/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-04 21:42:02 UTC
  • mfrom: (24.1.89 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20080904214202-md7u3n1yqng8vz82
* Makefile (run-client): Do not depend on the key ring files.
  (keydir/secring.gpg, keydir/pubring.gpg): Removed.
  (confdir/mandos.conf): Install with proper mode.
  (confdir/clients.conf): - '' -

* mandos-keygen: Use a temporary directory with key ring files instead
                 of separate temporary key ring files.  Removed
                 "--no-random-seed" and "--no-permission-warning" from
                 all gpg invocations.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY CONFNAME "mandos-clients.conf">
5
6
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2009-02-15">
7
 
<!ENTITY % common SYSTEM "common.ent">
8
 
%common;
 
7
<!ENTITY TIMESTAMP "2008-09-04">
9
8
]>
10
9
 
11
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
13
12
    <title>Mandos Manual</title>
14
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
15
14
    <productname>Mandos</productname>
16
 
    <productnumber>&version;</productnumber>
 
15
    <productnumber>&VERSION;</productnumber>
17
16
    <date>&TIMESTAMP;</date>
18
17
    <authorgroup>
19
18
      <author>
33
32
    </authorgroup>
34
33
    <copyright>
35
34
      <year>2008</year>
36
 
      <year>2009</year>
37
35
      <holder>Teddy Hogeborn</holder>
38
36
      <holder>Björn Påhlsson</holder>
39
37
    </copyright>
40
38
    <xi:include href="legalnotice.xml"/>
41
39
  </refentryinfo>
42
 
  
 
40
 
43
41
  <refmeta>
44
42
    <refentrytitle>&CONFNAME;</refentrytitle>
45
43
    <manvolnum>5</manvolnum>
51
49
      Configuration file for the Mandos server
52
50
    </refpurpose>
53
51
  </refnamediv>
54
 
  
 
52
 
55
53
  <refsynopsisdiv>
56
54
    <synopsis>&CONFPATH;</synopsis>
57
55
  </refsynopsisdiv>
58
 
  
 
56
 
59
57
  <refsect1 id="description">
60
58
    <title>DESCRIPTION</title>
61
59
    <para>
97
95
    <para>
98
96
      Unknown options are ignored.  The used options are as follows:
99
97
    </para>
100
 
    
 
98
 
101
99
    <variablelist>
102
 
      
 
100
 
103
101
      <varlistentry>
104
102
        <term><option>timeout<literal> = </literal><replaceable
105
103
        >TIME</replaceable></option></term>
128
126
          </para>
129
127
        </listitem>
130
128
      </varlistentry>
131
 
      
 
129
 
132
130
      <varlistentry>
133
131
        <term><option>interval<literal> = </literal><replaceable
134
132
        >TIME</replaceable></option></term>
151
149
          </para>
152
150
        </listitem>
153
151
      </varlistentry>
154
 
      
 
152
 
155
153
      <varlistentry>
156
154
        <term><option>checker<literal> = </literal><replaceable
157
155
        >COMMAND</replaceable></option></term>
170
168
            <varname>PATH</varname> will be searched.  The default
171
169
            value for the checker command is <quote><literal
172
170
            ><command>fping</command> <option>-q</option> <option
173
 
            >--</option> %%(host)s</literal></quote>.
 
171
            >--</option> %(host)s</literal></quote>.
174
172
          </para>
175
173
          <para>
176
174
            In addition to normal start time expansion, this option
225
223
          </para>
226
224
        </listitem>
227
225
      </varlistentry>
228
 
      
 
226
 
229
227
      <varlistentry>
230
228
        <term><option>secfile<literal> = </literal><replaceable
231
229
        >FILENAME</replaceable></option></term>
241
239
            should <emphasis>not</emphasis> be base64-encoded, but
242
240
            will be sent to clients verbatim.
243
241
          </para>
244
 
          <para>
245
 
            File names of the form <filename>~user/foo/bar</filename>
246
 
            and <filename>$<envar>ENVVAR</envar>/foo/bar</filename>
247
 
            are supported.
248
 
          </para>
249
242
        </listitem>
250
243
      </varlistentry>
251
 
      
 
244
 
252
245
      <varlistentry>
253
246
        <term><option><literal>host = </literal><replaceable
254
247
        >STRING</replaceable></option></term>
257
250
            This option is <emphasis>optional</emphasis>, but highly
258
251
            <emphasis>recommended</emphasis> unless the
259
252
            <option>checker</option> option is modified to a
260
 
            non-standard value without <quote>%%(host)s</quote> in it.
 
253
            non-standard value without <quote>%(host)s</quote> in it.
261
254
          </para>
262
255
          <para>
263
256
            Host name for this client.  This is not used by the server
320
313
        mode is needed to expose an error of this kind.
321
314
      </para>
322
315
    </refsect2>
323
 
    
 
316
 
324
317
  </refsect1>
325
318
  
326
319
  <refsect1 id="files">
351
344
[DEFAULT]
352
345
timeout = 1h
353
346
interval = 5m
354
 
checker = fping -q -- %%(host)s
 
347
checker = fping -q -- %(host)s
355
348
 
356
349
# Client "foo"
357
350
[foo]
380
373
fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27
381
374
secfile = /etc/mandos/bar-secret
382
375
timeout = 15m
 
376
 
383
377
      </programlisting>
384
378
    </informalexample>
385
379
  </refsect1>