/mandos/trunk : revision 165

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/password-request.xml

Committer: Teddy Hogeborn
Date: 2008-09-05 18:37:28 UTC
Revision ID: teddy@fukt.bsnet.se-20080905183728-l0m8v3vqa302uwrw

* mandos (main): Use EAFP with pidfile.

files added:
plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

INSTALL

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files renamed:
plugins.d/mandos-client.c => plugins.d/password-request.c

plugins.d/mandos-client.xml => plugins.d/password-request.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

plugins.d/password-request.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY COMMANDNAME "mandos-client">

<!ENTITY TIMESTAMP "2009-02-09">

<!ENTITY % common SYSTEM "../common.ent">

%common;

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "password-request">

<!ENTITY TIMESTAMP "2008-09-04">

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&version;</productnumber>

<productnumber>&VERSION;</productnumber>

<date>&TIMESTAMP;</date>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="../legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

<manvolnum>8mandos</manvolnum>

<refname><command>&COMMANDNAME;</command></refname>

Client for <application>Mandos</application>

Client for mandos

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

</arg>

<sbr/>

<arg>

<option>--delay <replaceable>SECONDS</replaceable></option>

</arg>

<sbr/>

<arg>

100

<option>--debug</option>

101

</arg>

102

</cmdsynopsis>

119

113

</group>

120

114

</cmdsynopsis>

121

115

</refsynopsisdiv>

122

116

123

117

124

118

<title>DESCRIPTION</title>

125

119

<para>

126

120

<command>&COMMANDNAME;</command> is a client program that

127

121

communicates with <citerefentry><refentrytitle

128

122

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>

129

to get a password. In slightly more detail, this client program

130

brings up a network interface, uses the interface’s IPv6

131

link-local address to get network connectivity, uses Zeroconf to

132

find servers on the local network, and communicates with servers

133

using TLS with an OpenPGP key to ensure authenticity and

134

confidentiality. This client program keeps running, trying all

135

servers on the network, until it receives a satisfactory reply

136

or a TERM signal is received. If no servers are found, or after

137

all servers have been tried, it waits indefinitely for new

138

servers to appear.

123

to get a password. It uses IPv6 link-local addresses to get

124

network connectivity, Zeroconf to find servers, and TLS with an

125

OpenPGP key to ensure authenticity and confidentiality. It

126

keeps running, trying all servers on the network, until it

127

receives a satisfactory reply or a TERM signal is received.

139

128

</para>

140

129

<para>

141

130

This program is not meant to be run directly; it is really meant

195

184

</varlistentry>

196

185

197

186

198

<term><option>--interface=<replaceable

199

>NAME</replaceable></option></term>

187

<term><option>--interface=

188

200

189

<term><option>-i

201

190

202

191

203

192

<para>

204

193

Network interface that will be brought up and scanned for

205

Mandos servers to connect to. The default is

194

Mandos servers to connect to. The default it

206

195

<quote><literal>eth0</literal></quote>.

207

196

</para>

208

197

<para>

210

199

specifies the interface to use to connect to the address

211

200

given.

212

201

</para>

213

<para>

214

Note that since this program will normally run in the

215

initial RAM disk environment, the interface must be an

216

interface which exists at that stage. Thus, the interface

217

can not be a pseudo-interface such as <quote>br0</quote>

218

or <quote>tun0</quote>; such interfaces will not exist

219

until much later in the boot process, and can not be used

220

by this program.

221

</para>

222

<para>

223

<replaceable>NAME</replaceable> can be the empty string;

224

this will not use any specific interface, and will not

225

bring up an interface on startup. This is not

226

recommended, and only meant for advanced users.

227

</para>

228

202

</listitem>

229

203

</varlistentry>

230

204

241

215

</para>

242

216

</listitem>

243

217

</varlistentry>

244

218

245

219

246

220

<term><option>--seckey=<replaceable

247

221

>FILE</replaceable></option></term>

264

238

xpointer="priority"/>

265

239

</listitem>

266

240

</varlistentry>

267

241

268

242

269

243

<term><option>--dh-bits=<replaceable

270

244

>BITS</replaceable></option></term>

275

249

</para>

276

250

</listitem>

277

251

</varlistentry>

278

279

280

<term><option>--delay=<replaceable

281

>SECONDS</replaceable></option></term>

282

283

<para>

284

After bringing the network interface up, the program waits

285

for the interface to arrive in a <quote>running</quote>

286

state before proceeding. During this time, the kernel log

287

level will be lowered to reduce clutter on the system

288

console, alleviating any other plugins which might be

289

using the system console. This option sets the upper

290

limit of seconds to wait. The default is 2.5 seconds.

291

</para>

292

</listitem>

293

</varlistentry>

294

252

295

253

296

254

<term><option>--debug</option></term>

326

284

</para>

327

285

</listitem>

328

286

</varlistentry>

329

287

330

288

331

289

<term><option>--version</option></term>

332

290

338

296

</varlistentry>

339

297

</variablelist>

340

298

</refsect1>

341

299

342

300

343

301

<title>OVERVIEW</title>

344

302

<xi:include href="../overview.xml"/>

353

311

<filename>/etc/crypttab</filename>, but it would then be

354

312

impossible to enter a password for the encrypted root disk at

355

313

the console, since this program does not read from the console

356

at all. This is why a separate plugin runner (<citerefentry>

357

<refentrytitle>plugin-runner</refentrytitle>

358

<manvolnum>8mandos</manvolnum></citerefentry>) is used to run

359

both this program and others in in parallel,

360

<emphasis>one</emphasis> of which will prompt for passwords on

361

the system console.

314

at all. This is why a separate plugin (<citerefentry>

315

<refentrytitle>password-prompt</refentrytitle>

316

<manvolnum>8mandos</manvolnum></citerefentry>) does that, which

317

will be run in parallel to this one by the plugin runner.

362

318

</para>

363

319

</refsect1>

364

320

371

327

program will exit with a non-zero exit status only if a critical

372

328

error occurs. Otherwise, it will forever connect to new

373

329

<application>Mandos</application> servers as they appear, trying

374

to get a decryptable password and print it.

330

to get a decryptable password.

375

331

</para>

376

332

</refsect1>

377

333

385

341

</para>

386

342

</refsect1>

387

343

388

344

389

345

<title>FILES</title>

390

346

391

347

410

366

411

367

412

368

413

369

414

370

415

371

<title>EXAMPLE</title>

416

372

<para>

452

408

453

409

<para>

454

410

Run in debug mode, with a custom key, and do not use Zeroconf

455

to locate a server; connect directly to the IPv6 link-local

456

address <quote><systemitem class="ipaddress"

457

>fe80::aede:48ff:fe71:f6f2</systemitem></quote>, port 4711,

458

using interface eth2:

411

to locate a server; connect directly to the IPv6 address

412

<quote><systemitem class="ipaddress"

413

>2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,

414

port 4711, using interface eth2:

459

415

</para>

460

416

<para>

461

417

462

418

463

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect fe80::aede:48ff:fe71:f6f2:4711 --interface eth2</userinput>

419

<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>

464

420

465

421

</para>

466

422

</informalexample>

467

423

</refsect1>

468

424

469

425

470

426

<title>SECURITY</title>

471

427

<para>

491

447

The only remaining weak point is that someone with physical

492

448

access to the client hard drive might turn off the client

493

449

computer, read the OpenPGP keys directly from the hard drive,

494

and communicate with the server. To safeguard against this, the

495

server is supposed to notice the client disappearing and stop

496

giving out the encrypted data. Therefore, it is important to

497

set the timeout and checker interval values tightly on the

498

server. See <citerefentry><refentrytitle

450

and communicate with the server. The defense against this is

451

that the server is supposed to notice the client disappearing

452

and will stop giving out the encrypted data. Therefore, it is

453

important to set the timeout and checker interval values tightly

454

on the server. See <citerefentry><refentrytitle

499

455

>mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.

500

456

</para>

501

457

<para>

512

468

confidential.

513

469

</para>

514

470

</refsect1>

515

471

516

472

517

473

518

474

<para>

643

599

</varlistentry>

644

600

</variablelist>

645

601

</refsect1>

602

646

603

</refentry>

647

648

604

649

605

650

606

Older »