/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-05 07:11:24 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080905071124-9dq11jq5rfd6zfxf
* Makefile: Changed to use symbolic instead of octal modes throughout.
  (KEYDIR): New variable for the key directory.
  (install-server): Bug fix: remove "--parents" from install args.
  (install-client): Bug fix: - '' -  Also create key directory.  Do
                    not chmod plugin dir.  Create custom plugin directory
                    if not the same as normal plugin directory.  Add
                    "--dir" option to "mandos-keygen".  Add note about
                    running "mandos-keygen --password".
  (uninstall-server): Do not depend on the installed server binary,
                      since this made it impossible to do a purge
                      after an uninstall.
  (purge-client): Shred seckey.txt.  Use $(KEYDIR).

* README: Improved wording.

* initramfs-tools-hook: Use a loop to find prefix.  Also find keydir.
                        Remove "${DESTDIR}" from "copy_exec".  Do not
                        try to copy literal "*" if no custom plugins
                        are found.  Copy key files from keydir, not
                        config dir.  Only repair mode on directories
                        that actually exist.  Do not run chmod if
                        nothing needs repairing.

* plugin-runner.conf: New file.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY CONFNAME "mandos-clients.conf">
5
6
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2009-02-15">
7
 
<!ENTITY % common SYSTEM "common.ent">
8
 
%common;
 
7
<!ENTITY TIMESTAMP "2008-09-04">
9
8
]>
10
9
 
11
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
13
12
    <title>Mandos Manual</title>
14
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
15
14
    <productname>Mandos</productname>
16
 
    <productnumber>&version;</productnumber>
 
15
    <productnumber>&VERSION;</productnumber>
17
16
    <date>&TIMESTAMP;</date>
18
17
    <authorgroup>
19
18
      <author>
33
32
    </authorgroup>
34
33
    <copyright>
35
34
      <year>2008</year>
36
 
      <year>2009</year>
37
35
      <holder>Teddy Hogeborn</holder>
38
36
      <holder>Björn Påhlsson</holder>
39
37
    </copyright>
40
38
    <xi:include href="legalnotice.xml"/>
41
39
  </refentryinfo>
42
 
  
 
40
 
43
41
  <refmeta>
44
42
    <refentrytitle>&CONFNAME;</refentrytitle>
45
43
    <manvolnum>5</manvolnum>
51
49
      Configuration file for the Mandos server
52
50
    </refpurpose>
53
51
  </refnamediv>
54
 
  
 
52
 
55
53
  <refsynopsisdiv>
56
54
    <synopsis>&CONFPATH;</synopsis>
57
55
  </refsynopsisdiv>
58
 
  
 
56
 
59
57
  <refsect1 id="description">
60
58
    <title>DESCRIPTION</title>
61
59
    <para>
97
95
    <para>
98
96
      Unknown options are ignored.  The used options are as follows:
99
97
    </para>
100
 
    
 
98
 
101
99
    <variablelist>
102
 
      
 
100
 
103
101
      <varlistentry>
104
102
        <term><option>timeout<literal> = </literal><replaceable
105
103
        >TIME</replaceable></option></term>
128
126
          </para>
129
127
        </listitem>
130
128
      </varlistentry>
131
 
      
 
129
 
132
130
      <varlistentry>
133
131
        <term><option>interval<literal> = </literal><replaceable
134
132
        >TIME</replaceable></option></term>
151
149
          </para>
152
150
        </listitem>
153
151
      </varlistentry>
154
 
      
 
152
 
155
153
      <varlistentry>
156
154
        <term><option>checker<literal> = </literal><replaceable
157
155
        >COMMAND</replaceable></option></term>
170
168
            <varname>PATH</varname> will be searched.  The default
171
169
            value for the checker command is <quote><literal
172
170
            ><command>fping</command> <option>-q</option> <option
173
 
            >--</option> %%(host)s</literal></quote>.
 
171
            >--</option> %(host)s</literal></quote>.
174
172
          </para>
175
173
          <para>
176
174
            In addition to normal start time expansion, this option
225
223
          </para>
226
224
        </listitem>
227
225
      </varlistentry>
228
 
      
 
226
 
229
227
      <varlistentry>
230
228
        <term><option>secfile<literal> = </literal><replaceable
231
229
        >FILENAME</replaceable></option></term>
241
239
            should <emphasis>not</emphasis> be base64-encoded, but
242
240
            will be sent to clients verbatim.
243
241
          </para>
244
 
          <para>
245
 
            File names of the form <filename>~user/foo/bar</filename>
246
 
            and <filename>$<envar>ENVVAR</envar>/foo/bar</filename>
247
 
            are supported.
248
 
          </para>
249
242
        </listitem>
250
243
      </varlistentry>
251
 
      
 
244
 
252
245
      <varlistentry>
253
246
        <term><option><literal>host = </literal><replaceable
254
247
        >STRING</replaceable></option></term>
257
250
            This option is <emphasis>optional</emphasis>, but highly
258
251
            <emphasis>recommended</emphasis> unless the
259
252
            <option>checker</option> option is modified to a
260
 
            non-standard value without <quote>%%(host)s</quote> in it.
 
253
            non-standard value without <quote>%(host)s</quote> in it.
261
254
          </para>
262
255
          <para>
263
256
            Host name for this client.  This is not used by the server
320
313
        mode is needed to expose an error of this kind.
321
314
      </para>
322
315
    </refsect2>
323
 
    
 
316
 
324
317
  </refsect1>
325
318
  
326
319
  <refsect1 id="files">
351
344
[DEFAULT]
352
345
timeout = 1h
353
346
interval = 5m
354
 
checker = fping -q -- %%(host)s
 
347
checker = fping -q -- %(host)s
355
348
 
356
349
# Client "foo"
357
350
[foo]
380
373
fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27
381
374
secfile = /etc/mandos/bar-secret
382
375
timeout = 15m
 
376
 
383
377
      </programlisting>
384
378
    </informalexample>
385
379
  </refsect1>