/mandos/trunk : revision 130

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-08-31 14:02:37 UTC
Revision ID: teddy@fukt.bsnet.se-20080831140237-oz9knd88esz8cj4y

* plugin-runner.xml: Removed <?xml-stylesheet>.
* plugins.d/password-request.xml: - '' -

files removed:
README

legalnotice.xml

files modified:
Makefile

TODO

initramfs-tools-hook

mandos-clients.conf.xml

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-09-04">

<!ENTITY TIMESTAMP "2008-08-31">

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

</refentryinfo>

115

137

Any authenticated client is then given the stored pre-encrypted

116

138

password for that specific client.

117

139

</para>

140

118

141

</refsect1>

119

142

120

143

121

144

<title>PURPOSE</title>

145

122

146

<para>

123

147

The purpose of this is to enable <emphasis>remote and unattended

124

148

rebooting</emphasis> of client host computer with an

125

149

<emphasis>encrypted root file system</emphasis>. See <xref

126

150

linkend="overview"/> for details.

127

151

</para>

152

128

153

</refsect1>

129

154

130

155

131

156

<title>OPTIONS</title>

157

132

158

133

159

134

160

236

262

<para>

237

263

This program is the server part. It is a normal server program

238

264

and will run in a normal system environment, not in an initial

239

<acronym>RAM</acronym> disk environment.

265

RAM disk environment.

240

266

</para>

241

267

</refsect1>

242

268

434

460

Debug mode is conflated with running in the foreground.

435

461

</para>

436

462

<para>

437

The console log messages does not show a time stamp.

438

</para>

439

<para>

440

This server does not check the expire time of clients’ OpenPGP

441

keys.

463

The console log messages does not show a timestamp.

442

464

</para>

443

465

</refsect1>

444

466

521

543

restarting servers if it is suspected that a client has, in

522

544

fact, been compromised by parties who may now be running a

523

545

fake Mandos client with the keys from the non-encrypted

524

initial <acronym>RAM</acronym> image of the client host. What

525

should be done in that case (if restarting the server program

526

really is necessary) is to stop the server program, edit the

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

527

549

configuration file to omit any suspect clients, and restart

528

550

the server program.

529

551

</para>

Older »