/mandos/trunk : revision 1251

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-prompt.xml

Committer: Teddy Hogeborn
Date: 2022-04-24 11:04:54 UTC
Revision ID: teddy@recompile.se-20220424110454-p1tgedieq5eg74q1

Server: Fix minor style issue

* mandos-ctl: Consistently use double quotes instead of single quotes.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

bugs.xml

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos-client.templates

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/mandos.templates

debian/po

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/rules

debian/source

debian/source/format

debian/source/lintian-overrides

debian/source/local-options

debian/tests

debian/tests/control

debian/upstream

debian/upstream/metadata

debian/upstream/signing-key.asc

debian/watch

default-mandos

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

init.d-mandos

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos-to-cryptroot-unlock

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files removed:
initramfs-tools-hook-conf

plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-prompt.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-prompt">

<!ENTITY TIMESTAMP "2008-09-01">

<!ENTITY TIMESTAMP "2019-07-27">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

>PREFIX</replaceable></arg>

</group>

<sbr/>

<option>--prompt <replaceable>PROMPT</replaceable></option>

</arg>

<arg choice="opt"><option>--debug</option></arg>

</cmdsynopsis>

<title>DESCRIPTION</title>

<para>

100

All <command>&COMMANDNAME;</command> does is prompt for a

password and output any given password to standard output. This

is not very useful on its own. This program is really meant to

run as a plugin in the <application>Mandos</application>

client-side system, where it is used as a fallback and

alternative to retriving passwords from a <application

>Mandos</application> server.

101

password and output any given password to standard output.

102

</para>

103

<para>

104

This program is not very useful on its own. This program is

105

really meant to run as a plugin in the <application

106

>Mandos</application> client-side system, where it is used as a

107

fallback and alternative to retrieving passwords from a

108

<application >Mandos</application> server.

109

</para>

110

<para>

111

This program is little more than a <citerefentry><refentrytitle

113

wrapper, although actual use of that function is not guaranteed

114

or implied.

115

</para>

116

<para>

117

This program tries to detect if a Plymouth daemon

118

(<citerefentry><refentrytitle

119

>plymouthd</refentrytitle><manvolnum>8</manvolnum></citerefentry>)

120

is running, by looking for a

121

<filename>/run/plymouth/pid</filename> file or a process named

122

<quote><literal>plymouthd</literal></quote>. If it is detected,

123

this process will immediately exit without doing anything.

124

</para>

125

</refsect1>

100

126

101

127

124

150

</varlistentry>

125

151

126

152

153

<term><option>--prompt=<replaceable

154

>PROMPT</replaceable></option></term>

155

156

<para>

157

The password prompt. Using this option will make this

158

program ignore the <envar>CRYPTTAB_SOURCE</envar> and

159

<envar>CRYPTTAB_NAME</envar> environment variables.

160

</para>

161

</listitem>

162

</varlistentry>

163

164

127

165

<term><option>--debug</option></term>

128

166

129

167

<para>

179

217

<title>ENVIRONMENT</title>

180

218

181

219

182

<term><envar>cryptsource</envar></term>

183

<term><envar>crypttarget</envar></term>

220

<term><envar>CRYPTTAB_SOURCE</envar></term>

221

<term><envar>CRYPTTAB_NAME</envar></term>

184

222

185

223

<para>

186

If set, these environment variables will be assumed to

224

If set, and if the <option>--prompt</option> option is not

225

used, these environment variables will be assumed to

187

226

contain the source device name and the target device

188

227

mapper name, respectively, and will be shown as part of

189

228

the prompt.

191

230

<para>

192

231

These variables will normally be inherited from

193

232

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

194

<manvolnum>8mandos</manvolnum></citerefentry>, which will

195

normally have inherited them from

196

<filename>/scripts/local-top/cryptroot</filename> in the

197

initial <acronym>RAM</acronym> disk environment, which will

198

have set them from parsing kernel arguments and

199

<filename>/conf/conf.d/cryptroot</filename> (also in the

200

initial RAM disk environment), which in turn will have been

201

created when the initial RAM disk image was created by

202

<filename

203

>/usr/share/initramfs-tools/hooks/cryptroot</filename>, by

204

extracting the information of the root file system from

205

<filename >/etc/crypttab</filename>.

233

<manvolnum>8mandos</manvolnum></citerefentry>, which might

234

have in turn inherited them from its calling process.

206

235

</para>

207

236

<para>

208

237

This behavior is meant to exactly mirror the behavior of

209

<command>askpass</command>, the default password prompter.

238

<command>askpass</command>, the default password prompter

239

from initramfs-tools.

210

240

</para>

211

241

</listitem>

212

242

</varlistentry>

215

245

216

246

217

247

218

<para>

219

None are known at this time.

220

</para>

248

<xi:include href="../bugs.xml"/>

221

249

</refsect1>

222

250

223

251

240

268

<para>

241

269

Show a prefix before the prompt; in this case, a host name.

242

270

It might be useful to be reminded of which host needs a

243

password, in case of KVM switches, etc.

271

password, in case of <acronym>KVM</acronym> switches, etc.

244

272

</para>

245

273

<para>

246

274

270

298

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum>

271

299

</citerefentry>, and will, when run standalone, outside, in a

272

300

normal environment, immediately output on its standard output

273

any presumably secret password it just recieved. Therefore,

301

any presumably secret password it just received. Therefore,

274

302

when running this program standalone (which should never

275

303

normally be done), take care not to type in any real secret

276

304

password by force of habit, since it would then immediately be

288

316

289

317

290

318

<para>

291

<citerefentry><refentrytitle>crypttab</refentrytitle>

292

293

<citerefentry><refentrytitle>password-request</refentrytitle>

294

<manvolnum>8mandos</manvolnum></citerefentry>

319

<citerefentry><refentrytitle>intro</refentrytitle>

320

<manvolnum>8mandos</manvolnum></citerefentry>,

321

<citerefentry><refentrytitle>mandos-client</refentrytitle>

322

<manvolnum>8mandos</manvolnum></citerefentry>,

295

323

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

296

324

<manvolnum>8mandos</manvolnum></citerefentry>,

325

<citerefentry><refentrytitle>plymouthd</refentrytitle>

326

297

327

</para>

298

328

</refsect1>

299

329

</refentry>

Older »