/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-03 20:31:19 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080903203119-0q6dii46hj3uf4ni
* plugins.d/password-request.xml (SYNOPSYS): Removed "--keydir".
  (OPTIONS): Removed "--keydir" and changed text of "--pubkey" and
             "--seckey".
  (EXAMPLE): Altered not to use "--keydir" anymore.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2008-10-03">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-03">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
 
   <refentryinfo>
 
10
  <refentryinfo>
12
11
    <title>Mandos Manual</title>
13
12
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
37
36
    </copyright>
38
37
    <xi:include href="legalnotice.xml"/>
39
38
  </refentryinfo>
40
 
  
 
39
 
41
40
  <refmeta>
42
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
43
42
    <manvolnum>8</manvolnum>
49
48
      Gives encrypted passwords to authenticated Mandos clients
50
49
    </refpurpose>
51
50
  </refnamediv>
52
 
  
 
51
 
53
52
  <refsynopsisdiv>
54
53
    <cmdsynopsis>
55
54
      <command>&COMMANDNAME;</command>
101
100
      <arg choice="plain"><option>--check</option></arg>
102
101
    </cmdsynopsis>
103
102
  </refsynopsisdiv>
104
 
  
 
103
 
105
104
  <refsect1 id="description">
106
105
    <title>DESCRIPTION</title>
107
106
    <para>
187
186
          <xi:include href="mandos-options.xml" xpointer="debug"/>
188
187
        </listitem>
189
188
      </varlistentry>
190
 
      
 
189
 
191
190
      <varlistentry>
192
191
        <term><option>--priority <replaceable>
193
192
        PRIORITY</replaceable></option></term>
195
194
          <xi:include href="mandos-options.xml" xpointer="priority"/>
196
195
        </listitem>
197
196
      </varlistentry>
198
 
      
 
197
 
199
198
      <varlistentry>
200
199
        <term><option>--servicename
201
200
        <replaceable>NAME</replaceable></option></term>
204
203
                      xpointer="servicename"/>
205
204
        </listitem>
206
205
      </varlistentry>
207
 
      
 
206
 
208
207
      <varlistentry>
209
208
        <term><option>--configdir
210
209
        <replaceable>DIRECTORY</replaceable></option></term>
219
218
          </para>
220
219
        </listitem>
221
220
      </varlistentry>
222
 
      
 
221
 
223
222
      <varlistentry>
224
223
        <term><option>--version</option></term>
225
224
        <listitem>
230
229
      </varlistentry>
231
230
    </variablelist>
232
231
  </refsect1>
233
 
  
 
232
 
234
233
  <refsect1 id="overview">
235
234
    <title>OVERVIEW</title>
236
235
    <xi:include href="overview.xml"/>
240
239
      <acronym>RAM</acronym> disk environment.
241
240
    </para>
242
241
  </refsect1>
243
 
  
 
242
 
244
243
  <refsect1 id="protocol">
245
244
    <title>NETWORK PROTOCOL</title>
246
245
    <para>
298
297
      </row>
299
298
    </tbody></tgroup></table>
300
299
  </refsect1>
301
 
  
 
300
 
302
301
  <refsect1 id="checking">
303
302
    <title>CHECKING</title>
304
303
    <para>
312
311
      <manvolnum>5</manvolnum></citerefentry>.
313
312
    </para>
314
313
  </refsect1>
315
 
  
 
314
 
316
315
  <refsect1 id="logging">
317
316
    <title>LOGGING</title>
318
317
    <para>
322
321
      and also show them on the console.
323
322
    </para>
324
323
  </refsect1>
325
 
  
 
324
 
326
325
  <refsect1 id="exit_status">
327
326
    <title>EXIT STATUS</title>
328
327
    <para>
330
329
      critical error is encountered.
331
330
    </para>
332
331
  </refsect1>
333
 
  
 
332
 
334
333
  <refsect1 id="environment">
335
334
    <title>ENVIRONMENT</title>
336
335
    <variablelist>
350
349
      </varlistentry>
351
350
    </variablelist>
352
351
  </refsect1>
353
 
  
354
 
  <refsect1 id="files">
 
352
 
 
353
  <refsect1 id="file">
355
354
    <title>FILES</title>
356
355
    <para>
357
356
      Use the <option>--configdir</option> option to change where
380
379
        </listitem>
381
380
      </varlistentry>
382
381
      <varlistentry>
383
 
        <term><filename>/var/run/mandos.pid</filename></term>
 
382
        <term><filename>/var/run/mandos/mandos.pid</filename></term>
384
383
        <listitem>
385
384
          <para>
386
385
            The file containing the process id of
421
420
      Currently, if a client is declared <quote>invalid</quote> due to
422
421
      having timed out, the server does not record this fact onto
423
422
      permanent storage.  This has some security implications, see
424
 
      <xref linkend="clients"/>.
 
423
      <xref linkend="CLIENTS"/>.
425
424
    </para>
426
425
    <para>
427
426
      There is currently no way of querying the server of the current
435
434
      Debug mode is conflated with running in the foreground.
436
435
    </para>
437
436
    <para>
438
 
      The console log messages does not show a time stamp.
 
437
      The console log messages does not show a timestamp.
439
438
    </para>
440
439
    <para>
441
440
      This server does not check the expire time of clients’ OpenPGP
480
479
      </para>
481
480
    </informalexample>
482
481
  </refsect1>
483
 
  
 
482
 
484
483
  <refsect1 id="security">
485
484
    <title>SECURITY</title>
486
 
    <refsect2 id="server">
 
485
    <refsect2 id="SERVER">
487
486
      <title>SERVER</title>
488
487
      <para>
489
488
        Running this <command>&COMMANDNAME;</command> server program
490
489
        should not in itself present any security risk to the host
491
 
        computer running it.  The program switches to a non-root user
492
 
        soon after startup.
 
490
        computer running it.  The program does not need any special
 
491
        privileges to run, and is designed to run as a non-root user.
493
492
      </para>
494
493
    </refsect2>
495
 
    <refsect2 id="clients">
 
494
    <refsect2 id="CLIENTS">
496
495
      <title>CLIENTS</title>
497
496
      <para>
498
497
        The server only gives out its stored data to clients which
505
504
        <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
506
505
        <manvolnum>5</manvolnum></citerefentry>)
507
506
        <emphasis>must</emphasis> be made non-readable by anyone
508
 
        except the user starting the server (usually root).
 
507
        except the user running the server.
509
508
      </para>
510
509
      <para>
511
510
        As detailed in <xref linkend="checking"/>, the status of all
530
529
      </para>
531
530
      <para>
532
531
        For more details on client-side security, see
533
 
        <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
532
        <citerefentry><refentrytitle>password-request</refentrytitle>
534
533
        <manvolnum>8mandos</manvolnum></citerefentry>.
535
534
      </para>
536
535
    </refsect2>
537
536
  </refsect1>
538
 
  
 
537
 
539
538
  <refsect1 id="see_also">
540
539
    <title>SEE ALSO</title>
541
540
    <para>
544
543
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
545
544
        <refentrytitle>mandos.conf</refentrytitle>
546
545
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
547
 
        <refentrytitle>mandos-client</refentrytitle>
 
546
        <refentrytitle>password-request</refentrytitle>
548
547
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
549
548
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
550
549
      </citerefentry>