/mandos/trunk : revision 150

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-03 19:37:07 UTC
Revision ID: teddy@fukt.bsnet.se-20080903193707-sas85ud9r37ubs9r

* mandos-clients.conf.xml (OPTIONS): Add info to all options about
whether it is a required or
optional.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

README

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2009-01-24">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-03">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

<group>

<arg choice="plain"><option>--connect

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

<arg choice="plain"><option>-c

<replaceable>ADDRESS</replaceable><literal>:</literal

<replaceable>IPADDR</replaceable><literal>:</literal

><replaceable>PORT</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--keydir

<replaceable>DIRECTORY</replaceable></option></arg>

<arg choice="plain"><option>-d

<replaceable>DIRECTORY</replaceable></option></arg>

</group>

<sbr/>

<group>

<arg choice="plain"><option>--interface

<arg choice="plain"><option>-i

115

120

</group>

116

121

</cmdsynopsis>

117

122

</refsynopsisdiv>

118

123

119

124

120

125

<title>DESCRIPTION</title>

121

126

<para>

122

127

<command>&COMMANDNAME;</command> is a client program that

123

128

communicates with <citerefentry><refentrytitle

124

129

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

125

to get a password. In slightly more detail, this client program

126

brings up a network interface, uses the interface’s IPv6

127

link-local address to get network connectivity, uses Zeroconf to

128

find servers on the local network, and communicates with servers

129

using TLS with an OpenPGP key to ensure authenticity and

130

confidentiality. This client program keeps running, trying all

131

servers on the network, until it receives a satisfactory reply

132

or a TERM signal is received. If no servers are found, or after

133

all servers have been tried, it waits indefinitely for new

134

servers to appear.

130

to get a password. It uses IPv6 link-local addresses to get

131

network connectivity, Zeroconf to find servers, and TLS with an

132

OpenPGP key to ensure authenticity and confidentiality. It

133

keeps running, trying all servers on the network, until it

134

receives a satisfactory reply or a TERM signal is recieved.

135

</para>

136

<para>

137

This program is not meant to be run directly; it is really meant

191

</varlistentry>

192

193

194

<term><option>--keydir=<replaceable

195

>DIRECTORY</replaceable></option></term>

196

<term><option>-d

197

<replaceable>DIRECTORY</replaceable></option></term>

198

199

<para>

200

Directory to read the OpenPGP key files

201

<filename>pubkey.txt</filename> and

202

<filename>seckey.txt</filename> from. The default is

203

<filename>/conf/conf.d/mandos</filename> (in the initial

204

<acronym>RAM</acronym> disk environment).

205

</para>

206

</listitem>

207

</varlistentry>

208

209

194

210

<term><option>--interface=

195

211

196

212

<term><option>-i

206

222

specifies the interface to use to connect to the address

207

223

given.

208

224

</para>

209

<para>

210

Note that since this program will normally run in the

211

initial RAM disk environment, the interface must be an

212

interface which exists at that stage. Thus, the interface

213

can not be a pseudo-interface such as <quote>br0</quote>

214

or <quote>tun0</quote>; such interfaces will not exist

215

until much later in the boot process, and can not be used

216

by this program.

217

</para>

218

225

</listitem>

219

226

</varlistentry>

220

227

225

232

226

233

227

234

<para>

228

OpenPGP public key file name. The default name is

229

<quote><filename>/conf/conf.d/mandos/pubkey.txt</filename

230

></quote>.

235

OpenPGP public key file base name. This will be combined

236

with the directory from the <option>--keydir</option>

237

option to form an absolute file name. The default name is

238

<quote><literal>pubkey.txt</literal></quote>.

231

239

</para>

232

240

</listitem>

233

241

</varlistentry>

234

242

235

243

236

244

<term><option>--seckey=<replaceable

237

245

>FILE</replaceable></option></term>

239

247

240

248

241

249

<para>

242

OpenPGP secret key file name. The default name is

243

<quote><filename>/conf/conf.d/mandos/seckey.txt</filename

244

></quote>.

250

OpenPGP secret key file base name. This will be combined

251

with the directory from the <option>--keydir</option>

252

option to form an absolute file name. The default name is

253

<quote><literal>seckey.txt</literal></quote>.

245

254

</para>

246

255

</listitem>

247

256

</varlistentry>

254

263

xpointer="priority"/>

255

264

</listitem>

256

265

</varlistentry>

257

266

258

267

259

268

<term><option>--dh-bits=<replaceable

260

269

>BITS</replaceable></option></term>

300

309

</para>

301

310

</listitem>

302

311

</varlistentry>

303

312

304

313

305

314

<term><option>--version</option></term>

306

315

312

321

</varlistentry>

313

322

</variablelist>

314

323

</refsect1>

315

324

316

325

317

326

<title>OVERVIEW</title>

318

327

<xi:include href="../overview.xml"/>

327

336

<filename>/etc/crypttab</filename>, but it would then be

328

337

impossible to enter a password for the encrypted root disk at

329

338

the console, since this program does not read from the console

330

at all. This is why a separate plugin runner (<citerefentry>

331

<refentrytitle>plugin-runner</refentrytitle>

332

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

333

both this program and others in in parallel,

334

<emphasis>one</emphasis> of which will prompt for passwords on

335

the system console.

339

at all. This is why a separate plugin (<citerefentry>

340

<refentrytitle>password-prompt</refentrytitle>

341

<manvolnum>8mandos</manvolnum></citerefentry>) does that, which

342

will be run in parallell to this one by the plugin runner.

336

343

</para>

337

344

</refsect1>

338

345

352

program will exit with a non-zero exit status only if a critical

346

353

error occurs. Otherwise, it will forever connect to new

347

354

<application>Mandos</application> servers as they appear, trying

348

to get a decryptable password and print it.

355

to get a decryptable password.

349

356

</para>

350

357

</refsect1>

351

358

359

366

</para>

360

367

</refsect1>

361

368

362

369

363

370

<title>FILES</title>

364

371

365

372

384

391

385

392

386

393

387

394

388

395

389

396

<title>EXAMPLE</title>

390

397

<para>

404

411

</informalexample>

405

412

406

413

<para>

407

Search for Mandos servers (and connect to them) using another

408

interface:

414

Search for Mandos servers on another interface:

409

415

</para>

410

416

<para>

411

417

414

420

</informalexample>

415

421

416

422

<para>

417

Run in debug mode, and use a custom key:

423

Run in debug mode, and use a custom key directory:

418

424

</para>

419

425

<para>

420

421

422

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt</userinput>

423

426

427

<userinput>&COMMANDNAME; --debug --keydir keydir</userinput>

424

428

</para>

425

429

</informalexample>

426

430

427

431

<para>

428

Run in debug mode, with a custom key, and do not use Zeroconf

429

to locate a server; connect directly to the IPv6 address

430

<quote><systemitem class="ipaddress"

432

Run in debug mode, with a custom key directory, and do not use

433

Zeroconf to locate a server; connect directly to the IPv6

434

address <quote><systemitem class="ipaddress"

431

435

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

432

436

port 4711, using interface eth2:

433

437

</para>

434

438

<para>

435

439

436

440

437

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

441

<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

438

442

439

443

</para>

440

444

</informalexample>

441

445

</refsect1>

442

446

443

447

444

448

<title>SECURITY</title>

445

449

<para>

465

469

The only remaining weak point is that someone with physical

466

470

access to the client hard drive might turn off the client

467

471

computer, read the OpenPGP keys directly from the hard drive,

468

and communicate with the server. To safeguard against this, the

469

server is supposed to notice the client disappearing and stop

470

giving out the encrypted data. Therefore, it is important to

471

set the timeout and checker interval values tightly on the

472

server. See <citerefentry><refentrytitle

472

and communicate with the server. The defense against this is

473

that the server is supposed to notice the client disappearing

474

and will stop giving out the encrypted data. Therefore, it is

475

important to set the timeout and checker interval values tightly

476

on the server. See <citerefentry><refentrytitle

473

477

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

474

478

</para>

475

479

<para>

486

490

confidential.

487

491

</para>

488

492

</refsect1>

489

493

490

494

491

495

492

496

<para>

617

621

</varlistentry>

618

622

</variablelist>

619

623

</refsect1>

624

620

625

</refentry>

621

622

626

623

627

624

628

Older »