/mandos/trunk : revision 157

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-04 14:04:09 UTC
Revision ID: teddy@fukt.bsnet.se-20080904140409-anr3hckg8ew7q60e

* plugin-runner.xml (BUGS): Document the non-recursiveness of the
"--config-file" option.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

default-mandos

init.d-mandos

mandos-ctl

mandos.lsm

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2009-02-09">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-04">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

</arg>

<sbr/>

<arg>

<option>--delay <replaceable>SECONDS</replaceable></option>

</arg>

<sbr/>

<arg>

100

<option>--debug</option>

101

</arg>

102

</cmdsynopsis>

119

113

</group>

120

114

</cmdsynopsis>

121

115

</refsynopsisdiv>

122

116

123

117

124

118

<title>DESCRIPTION</title>

125

119

<para>

126

120

<command>&COMMANDNAME;</command> is a client program that

127

121

communicates with <citerefentry><refentrytitle

128

122

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

129

to get a password. In slightly more detail, this client program

130

brings up a network interface, uses the interface’s IPv6

131

link-local address to get network connectivity, uses Zeroconf to

132

find servers on the local network, and communicates with servers

133

using TLS with an OpenPGP key to ensure authenticity and

134

confidentiality. This client program keeps running, trying all

135

servers on the network, until it receives a satisfactory reply

136

or a TERM signal is received. If no servers are found, or after

137

all servers have been tried, it waits indefinitely for new

138

servers to appear.

123

to get a password. It uses IPv6 link-local addresses to get

124

network connectivity, Zeroconf to find servers, and TLS with an

125

OpenPGP key to ensure authenticity and confidentiality. It

126

keeps running, trying all servers on the network, until it

127

receives a satisfactory reply or a TERM signal is received.

139

128

</para>

140

129

<para>

141

130

This program is not meant to be run directly; it is really meant

195

184

</varlistentry>

196

185

197

186

198

<term><option>--interface=<replaceable

199

>NAME</replaceable></option></term>

187

<term><option>--interface=

188

200

189

<term><option>-i

201

190

202

191

203

192

<para>

204

193

Network interface that will be brought up and scanned for

205

Mandos servers to connect to. The default is

194

Mandos servers to connect to. The default it

206

195

<quote><literal>eth0</literal></quote>.

207

196

</para>

208

197

<para>

210

199

specifies the interface to use to connect to the address

211

200

given.

212

201

</para>

213

<para>

214

Note that since this program will normally run in the

215

initial RAM disk environment, the interface must be an

216

interface which exists at that stage. Thus, the interface

217

can not be a pseudo-interface such as <quote>br0</quote>

218

or <quote>tun0</quote>; such interfaces will not exist

219

until much later in the boot process, and can not be used

220

by this program.

221

</para>

222

<para>

223

<replaceable>NAME</replaceable> can be the empty string;

224

this will not use any specific interface, and will not

225

bring up an interface on startup. This is not

226

recommended, and only meant for advanced users.

227

</para>

228

202

</listitem>

229

203

</varlistentry>

230

204

241

215

</para>

242

216

</listitem>

243

217

</varlistentry>

244

218

245

219

246

220

<term><option>--seckey=<replaceable

247

221

>FILE</replaceable></option></term>

264

238

xpointer="priority"/>

265

239

</listitem>

266

240

</varlistentry>

267

241

268

242

269

243

<term><option>--dh-bits=<replaceable

270

244

>BITS</replaceable></option></term>

275

249

</para>

276

250

</listitem>

277

251

</varlistentry>

278

279

280

<term><option>--delay=<replaceable

281

>SECONDS</replaceable></option></term>

282

283

<para>

284

After bringing the network interface up, the program waits

285

for the interface to arrive in a <quote>running</quote>

286

state before proceeding. During this time, the kernel log

287

level will be lowered to reduce clutter on the system

288

console, alleviating any other plugins which might be

289

using the system console. This option sets the upper

290

limit of seconds to wait. The default is 2.5 seconds.

291

</para>

292

</listitem>

293

</varlistentry>

294

252

295

253

296

254

<term><option>--debug</option></term>

326

284

</para>

327

285

</listitem>

328

286

</varlistentry>

329

287

330

288

331

289

<term><option>--version</option></term>

332

290

338

296

</varlistentry>

339

297

</variablelist>

340

298

</refsect1>

341

299

342

300

343

301

<title>OVERVIEW</title>

344

302

<xi:include href="../overview.xml"/>

353

311

<filename>/etc/crypttab</filename>, but it would then be

354

312

impossible to enter a password for the encrypted root disk at

355

313

the console, since this program does not read from the console

356

at all. This is why a separate plugin runner (<citerefentry>

357

<refentrytitle>plugin-runner</refentrytitle>

358

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

359

both this program and others in in parallel,

360

<emphasis>one</emphasis> of which will prompt for passwords on

361

the system console.

314

at all. This is why a separate plugin (<citerefentry>

315

<refentrytitle>password-prompt</refentrytitle>

316

<manvolnum>8mandos</manvolnum></citerefentry>) does that, which

317

will be run in parallel to this one by the plugin runner.

362

318

</para>

363

319

</refsect1>

364

320

371

327

program will exit with a non-zero exit status only if a critical

372

328

error occurs. Otherwise, it will forever connect to new

373

329

<application>Mandos</application> servers as they appear, trying

374

to get a decryptable password and print it.

330

to get a decryptable password.

375

331

</para>

376

332

</refsect1>

377

333

385

341

</para>

386

342

</refsect1>

387

343

388

344

389

345

<title>FILES</title>

390

346

391

347

410

366

411

367

412

368

413

369

414

370

415

371

<title>EXAMPLE</title>

416

372

<para>

430

386

</informalexample>

431

387

432

388

<para>

433

Search for Mandos servers (and connect to them) using another

434

interface:

389

Search for Mandos servers on another interface:

435

390

</para>

436

391

<para>

437

392

452

407

453

408

<para>

454

409

Run in debug mode, with a custom key, and do not use Zeroconf

455

to locate a server; connect directly to the IPv6 link-local

456

address <quote><systemitem class="ipaddress"

457

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

458

using interface eth2:

410

to locate a server; connect directly to the IPv6 address

411

<quote><systemitem class="ipaddress"

412

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

413

port 4711, using interface eth2:

459

414

</para>

460

415

<para>

461

416

462

417

463

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

418

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

464

419

465

420

</para>

466

421

</informalexample>

467

422

</refsect1>

468

423

469

424

470

425

<title>SECURITY</title>

471

426

<para>

491

446

The only remaining weak point is that someone with physical

492

447

access to the client hard drive might turn off the client

493

448

computer, read the OpenPGP keys directly from the hard drive,

494

and communicate with the server. To safeguard against this, the

495

server is supposed to notice the client disappearing and stop

496

giving out the encrypted data. Therefore, it is important to

497

set the timeout and checker interval values tightly on the

498

server. See <citerefentry><refentrytitle

449

and communicate with the server. The defense against this is

450

that the server is supposed to notice the client disappearing

451

and will stop giving out the encrypted data. Therefore, it is

452

important to set the timeout and checker interval values tightly

453

on the server. See <citerefentry><refentrytitle

499

454

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

500

455

</para>

501

456

<para>

512

467

confidential.

513

468

</para>

514

469

</refsect1>

515

470

516

471

517

472

518

473

<para>

643

598

</varlistentry>

644

599

</variablelist>

645

600

</refsect1>

601

646

602

</refentry>

647

648

603

649

604

650

605

Older »