/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-05 16:24:33 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080905162433-58fgx91ae9foxlh1
* Makefile (PIDDIR, USER, GROUP): Removed.
  (install-server): Do not create $(PIDDIR).
  (uninstall-server): Do not remove $(PIDDIR).

* init.d-mandos (PIDFILE): Changed to "/var/run/$NAME.pid".

* mandos (IPv6_TCPServer.enabled): New attribute.
  (IPv6_TCPServer.server_activate): Only call method of superclass if
                                    "self.enabled".
  (IPv6_TCPServer.enable): Set "self.enabled" to True.
  (main): Create client Set() early.  Create IPv6_TCPServer object
          early.  Switch to user and group "mandos", "nobody" or
          65534, if possible.  Enable IPv6_TCPServer *after* switching
          user.

* mandos-keygen (KEYDIR): Changed to "/etc/keys/mandos".

* mandos.xml (FILES): Changed PID file.
  (SECURITY): The server does need to be privileged, but switches to a
              non-privileged user.

* plugin-runner.xml (EXAMPLE): Changed long example to something more
                               realistic.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY COMMANDNAME "mandos-keygen">
6
 
<!ENTITY TIMESTAMP "2008-09-20">
 
6
<!ENTITY TIMESTAMP "2008-09-03">
7
7
]>
8
8
 
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
36
36
    </copyright>
37
37
    <xi:include href="legalnotice.xml"/>
38
38
  </refentryinfo>
39
 
  
 
39
 
40
40
  <refmeta>
41
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
42
42
    <manvolnum>8</manvolnum>
48
48
      Generate key and password for Mandos client and server.
49
49
    </refpurpose>
50
50
  </refnamediv>
51
 
  
 
51
 
52
52
  <refsynopsisdiv>
53
53
    <cmdsynopsis>
54
54
      <command>&COMMANDNAME;</command>
122
122
      <group choice="req">
123
123
        <arg choice="plain"><option>--password</option></arg>
124
124
        <arg choice="plain"><option>-p</option></arg>
125
 
        <arg choice="plain"><option>--passfile
126
 
        <replaceable>FILE</replaceable></option></arg>
127
 
        <arg choice="plain"><option>-F</option>
128
 
        <replaceable>FILE</replaceable></arg>
129
125
      </group>
130
126
      <sbr/>
131
127
      <group>
163
159
    <para>
164
160
      <command>&COMMANDNAME;</command> is a program to generate the
165
161
      OpenPGP key used by
166
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
162
      <citerefentry><refentrytitle>password-request</refentrytitle>
167
163
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
168
164
      normally written to /etc/mandos for later installation into the
169
165
      initrd image, but this, and most other things, can be changed
171
167
    </para>
172
168
    <para>
173
169
      This program can also be used with the
174
 
      <option>--password</option> or <option>--passfile</option>
175
 
      options to generate a ready-made section for
176
 
      <filename>clients.conf</filename> (see
 
170
      <option>--password</option> option to generate a ready-made
 
171
      section for <filename>clients.conf</filename> (see
177
172
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
178
173
      <manvolnum>5</manvolnum></citerefentry>).
179
174
    </para>
202
197
          </para>
203
198
        </listitem>
204
199
      </varlistentry>
205
 
      
 
200
 
206
201
      <varlistentry>
207
202
        <term><option>--dir
208
203
        <replaceable>DIRECTORY</replaceable></option></term>
215
210
          </para>
216
211
        </listitem>
217
212
      </varlistentry>
218
 
      
 
213
 
219
214
      <varlistentry>
220
215
        <term><option>--type
221
216
        <replaceable>TYPE</replaceable></option></term>
227
222
          </para>
228
223
        </listitem>
229
224
      </varlistentry>
230
 
      
 
225
 
231
226
      <varlistentry>
232
227
        <term><option>--length
233
228
        <replaceable>BITS</replaceable></option></term>
239
234
          </para>
240
235
        </listitem>
241
236
      </varlistentry>
242
 
      
 
237
 
243
238
      <varlistentry>
244
239
        <term><option>--subtype
245
240
        <replaceable>KEYTYPE</replaceable></option></term>
252
247
          </para>
253
248
        </listitem>
254
249
      </varlistentry>
255
 
      
 
250
 
256
251
      <varlistentry>
257
252
        <term><option>--sublength
258
253
        <replaceable>BITS</replaceable></option></term>
264
259
          </para>
265
260
        </listitem>
266
261
      </varlistentry>
267
 
      
 
262
 
268
263
      <varlistentry>
269
264
        <term><option>--email
270
265
        <replaceable>ADDRESS</replaceable></option></term>
276
271
          </para>
277
272
        </listitem>
278
273
      </varlistentry>
279
 
      
 
274
 
280
275
      <varlistentry>
281
276
        <term><option>--comment
282
277
        <replaceable>TEXT</replaceable></option></term>
289
284
          </para>
290
285
        </listitem>
291
286
      </varlistentry>
292
 
      
 
287
 
293
288
      <varlistentry>
294
289
        <term><option>--expire
295
290
        <replaceable>TIME</replaceable></option></term>
303
298
          </para>
304
299
        </listitem>
305
300
      </varlistentry>
306
 
      
 
301
 
307
302
      <varlistentry>
308
303
        <term><option>--force</option></term>
309
304
        <term><option>-f</option></term>
331
326
          </para>
332
327
        </listitem>
333
328
      </varlistentry>
334
 
      <varlistentry>
335
 
        <term><option>--passfile
336
 
        <replaceable>FILE</replaceable></option></term>
337
 
        <term><option>-F
338
 
        <replaceable>FILE</replaceable></option></term>
339
 
        <listitem>
340
 
          <para>
341
 
            The same as <option>--password</option>, but read from
342
 
            <replaceable>FILE</replaceable>, not the terminal.
343
 
          </para>
344
 
        </listitem>
345
 
      </varlistentry>
346
329
    </variablelist>
347
330
  </refsect1>
348
 
  
 
331
 
349
332
  <refsect1 id="overview">
350
333
    <title>OVERVIEW</title>
351
334
    <xi:include href="overview.xml"/>
355
338
      <filename>clients.conf</filename> on the server.
356
339
    </para>
357
340
  </refsect1>
358
 
  
 
341
 
359
342
  <refsect1 id="exit_status">
360
343
    <title>EXIT STATUS</title>
361
344
    <para>
418
401
      </varlistentry>
419
402
    </variablelist>
420
403
  </refsect1>
421
 
  
 
404
 
422
405
<!--   <refsect1 id="bugs"> -->
423
406
<!--     <title>BUGS</title> -->
424
407
<!--     <para> -->
425
408
<!--     </para> -->
426
409
<!--   </refsect1> -->
427
 
  
 
410
 
428
411
  <refsect1 id="example">
429
412
    <title>EXAMPLE</title>
430
413
    <informalexample>
471
454
      </para>
472
455
    </informalexample>
473
456
  </refsect1>
474
 
  
 
457
 
475
458
  <refsect1 id="security">
476
459
    <title>SECURITY</title>
477
460
    <para>
486
469
      <manvolnum>8</manvolnum></citerefentry>.
487
470
    </para>
488
471
  </refsect1>
489
 
  
 
472
 
490
473
  <refsect1 id="see_also">
491
474
    <title>SEE ALSO</title>
492
475
    <para>
496
479
      <manvolnum>5</manvolnum></citerefentry>,
497
480
      <citerefentry><refentrytitle>mandos</refentrytitle>
498
481
      <manvolnum>8</manvolnum></citerefentry>,
499
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
482
      <citerefentry><refentrytitle>password-request</refentrytitle>
500
483
      <manvolnum>8mandos</manvolnum></citerefentry>
501
484
    </para>
502
485
  </refsect1>