/mandos/trunk : revision 142

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-02 17:42:53 UTC
Revision ID: teddy@fukt.bsnet.se-20080902174253-p3wxrq7z6ccnv7fs

* plugins.d/password-request.c (main): Change default GnuTLS priority
                                       string to
                             "SECURE256":!CTYPE-X.509:+CTYPE-OPENPGP".

* plugins.d/password-request.xml (DESCRIPTION): Improve wording.
  (PURPOSE, OVERVIEW): New sections.
  (OPTIONS): Improved wording.
  (EXIT STATUS): Add text.
  (ENVIRONMENT): Commented out.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2012-06-13">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-02">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@recompile.se</email>

<email>belorn@fukt.bsnet.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@recompile.se</email>

<email>teddy@fukt.bsnet.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--connect

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--keydir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interface

<replaceable>NAME</replaceable><arg rep='repeat'

>,<replaceable>NAME</replaceable></arg></option></arg>

<arg choice="plain"><option>-i <replaceable>NAME</replaceable

><arg rep='repeat'>,<replaceable>NAME</replaceable></arg

></option></arg>

<arg choice="plain"><option>-i

</group>

<sbr/>

<group>

</arg>

<sbr/>

100

<arg>

<option>--delay <replaceable>SECONDS</replaceable></option>

100

</arg>

101

<sbr/>

102

<arg>

103

<option>--retry <replaceable>SECONDS</replaceable></option>

104

</arg>

105

<sbr/>

106

<arg>

107

<option>--network-hook-dir

108

109

</arg>

110

<sbr/>

111

<arg>

112

101

<option>--debug</option>

113

102

</arg>

114

103

</cmdsynopsis>

131

120

</group>

132

121

</cmdsynopsis>

133

122

</refsynopsisdiv>

134

123

135

124

136

125

<title>DESCRIPTION</title>

137

126

<para>

138

127

<command>&COMMANDNAME;</command> is a client program that

139

128

communicates with <citerefentry><refentrytitle

140

129

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

141

to get a password. In slightly more detail, this client program

142

brings up network interfaces, uses the interfaces’ IPv6

143

link-local addresses to get network connectivity, uses Zeroconf

144

to find servers on the local network, and communicates with

145

servers using TLS with an OpenPGP key to ensure authenticity and

146

confidentiality. This client program keeps running, trying all

147

servers on the network, until it receives a satisfactory reply

148

or a TERM signal. After all servers have been tried, all

149

servers are periodically retried. If no servers are found it

150

will wait indefinitely for new servers to appear.

151

</para>

152

<para>

153

The network interfaces are selected like this: If any interfaces

154

are specified using the <option>--interface</option> option,

155

those interface are used. Otherwise,

156

<command>&COMMANDNAME;</command> will use all interfaces that

157

are not loopback interfaces, are not point-to-point interfaces,

158

are capable of broadcasting and do not have the NOARP flag (see

159

<citerefentry><refentrytitle>netdevice</refentrytitle>

160

<manvolnum>7</manvolnum></citerefentry>). (If the

161

<option>--connect</option> option is used, point-to-point

162

interfaces and non-broadcast interfaces are accepted.) If any

163

used interfaces are not up and running, they are first taken up

164

(and later taken down again on program exit).

165

</para>

166

<para>

167

Before network interfaces are selected, all <quote>network

168

hooks</quote> are run; see <xref linkend="network-hooks"/>.

130

to get a password. It uses IPv6 link-local addresses to get

131

network connectivity, Zeroconf to find the server, and TLS with

132

an OpenPGP key to ensure authenticity and confidentiality. It

133

keeps running, trying all servers on the network, until it

134

receives a satisfactory reply.

169

135

</para>

170

136

<para>

171

137

This program is not meant to be run directly; it is really meant

172

138

to run as a plugin of the <application>Mandos</application>

173

139

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

174

<manvolnum>8mandos</manvolnum></citerefentry>, which runs in the

175

initial <acronym>RAM</acronym> disk environment because it is

176

specified as a <quote>keyscript</quote> in the <citerefentry>

177

<refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum>

178

</citerefentry> file.

140

<manvolnum>8mandos</manvolnum></citerefentry>, which in turn

141

runs as a <quote>keyscript</quote> specified in the

142

<citerefentry><refentrytitle>crypttab</refentrytitle>

143

<manvolnum>5</manvolnum></citerefentry> file.

179

144

</para>

180

145

</refsect1>

181

146

189

154

</para>

190

155

</refsect1>

191

156

157

158

<title>OVERVIEW</title>

159

<xi:include href="overview.xml"/>

160

<para>

161

This program is the client part. It is a plugin started by

162

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

163

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

164

an initial <acronym>RAM</acronym> disk environment.

165

</para>

166

<para>

167

This program could, theoretically, be used as a keyscript in

168

<filename>/etc/crypttab</filename>, but it would then be

169

impossible to enter the encrypted root disk password at the

170

console, since this program does not read from the console at

171

all. This is why a separate plugin does that, which will be run

172

in parallell to this one.

173

</para>

174

</refsect1>

175

192

176

193

177

<title>OPTIONS</title>

194

178

<para>

204

188

205

189

206

190

<term><option>--connect=<replaceable

207

>ADDRESS</replaceable><literal>:</literal><replaceable

191

>IPADDR</replaceable><literal>:</literal><replaceable

208

192

>PORT</replaceable></option></term>

209

193

<term><option>-c

210

<replaceable>ADDRESS</replaceable><literal>:</literal

194

<replaceable>IPADDR</replaceable><literal>:</literal

211

195

><replaceable>PORT</replaceable></option></term>

212

196

213

197

<para>

218

202

assumed to separate the address from the port number.

219

203

</para>

220

204

<para>

221

This option is normally only useful for testing and

222

debugging.

205

This option is normally only useful for debugging.

223

206

</para>

224

207

</listitem>

225

208

</varlistentry>

226

209

227

210

228

<term><option>--interface=<replaceable

229

>NAME</replaceable></option></term>

211

<term><option>--keydir=<replaceable

212

>DIRECTORY</replaceable></option></term>

213

<term><option>-d

214

<replaceable>DIRECTORY</replaceable></option></term>

215

216

<para>

217

Directory to read the OpenPGP key files

218

<filename>pubkey.txt</filename> and

219

<filename>seckey.txt</filename> from. The default is

220

<filename>/conf/conf.d/mandos</filename> (in the initial

221

<acronym>RAM</acronym> disk environment).

222

</para>

223

</listitem>

224

</varlistentry>

225

226

227

<term><option>--interface=

228

230

229

<term><option>-i

231

230

232

231

233

232

<para>

234

Comma separated list of network interfaces that will be

235

brought up and scanned for Mandos servers to connect to.

236

The default is the empty string, which will automatically

237

use all appropriate interfaces.

238

</para>

239

<para>

240

If the <option>--connect</option> option is used, this

241

specifies the interface to use to connect to the address

242

given.

243

</para>

244

<para>

245

Note that since this program will normally run in the

246

initial RAM disk environment, the interface must be an

247

interface which exists at that stage. Thus, the interface

248

can normally not be a pseudo-interface such as

249

<quote>br0</quote> or <quote>tun0</quote>; such interfaces

250

will not exist until much later in the boot process, and

251

can not be used by this program, unless created by a

252

<quote>network hook</quote> — see <xref

253

linkend="network-hooks"/>.

254

</para>

255

<para>

256

<replaceable>NAME</replaceable> can be the string

257

<quote><literal>none</literal></quote>; this will not use

258

any specific interface, and will not bring up an interface

259

on startup. This is not recommended, and only meant for

260

advanced users.

233

Network interface that will be brought up and scanned for

234

Mandos servers to connect to. The default it

235

<quote><literal>eth0</literal></quote>.

261

236

</para>

262

237

</listitem>

263

238

</varlistentry>

269

244

270

245

271

246

<para>

272

OpenPGP public key file name. The default name is

273

<quote><filename>/conf/conf.d/mandos/pubkey.txt</filename

274

></quote>.

247

OpenPGP public key file name. This will be combined with

248

the directory from the <option>--keydir</option> option to

249

form an absolute file name. The default name is

250

<quote><literal>pubkey.txt</literal></quote>.

275

251

</para>

276

252

</listitem>

277

253

</varlistentry>

278

254

279

255

280

256

<term><option>--seckey=<replaceable

281

257

>FILE</replaceable></option></term>

283

259

284

260

285

261

<para>

286

OpenPGP secret key file name. The default name is

287

<quote><filename>/conf/conf.d/mandos/seckey.txt</filename

288

></quote>.

262

OpenPGP secret key file name. This will be combined with

263

the directory from the <option>--keydir</option> option to

264

form an absolute file name. The default name is

265

<quote><literal>seckey.txt</literal></quote>.

289

266

</para>

290

267

</listitem>

291

268

</varlistentry>

294

271

<term><option>--priority=<replaceable

295

272

>STRING</replaceable></option></term>

296

273

297

<xi:include href="../mandos-options.xml"

298

xpointer="priority"/>

274

<xi:include href="mandos-options.xml" xpointer="priority"/>

299

275

</listitem>

300

276

</varlistentry>

301

277

302

278

303

279

<term><option>--dh-bits=<replaceable

304

280

>BITS</replaceable></option></term>

309

285

</para>

310

286

</listitem>

311

287

</varlistentry>

312

313

314

<term><option>--delay=<replaceable

315

>SECONDS</replaceable></option></term>

316

317

<para>

318

After bringing a network interface up, the program waits

319

for the interface to arrive in a <quote>running</quote>

320

state before proceeding. During this time, the kernel log

321

level will be lowered to reduce clutter on the system

322

console, alleviating any other plugins which might be

323

using the system console. This option sets the upper

324

limit of seconds to wait. The default is 2.5 seconds.

325

</para>

326

</listitem>

327

</varlistentry>

328

329

330

<term><option>--retry=<replaceable

331

>SECONDS</replaceable></option></term>

332

333

<para>

334

All Mandos servers are tried repeatedly until a password

335

is received. This value specifies, in seconds, how long

336

between each successive try <emphasis>for the same

337

server</emphasis>. The default is 10 seconds.

338

</para>

339

</listitem>

340

</varlistentry>

341

342

343

<term><option>--network-hook-dir=<replaceable

344

>DIR</replaceable></option></term>

345

346

<para>

347

Network hook directory. The default directory is

348

<quote><filename class="directory"

349

>/lib/mandos/network-hooks.d</filename></quote>.

350

</para>

351

</listitem>

352

</varlistentry>

353

288

354

289

355

290

<term><option>--debug</option></term>

385

320

</para>

386

321

</listitem>

387

322

</varlistentry>

388

323

389

324

390

325

<term><option>--version</option></term>

391

326

397

332

</varlistentry>

398

333

</variablelist>

399

334

</refsect1>

400

401

402

<title>OVERVIEW</title>

403

<xi:include href="../overview.xml"/>

404

<para>

405

This program is the client part. It is a plugin started by

406

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

407

<manvolnum>8mandos</manvolnum></citerefentry> which will run in

408

an initial <acronym>RAM</acronym> disk environment.

409

</para>

410

<para>

411

This program could, theoretically, be used as a keyscript in

412

<filename>/etc/crypttab</filename>, but it would then be

413

impossible to enter a password for the encrypted root disk at

414

the console, since this program does not read from the console

415

at all. This is why a separate plugin runner (<citerefentry>

416

<refentrytitle>plugin-runner</refentrytitle>

417

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

418

both this program and others in in parallel,

419

<emphasis>one</emphasis> of which (<citerefentry>

420

<refentrytitle>password-prompt</refentrytitle>

421

<manvolnum>8mandos</manvolnum></citerefentry>) will prompt for

422

passwords on the system console.

423

</para>

424

</refsect1>

425

335

426

336

427

337

<title>EXIT STATUS</title>

428

338

<para>

430

340

server could be found and the password received from it could be

431

341

successfully decrypted and output on standard output. The

432

342

program will exit with a non-zero exit status only if a critical

433

error occurs. Otherwise, it will forever connect to any

434

discovered <application>Mandos</application> servers, trying to

435

get a decryptable password and print it.

436

</para>

437

</refsect1>

438

439

440

<title>ENVIRONMENT</title>

441

<para>

442

This program does not use any environment variables, not even

443

the ones provided by <citerefentry><refentrytitle

444

>cryptsetup</refentrytitle><manvolnum>8</manvolnum>

445

</citerefentry>.

446

</para>

447

</refsect1>

448

449

450

<title>NETWORK HOOKS</title>

451

<para>

452

If a network interface like a bridge or tunnel is required to

453

find a Mandos server, this requires the interface to be up and

454

running before <command>&COMMANDNAME;</command> starts looking

455

for Mandos servers. This can be accomplished by creating a

456

<quote>network hook</quote> program, and placing it in a special

457

directory.

458

</para>

459

<para>

460

Before the network is used (and again before program exit), any

461

runnable programs found in the network hook directory are run

462

with the argument <quote><literal>start</literal></quote> or

463

<quote><literal>stop</literal></quote>. This should bring up or

464

down, respectively, any network interface which

465

<command>&COMMANDNAME;</command> should use.

466

</para>

467

468

<title>REQUIREMENTS</title>

469

<para>

470

A network hook must be an executable file, and its name must

471

consist entirely of upper and lower case letters, digits,

472

underscores, periods, and hyphens.

473

</para>

474

<para>

475

A network hook will receive one argument, which can be one of

476

the following:

477

</para>

478

479

480

<term><literal>start</literal></term>

481

482

<para>

483

This should make the network hook create (if necessary)

484

and bring up a network interface.

485

</para>

486

</listitem>

487

</varlistentry>

488

489

490

491

<para>

492

This should make the network hook take down a network

493

interface, and delete it if it did not exist previously.

494

</para>

495

</listitem>

496

</varlistentry>

497

498

<term><literal>files</literal></term>

499

500

<para>

501

This should make the network hook print, <emphasis>one

502

file per line</emphasis>, all the files needed for it to

503

run. (These files will be copied into the initial RAM

504

filesystem.) Typical use is for a network hook which is

505

a shell script to print its needed binaries.

506

</para>

507

<para>

508

It is not necessary to print any non-executable files

509

already in the network hook directory, these will be

510

copied implicitly if they otherwise satisfy the name

511

requirement.

512

</para>

513

</listitem>

514

</varlistentry>

515

516

<term><literal>modules</literal></term>

517

518

<para>

519

This should make the network hook print, <emphasis>on

520

separate lines</emphasis>, all the kernel modules needed

521

for it to run. (These modules will be copied into the

522

initial RAM filesystem.) For instance, a tunnel

523

interface needs the

524

<quote><literal>tun</literal></quote> module.

525

</para>

526

</listitem>

527

</varlistentry>

528

</variablelist>

529

<para>

530

The network hook will be provided with a number of environment

531

variables:

532

</para>

533

534

535

<term><envar>MANDOSNETHOOKDIR</envar></term>

536

537

<para>

538

The network hook directory, specified to

539

<command>&COMMANDNAME;</command> by the

540

<option>--network-hook-dir</option> option. Note: this

541

should <emphasis>always</emphasis> be used by the

542

network hook to refer to itself or any files in the hook

543

directory it may require.

544

</para>

545

</listitem>

546

</varlistentry>

547

548

<term><envar>DEVICE</envar></term>

549

550

<para>

551

The network interfaces, as specified to

552

<command>&COMMANDNAME;</command> by the

553

<option>--interface</option> option, combined to one

554

string and separated by commas. If this is set, and

555

does not contain the interface a hook will bring up,

556

there is no reason for a hook to continue.

557

</para>

558

</listitem>

559

</varlistentry>

560

561

562

563

<para>

564

This will be the same as the first argument;

565

i.e. <quote><literal>start</literal></quote>,

566

<quote><literal>stop</literal></quote>,

567

<quote><literal>files</literal></quote>, or

568

<quote><literal>modules</literal></quote>.

569

</para>

570

</listitem>

571

</varlistentry>

572

573

<term><envar>VERBOSITY</envar></term>

574

575

<para>

576

This will be the <quote><literal>1</literal></quote> if

577

the <option>--debug</option> option is passed to

578

<command>&COMMANDNAME;</command>, otherwise

579

<quote><literal>0</literal></quote>.

580

</para>

581

</listitem>

582

</varlistentry>

583

584

<term><envar>DELAY</envar></term>

585

586

<para>

587

This will be the same as the <option>--delay</option>

588

option passed to <command>&COMMANDNAME;</command>. Is

589

only set if <envar>MODE</envar> is

590

<quote><literal>start</literal></quote> or

591

<quote><literal>stop</literal></quote>.

592

</para>

593

</listitem>

594

</varlistentry>

595

596

<term><envar>CONNECT</envar></term>

597

598

<para>

599

This will be the same as the <option>--connect</option>

600

option passed to <command>&COMMANDNAME;</command>. Is

601

only set if <option>--connect</option> is passed and

602

<envar>MODE</envar> is

603

<quote><literal>start</literal></quote> or

604

<quote><literal>stop</literal></quote>.

605

</para>

606

</listitem>

607

</varlistentry>

608

</variablelist>

609

<para>

610

A hook may not read from standard input, and should be

611

restrictive in printing to standard output or standard error

612

unless <varname>VERBOSITY</varname> is

613

<quote><literal>1</literal></quote>.

614

</para>

615

</refsect2>

616

</refsect1>

617

618

619

<title>FILES</title>

620

621

622

<term><filename>/conf/conf.d/mandos/pubkey.txt</filename

623

></term>

624

<term><filename>/conf/conf.d/mandos/seckey.txt</filename

625

></term>

626

627

<para>

628

OpenPGP public and private key files, in <quote>ASCII

629

Armor</quote> format. These are the default file names,

630

they can be changed with the <option>--pubkey</option> and

631

<option>--seckey</option> options.

632

</para>

633

</listitem>

634

</varlistentry>

635

636

<term><filename

637

class="directory">/lib/mandos/network-hooks.d</filename></term>

638

639

<para>

640

Directory where network hooks are located. Change this

641

with the <option>--network-hook-dir</option> option. See

642

<xref linkend="network-hooks"/>.

643

</para>

644

</listitem>

645

</varlistentry>

646

</variablelist>

647

</refsect1>

648

649

650

343

error occurs. Otherwise, it will forever connect to new

344

<application>Mandosservers</application> servers as they appear,

345

trying to get a decryptable password.

346

</para>

347

</refsect1>

348

349

350

651

351

352

652

353

653

354

654

355

356

357

<title>FILES</title>

358

<para>

359

</para>

360

</refsect1>

361

362

363

364

<para>

365

</para>

366

</refsect1>

367

655

368

656

369

<title>EXAMPLE</title>

657

370

<para>

658

Note that normally, command line options will not be given

659

directly, but via options for the Mandos <citerefentry

660

><refentrytitle>plugin-runner</refentrytitle>

661

<manvolnum>8mandos</manvolnum></citerefentry>.

662

371

</para>

663

664

<para>

665

Normal invocation needs no options, if the network interface

666

can be automatically determined:

667

</para>

668

<para>

669

<userinput>&COMMANDNAME;</userinput>

670

</para>

671

</informalexample>

672

673

<para>

674

Search for Mandos servers (and connect to them) using another

675

interface:

676

</para>

677

<para>

678

679

<userinput>&COMMANDNAME; --interface eth1</userinput>

680

</para>

681

</informalexample>

682

683

<para>

684

Run in debug mode, and use a custom key:

685

</para>

686

<para>

687

688

689

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt</userinput>

690

691

</para>

692

</informalexample>

693

694

<para>

695

Run in debug mode, with a custom key, and do not use Zeroconf

696

to locate a server; connect directly to the IPv6 link-local

697

address <quote><systemitem class="ipaddress"

698

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

699

using interface eth2:

700

</para>

701

<para>

702

703

704

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

705

706

</para>

707

</informalexample>

708

372

</refsect1>

709

373

710

374

711

375

<title>SECURITY</title>

712

376

<para>

713

This program is set-uid to root, but will switch back to the

714

original (and presumably non-privileged) user and group after

715

bringing up the network interface.

716

</para>

717

<para>

718

To use this program for its intended purpose (see <xref

719

linkend="purpose"/>), the password for the root file system will

720

have to be given out to be stored in a server computer, after

721

having been encrypted using an OpenPGP key. This encrypted data

722

which will be stored in a server can only be decrypted by the

723

OpenPGP key, and the data will only be given out to those

724

clients who can prove they actually have that key. This key,

725

however, is stored unencrypted on the client side in its initial

726

<acronym>RAM</acronym> disk image file system. This is normally

727

readable by all, but this is normally fixed during installation

728

of this program; file permissions are set so that no-one is able

729

to read that file.

730

</para>

731

<para>

732

The only remaining weak point is that someone with physical

733

access to the client hard drive might turn off the client

734

computer, read the OpenPGP keys directly from the hard drive,

735

and communicate with the server. To safeguard against this, the

736

server is supposed to notice the client disappearing and stop

737

giving out the encrypted data. Therefore, it is important to

738

set the timeout and checker interval values tightly on the

739

server. See <citerefentry><refentrytitle

740

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

741

</para>

742

<para>

743

It will also help if the checker program on the server is

744

configured to request something from the client which can not be

745

spoofed by someone else on the network, unlike unencrypted

746

<acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.

747

</para>

748

<para>

749

<emphasis>Note</emphasis>: This makes it completely insecure to

750

have <application >Mandos</application> clients which dual-boot

751

to another operating system which is <emphasis>not</emphasis>

752

trusted to keep the initial <acronym>RAM</acronym> disk image

753

confidential.

754

377

</para>

755

378

</refsect1>

756

379

757

380

758

381

759

382

<para>

760

<citerefentry><refentrytitle>intro</refentrytitle>

761

<manvolnum>8mandos</manvolnum></citerefentry>,

762

<citerefentry><refentrytitle>cryptsetup</refentrytitle>

763

<manvolnum>8</manvolnum></citerefentry>,

764

<citerefentry><refentrytitle>crypttab</refentrytitle>

765

<manvolnum>5</manvolnum></citerefentry>,

766

383

<citerefentry><refentrytitle>mandos</refentrytitle>

767

384

<manvolnum>8</manvolnum></citerefentry>,

768

385

<citerefentry><refentrytitle>password-prompt</refentrytitle>

770

387

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

771

388

<manvolnum>8mandos</manvolnum></citerefentry>

772

389

</para>

773

774

775

<term>

776

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

777

</term>

778

779

<para>

780

Zeroconf is the network protocol standard used for finding

781

Mandos servers on the local network.

782

</para>

783

</listitem>

784

</varlistentry>

785

786

<term>

787

<ulink url="http://www.avahi.org/">Avahi</ulink>

788

</term>

789

790

<para>

791

Avahi is the library this program calls to find Zeroconf

792

services.

793

</para>

794

</listitem>

795

</varlistentry>

796

797

<term>

798

<ulink url="http://www.gnu.org/software/gnutls/"

799

>GnuTLS</ulink>

800

</term>

801

802

<para>

803

GnuTLS is the library this client uses to implement TLS for

804

communicating securely with the server, and at the same time

805

send the public OpenPGP key to the server.

806

</para>

807

</listitem>

808

</varlistentry>

809

810

<term>

811

<ulink url="http://www.gnupg.org/related_software/gpgme/"

812

>GPGME</ulink>

813

</term>

814

815

<para>

816

GPGME is the library used to decrypt the OpenPGP data sent

817

by the server.

818

</para>

819

</listitem>

820

</varlistentry>

821

822

<term>

823

RFC 4291: <citetitle>IP Version 6 Addressing

824

Architecture</citetitle>

825

</term>

826

827

828

829

<term>Section 2.2: <citetitle>Text Representation of

830

Addresses</citetitle></term>

831

832

</varlistentry>

833

834

<term>Section 2.5.5.2: <citetitle>IPv4-Mapped IPv6

835

Address</citetitle></term>

836

837

</varlistentry>

838

839

<term>Section 2.5.6, <citetitle>Link-Local IPv6 Unicast

840

Addresses</citetitle></term>

841

842

<para>

843

This client uses IPv6 link-local addresses, which are

844

immediately usable since a link-local addresses is

845

automatically assigned to a network interfaces when it

846

is brought up.

847

</para>

848

</listitem>

849

</varlistentry>

850

</variablelist>

851

</listitem>

852

</varlistentry>

853

854

<term>

855

RFC 4346: <citetitle>The Transport Layer Security (TLS)

856

Protocol Version 1.1</citetitle>

857

</term>

858

859

<para>

860

TLS 1.1 is the protocol implemented by GnuTLS.

861

</para>

862

</listitem>

863

</varlistentry>

864

865

<term>

866

RFC 4880: <citetitle>OpenPGP Message Format</citetitle>

867

</term>

868

869

<para>

870

The data received from the server is binary encrypted

871

OpenPGP data.

872

</para>

873

</listitem>

874

</varlistentry>

875

876

<term>

877

RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer

878

Security</citetitle>

879

</term>

880

881

<para>

882

This is implemented by GnuTLS and used by this program so

883

that OpenPGP keys can be used.

884

</para>

885

</listitem>

886

</varlistentry>

887

</variablelist>

390

391

392

<ulink url="http://www.zeroconf.org/">Zeroconf</ulink>

393

</para></listitem>

394

395

396

<ulink url="http://www.avahi.org/">Avahi</ulink>

397

</para></listitem>

398

399

400

<ulink

401

url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>

402

</para></listitem>

403

404

405

<ulink

406

url="http://www.gnupg.org/related_software/gpgme/">

407

GPGME</ulink>

408

</para></listitem>

409

410

411

<citation>RFC 4880: <citetitle>OpenPGP Message

412

Format</citetitle></citation>

413

</para></listitem>

414

415

416

<citation>RFC 5081: <citetitle>Using OpenPGP Keys for

417

Transport Layer Security</citetitle></citation>

418

</para></listitem>

419

420

421

<citation>RFC 4291: <citetitle>IP Version 6 Addressing

422

Architecture</citetitle>, section 2.5.6, Link-Local IPv6

423

Unicast Addresses</citation>

424

</para></listitem>

425

</itemizedlist>

888

426

</refsect1>

427

889

428

</refentry>

890

891

429

892

430

893

431

Older »