/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2019-07-14 23:39:53 UTC
Revision ID: teddy@recompile.se-20190714233953-1zmsd3o062xloazt

Server bug fix: Allow restarts when using port= option

If the Mandos server is configured to use a specific TCP port to
listen to (by using the port= option in mandos.conf or the command
line --port option), that port becomes unusable for a time when the
Mandos server is restarted, making restarts fail. Avoid this by, if a
port number is specified, using SO_REUSEADDR when binding the
listening TCP socket to a port number.

* mandos (IPv6_TCPServer.server_bind): Set self.allow_reuse_address if
a port number is specified.

Reported-by: Juan Miguel Alcarria Herrera <juanmi@arco2000.es>

files added:
initramfs-tools-conf-hook

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

TODO

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.postinst

debian/mandos.postinst

debian/mandos.templates

debian/rules

debian/watch

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos.conf.xml

mandos.lsm

mandos.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-02-09">

4

<!ENTITY TIMESTAMP "2019-04-10">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

38

38

<year>2016</year>

39

39

<year>2017</year>

40

40

<year>2018</year>

41

<year>2019</year>

41

42

<holder>Teddy Hogeborn</holder>

42

43

<holder>Björn Påhlsson</holder>

43

44

</copyright>

130

131

</para>

131

132

<para>

132

133

So, at boot time, the Mandos client will ask for its encrypted

133

data over the network, decrypt it to get the password, use it to

134

decrypt the root file, and continue booting.

134

data over the network, decrypt the data to get the password, use

135

the password to decrypt the root file system, and the client can

136

then continue booting.

135

137

</para>

136

138

<para>

137

139

Now, of course the initial RAM disk image is not on the

143

145

long, and will no longer give out the encrypted key. The timing

144

146

here is the only real weak point, and the method, frequency and

145

147

timeout of the server’s checking can be adjusted to any desired

146

level of paranoia

148

level of paranoia.

147

149

</para>

148

150

<para>

149

151

(The encrypted keys on the Mandos server is on its normal file

Older »