitle>
526
468
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
469
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
470
      <manvolnum>8</manvolnum></citerefentry>,
527
471
      <citerefentry><refentrytitle>gpg</refentrytitle>
528
 
      <manvolnum>1</manvolnum></citerefentry>,
529
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
530
 
      <manvolnum>5</manvolnum></citerefentry>,
531
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
532
 
      <manvolnum>8</manvolnum></citerefentry>,
533
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
534
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
535
 
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
536
472
      <manvolnum>1</manvolnum></citerefentry>
537
473
    </para>
538
474
  </refsect1>
539
475
  
540
476
</refentry>
541
 
<!-- Local Variables: -->
542
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
543
 
<!-- time-stamp-end: "[\"']>" -->
544
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
545
 
<!-- End: -->