To get this branch, use:
bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk
« back to all changes in this revision
Viewing changes to plugins.d/password-request.xml
- browse files at revision 147
- compare with another revision
- download diff
- download tarball
- view history from revision 147
- Committer: Teddy Hogeborn
- Date: 2008-09-03 17:11:32 UTC
- Revision ID: teddy@fukt.bsnet.se-20080903171132-usevhlf0gi9rxqc3
* plugins.d/password-request.c (init_gnutls_global): Improved wording
in debug message.
Bug fix: Make
debug message
print to stderr,
not stdout.
* plugins.d/password-request.xml (SECURITY): Add text.
in debug message.
Bug fix: Make
debug message
print to stderr,
not stdout.
* plugins.d/password-request.xml (SECURITY): Add text.
- files modified:
- TODO
added
removed
plugins.d/password-request.xml
128
128
communicates with <citerefentry><refentrytitle
129
129
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>
130
130
to get a password. It uses IPv6 link-local addresses to get
131
network connectivity, Zeroconf to find the server, and TLS with
132
an OpenPGP key to ensure authenticity and confidentiality. It
131
network connectivity, Zeroconf to find servers, and TLS with an
132
OpenPGP key to ensure authenticity and confidentiality. It
133
133
keeps running, trying all servers on the network, until it
134
receives a satisfactory reply.
134
receives a satisfactory reply or a TERM signal is recieved.
135
135
</para>
136
136
<para>
137
137
This program is not meant to be run directly; it is really meant
217
217
Mandos servers to connect to. The default it
218
218
<quote><literal>eth0</literal></quote>.
219
219
</para>
220
<para>
221
If the <option>--connect</option> option is used, this
222
specifies the interface to use to connect to the address
223
given.
224
</para>
220
225
</listitem>
221
226
</varlistentry>
222
227
329
334
<para>
330
335
This program could, theoretically, be used as a keyscript in
331
336
<filename>/etc/crypttab</filename>, but it would then be
332
impossible to enter the encrypted root disk password at the
333
console, since this program does not read from the console at
334
all. This is why a separate plugin does that, which will be run
335
in parallell to this one.
337
impossible to enter a password for the encrypted root disk at
338
the console, since this program does not read from the console
339
at all. This is why a separate plugin does that, which will be
340
run in parallell to this one by the plugin runner.
336
341
</para>
337
342
</refsect1>
338
343
344
349
successfully decrypted and output on standard output. The
345
350
program will exit with a non-zero exit status only if a critical
346
351
error occurs. Otherwise, it will forever connect to new
347
<application>Mandosservers</application> servers as they appear,
348
trying to get a decryptable password.
352
<application>Mandos</application> servers as they appear, trying
353
to get a decryptable password.
349
354
</para>
350
355
</refsect1>
351
356
361
366
362
367
<refsect1 id="file">
363
368
<title>FILES</title>
364
<para>
365
</para>
369
<variablelist>
370
<varlistentry>
371
<term><filename>/conf/conf.d/mandos/pubkey.txt</filename
372
></term>
373
<term><filename>/conf/conf.d/mandos/seckey.txt</filename
374
></term>
375
<listitem>
376
<para>
377
OpenPGP public and private key files, in <quote>ASCII
378
Armor</quote> format. These are the default file names,
379
they can be changed with the <option>--pubkey</option> and
380
<option>--seckey</option> options.
381
</para>
382
</listitem>
383
</varlistentry>
384
</variablelist>
366
385
</refsect1>
367
386
368
<refsect1 id="bugs">
369
<title>BUGS</title>
370
<para>
371
</para>
372
</refsect1>
387
<!-- <refsect1 id="bugs"> -->
388
<!-- <title>BUGS</title> -->
389
<!-- <para> -->
390
<!-- </para> -->
391
<!-- </refsect1> -->
373
392
374
393
<refsect1 id="example">
375
394
<title>EXAMPLE</title>
376
395
<para>
396
Note that normally, command line options will not be given
397
directly, but via options for the Mandos <citerefentry
398
><refentrytitle>plugin-runner</refentrytitle>
399
<manvolnum>8mandos</manvolnum></citerefentry>.
377
400
</para>
401
<informalexample>
402
<para>
403
Normal invocation needs no options, if the network interface
404
is <quote>eth0</quote>:
405
</para>
406
<para>
407
<userinput>&COMMANDNAME;</userinput>
408
</para>
409
</informalexample>
410
<informalexample>
411
<para>
412
Search for Mandos servers on another interface:
413
</para>
414
<para>
415
<!-- do not wrap this line -->
416
<userinput>&COMMANDNAME; --interface eth1</userinput>
417
</para>
418
</informalexample>
419
<informalexample>
420
<para>
421
Run in debug mode, and use a custom key directory:
422
</para>
423
<para>
424
<!-- do not wrap this line -->
425
<userinput>&COMMANDNAME; --debug --keydir keydir</userinput>
426
</para>
427
</informalexample>
428
<informalexample>
429
<para>
430
Run in debug mode, with a custom key directory, and do not use
431
Zeroconf to locate a server; connect directly to the IPv6
432
address <quote><systemitem class="ipaddress"
433
>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,
434
port 4711, using interface eth2:
435
</para>
436
<para>
437
438
<!-- do not wrap this line -->
439
<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>
440
441
</para>
442
</informalexample>
378
443
</refsect1>
379
444
380
445
<refsect1 id="security">
381
446
<title>SECURITY</title>
382
447
<para>
448
This program is set-uid to root, but will switch back to the
449
original user and group after bringing up the network interface.
450
</para>
451
<para>
452
To use this program for its intended purpose (see <xref
453
linkend="purpose"/>), the password for the root file system will
454
have to be given out to be stored in a server computer, after
455
having been encrypted using an OpenPGP key. This encrypted data
456
which will be stored in a server can only be decrypted by the
457
OpenPGP key, and the data will only be given out to those
458
clients who can prove they actually have that key. This key,
459
however, is stored unencrypted on the client side in its initial
460
<acronym>RAM</acronym> disk image file system. This is normally
461
readable by all, but this is normally fixed during installation
462
of this program; file permissions are set so that no-one is able
463
to read that file.
464
</para>
465
<para>
466
The only remaining weak point is that someone with physical
467
access to the client hard drive might turn off the client
468
computer, read the OpenPGP keys directly from the hard drive,
469
and communicate with the server. The defense against this is
470
that the server is supposed to notice the client disappearing
471
and will stop giving out the encrypted data. Therefore, it is
472
important to set the timeout and checker interval values tightly
473
on the server. See <citerefentry><refentrytitle
474
>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
475
</para>
476
<para>
477
<emphasis>Note</emphasis>: This makes it impossible to have
478
<application >Mandos</application> clients which dual-boot to
479
another operating system which does <emphasis>not</emphasis> run
480
a <application>Mandos</application> client.
383
481
</para>
384
482
</refsect1>
385
483
Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0