/mandos/trunk : revision 142

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-02 17:42:53 UTC
Revision ID: teddy@fukt.bsnet.se-20080902174253-p3wxrq7z6ccnv7fs

* plugins.d/password-request.c (main): Change default GnuTLS priority
                                       string to
                             "SECURE256":!CTYPE-X.509:+CTYPE-OPENPGP".

* plugins.d/password-request.xml (DESCRIPTION): Improve wording.
  (PURPOSE, OVERVIEW): New sections.
  (OPTIONS): Improved wording.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Commented out.

files modified:
Makefile

TODO

mandos-options.xml

plugins.d/password-request.c

plugins.d/password-request.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-03">

<!ENTITY TIMESTAMP "2008-09-02">

128

communicates with <citerefentry><refentrytitle

129

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

130

to get a password. It uses IPv6 link-local addresses to get

131

network connectivity, Zeroconf to find servers, and TLS with an

132

OpenPGP key to ensure authenticity and confidentiality. It

131

network connectivity, Zeroconf to find the server, and TLS with

132

an OpenPGP key to ensure authenticity and confidentiality. It

133

keeps running, trying all servers on the network, until it

134

receives a satisfactory reply or a TERM signal is recieved.

134

receives a satisfactory reply.

135

</para>

136

<para>

137

This program is not meant to be run directly; it is really meant

138

to run as a plugin of the <application>Mandos</application>

139

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

140

<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the

141

initial <acronym>RAM</acronym> disk environment because it is

142

specified as a <quote>keyscript</quote> in the <citerefentry>

143

<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>

144

</citerefentry> file.

140

<manvolnum>8mandos</manvolnum></citerefentry>, which in turn

141

runs as a <quote>keyscript</quote> specified in the

142

<citerefentry><refentrytitle>crypttab</refentrytitle>

143

<manvolnum>5</manvolnum></citerefentry> file.

145

144

</para>

146

145

</refsect1>

147

146

155

154

</para>

156

155

</refsect1>

157

156

157

158

<title>OVERVIEW</title>

159

<xi:include href="overview.xml"/>

160

<para>

161

This program is the client part. It is a plugin started by

162

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

163

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

164

an initial <acronym>RAM</acronym> disk environment.

165

</para>

166

<para>

167

This program could, theoretically, be used as a keyscript in

168

<filename>/etc/crypttab</filename>, but it would then be

169

impossible to enter the encrypted root disk password at the

170

console, since this program does not read from the console at

171

all. This is why a separate plugin does that, which will be run

172

in parallell to this one.

173

</para>

174

</refsect1>

175

158

176

159

177

<title>OPTIONS</title>

160

178

<para>

170

188

171

189

172

190

<term><option>--connect=<replaceable

173

>ADDRESS</replaceable><literal>:</literal><replaceable

191

>IPADDR</replaceable><literal>:</literal><replaceable

174

192

>PORT</replaceable></option></term>

175

193

<term><option>-c

176

<replaceable>ADDRESS</replaceable><literal>:</literal

194

<replaceable>IPADDR</replaceable><literal>:</literal

177

195

><replaceable>PORT</replaceable></option></term>

178

196

179

197

<para>

184

202

assumed to separate the address from the port number.

185

203

</para>

186

204

<para>

187

This option is normally only useful for testing and

188

debugging.

205

This option is normally only useful for debugging.

189

206

</para>

190

207

</listitem>

191

208

</varlistentry>

217

234

Mandos servers to connect to. The default it

218

235

<quote><literal>eth0</literal></quote>.

219

236

</para>

220

<para>

221

If the <option>--connect</option> option is used, this

222

specifies the interface to use to connect to the address

223

given.

224

</para>

225

237

</listitem>

226

238

</varlistentry>

227

239

232

244

233

245

234

246

<para>

235

OpenPGP public key file base name. This will be combined

236

with the directory from the <option>--keydir</option>

237

option to form an absolute file name. The default name is

247

OpenPGP public key file name. This will be combined with

248

the directory from the <option>--keydir</option> option to

249

form an absolute file name. The default name is

238

250

<quote><literal>pubkey.txt</literal></quote>.

239

251

</para>

240

252

</listitem>

247

259

248

260

249

261

<para>

250

OpenPGP secret key file base name. This will be combined

251

with the directory from the <option>--keydir</option>

252

option to form an absolute file name. The default name is

262

OpenPGP secret key file name. This will be combined with

263

the directory from the <option>--keydir</option> option to

264

form an absolute file name. The default name is

253

265

<quote><literal>seckey.txt</literal></quote>.

254

266

</para>

255

267

</listitem>

259

271

<term><option>--priority=<replaceable

260

272

>STRING</replaceable></option></term>

261

273

262

<xi:include href="../mandos-options.xml"

263

xpointer="priority"/>

274

<xi:include href="mandos-options.xml" xpointer="priority"/>

264

275

</listitem>

265

276

</varlistentry>

266

277

322

333

</variablelist>

323

334

</refsect1>

324

335

325

326

<title>OVERVIEW</title>

327

<xi:include href="../overview.xml"/>

328

<para>

329

This program is the client part. It is a plugin started by

330

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

331

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

332

an initial <acronym>RAM</acronym> disk environment.

333

</para>

334

<para>

335

This program could, theoretically, be used as a keyscript in

336

<filename>/etc/crypttab</filename>, but it would then be

337

impossible to enter a password for the encrypted root disk at

338

the console, since this program does not read from the console

339

at all. This is why a separate plugin does that, which will be

340

run in parallell to this one by the plugin runner.

341

</para>

342

</refsect1>

343

344

336

345

337

<title>EXIT STATUS</title>

346

338

<para>

349

341

successfully decrypted and output on standard output. The

350

342

program will exit with a non-zero exit status only if a critical

351

343

error occurs. Otherwise, it will forever connect to new

352

<application>Mandos</application> servers as they appear, trying

353

to get a decryptable password.

354

</para>

355

</refsect1>

356

357

358

<title>ENVIRONMENT</title>

359

<para>

360

This program does not use any environment variables, not even

361

the ones provided by <citerefentry><refentrytitle

362

>cryptsetup</refentrytitle><manvolnum>8</manvolnum>

363

</citerefentry>.

364

</para>

365

</refsect1>

366

367

368

<title>FILES</title>

369

370

371

<term><filename>/conf/conf.d/mandos/pubkey.txt</filename

372

></term>

373

<term><filename>/conf/conf.d/mandos/seckey.txt</filename

374

></term>

375

376

<para>

377

OpenPGP public and private key files, in <quote>ASCII

378

Armor</quote> format. These are the default file names,

379

they can be changed with the <option>--pubkey</option> and

380

<option>--seckey</option> options.

381

</para>

382

</listitem>

383

</varlistentry>

384

</variablelist>

385

</refsect1>

386

387

388

344

<application>Mandosservers</application> servers as they appear,

345

trying to get a decryptable password.

346

</para>

347

</refsect1>

348

349

350

389

351

352

390

353

391

354

355

356

357

<title>FILES</title>

358

<para>

359

</para>

360

</refsect1>

361

362

363

364

<para>

365

</para>

366

</refsect1>

392

367

393

368

394

369

<title>EXAMPLE</title>

395

370

<para>

396

Note that normally, command line options will not be given

397

directly, but via options for the Mandos <citerefentry

398

><refentrytitle>plugin-runner</refentrytitle>

399

<manvolnum>8mandos</manvolnum></citerefentry>.

400

371

</para>

401

402

<para>

403

Normal invocation needs no options, if the network interface

404

is <quote>eth0</quote>:

405

</para>

406

<para>

407

<userinput>&COMMANDNAME;</userinput>

408

</para>

409

</informalexample>

410

411

<para>

412

Search for Mandos servers on another interface:

413

</para>

414

<para>

415

416

<userinput>&COMMANDNAME; --interface eth1</userinput>

417

</para>

418

</informalexample>

419

420

<para>

421

Run in debug mode, and use a custom key directory:

422

</para>

423

<para>

424

425

<userinput>&COMMANDNAME; --debug --keydir keydir</userinput>

426

</para>

427

</informalexample>

428

429

<para>

430

Run in debug mode, with a custom key directory, and do not use

431

Zeroconf to locate a server; connect directly to the IPv6

432

address <quote><systemitem class="ipaddress"

433

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

434

port 4711, using interface eth2:

435

</para>

436

<para>

437

438

439

<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

440

441

</para>

442

</informalexample>

443

372

</refsect1>

444

373

445

374

446

375

<title>SECURITY</title>

447

376

<para>

448

This program is set-uid to root, but will switch back to the

449

original user and group after bringing up the network interface.

450

</para>

451

<para>

452

To use this program for its intended purpose (see <xref

453

linkend="purpose"/>), the password for the root file system will

454

have to be given out to be stored in a server computer, after

455

having been encrypted using an OpenPGP key. This encrypted data

456

which will be stored in a server can only be decrypted by the

457

OpenPGP key, and the data will only be given out to those

458

clients who can prove they actually have that key. This key,

459

however, is stored unencrypted on the client side in its initial

460

<acronym>RAM</acronym> disk image file system. This is normally

461

readable by all, but this is normally fixed during installation

462

of this program; file permissions are set so that no-one is able

463

to read that file.

464

</para>

465

<para>

466

The only remaining weak point is that someone with physical

467

access to the client hard drive might turn off the client

468

computer, read the OpenPGP keys directly from the hard drive,

469

and communicate with the server. The defense against this is

470

that the server is supposed to notice the client disappearing

471

and will stop giving out the encrypted data. Therefore, it is

472

important to set the timeout and checker interval values tightly

473

on the server. See <citerefentry><refentrytitle

474

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

475

</para>

476

<para>

477

<emphasis>Note</emphasis>: This makes it impossible to have

478

<application >Mandos</application> clients which dual-boot to

479

another operating system which does <emphasis>not</emphasis> run

480

a <application>Mandos</application> client.

481

377

</para>

482

378

</refsect1>

483

379

507

403

508

404

509

405

<ulink

510

url="http://www.gnupg.org/related_software/gpgme/"

511

>GPGME</ulink>

406

url="http://www.gnupg.org/related_software/gpgme/">

407

GPGME</ulink>

512

408

</para></listitem>

513

409

514

410

Older »