/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2019-07-06 22:13:13 UTC
Revision ID: teddy@recompile.se-20190706221313-uaoa5cup12s72rec

mandos-ctl: Update Emacs lisp test runner code

* mandos-ctl: Update Emacs lisp after-save-hook test runner to use
              file-local-name if available (i.e. Emacs 26), or to use
              file-remote-p if not (Emacs 25).  Either should be more
              general than the tramp-* functions were.  Also use
              process-file-shell-command instead of shell-command,
              which enables the use of the less intrusive
              display-buffer-in-side-window action function argument
              to display-buffer.  This stops the takeover of buffers
              (and/or disappearance of windows) when saving.

files added:
debian/mandos-client.templates

debian/mandos.templates

initramfs-tools-conf-hook

files modified:
.bzrignore

DBUS-API

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-02-09">

4

<!ENTITY TIMESTAMP "2019-04-10">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

38

38

<year>2016</year>

39

39

<year>2017</year>

40

40

<year>2018</year>

41

<year>2019</year>

41

42

<holder>Teddy Hogeborn</holder>

42

43

<holder>Björn Påhlsson</holder>

43

44

</copyright>

130

131

</para>

131

132

<para>

132

133

So, at boot time, the Mandos client will ask for its encrypted

133

data over the network, decrypt it to get the password, use it to

134

decrypt the root file, and continue booting.

134

data over the network, decrypt the data to get the password, use

135

the password to decrypt the root file system, and the client can

136

then continue booting.

135

137

</para>

136

138

<para>

137

139

Now, of course the initial RAM disk image is not on the

143

145

long, and will no longer give out the encrypted key. The timing

144

146

here is the only real weak point, and the method, frequency and

145

147

timeout of the server’s checking can be adjusted to any desired

146

level of paranoia

148

level of paranoia.

147

149

</para>

148

150

<para>

149

151

(The encrypted keys on the Mandos server is on its normal file

Older »