/mandos/trunk : revision 171

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

Committer: Teddy Hogeborn
Date: 2008-09-06 16:31:49 UTC
Revision ID: teddy@fukt.bsnet.se-20080906163149-1ddq2klhdwwiw1ry

Renamed "password-request" to "mandos-client".

* Makefile: - '' -
* mandos-keygen.xml: - '' -
* mandos-options.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.conf: - '' -
* plugin-runner.xml: - '' -
* plugins.d/password-prompt.xml: - '' -
* plugins.d/password-request.c: Renamed to "mandos-client.c".
* plugins.d/password-request.xml: Renamed to "mandos-client.xml".

files added:
README

default-mandos

etc-plugins.d-README

init.d-mandos

legalnotice.xml

plugin-runner.conf

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
Makefile

TODO

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.xml

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2008-09-06">

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

137

115

Any authenticated client is then given the stored pre-encrypted

138

116

password for that specific client.

139

117

</para>

140

141

118

</refsect1>

142

119

143

120

144

121

<title>PURPOSE</title>

145

146

122

<para>

147

123

The purpose of this is to enable <emphasis>remote and unattended

148

124

rebooting</emphasis> of client host computer with an

149

125

<emphasis>encrypted root file system</emphasis>. See <xref

150

126

linkend="overview"/> for details.

151

127

</para>

152

153

128

</refsect1>

154

129

155

130

156

131

<title>OPTIONS</title>

157

158

132

159

133

160

134

262

236

<para>

263

237

This program is the server part. It is a normal server program

264

238

and will run in a normal system environment, not in an initial

265

RAM disk environment.

239

<acronym>RAM</acronym> disk environment.

266

240

</para>

267

241

</refsect1>

268

242

405

379

</listitem>

406

380

</varlistentry>

407

381

408

<term><filename>/var/run/mandos/mandos.pid</filename></term>

382

<term><filename>/var/run/mandos.pid</filename></term>

409

383

410

384

<para>

411

385

The file containing the process id of

460

434

Debug mode is conflated with running in the foreground.

461

435

</para>

462

436

<para>

463

The console log messages does not show a timestamp.

437

The console log messages does not show a time stamp.

438

</para>

439

<para>

440

This server does not check the expire time of clients’ OpenPGP

441

keys.

464

442

</para>

465

443

</refsect1>

466

444

509

487

<para>

510

488

Running this <command>&COMMANDNAME;</command> server program

511

489

should not in itself present any security risk to the host

512

computer running it. The program does not need any special

513

privileges to run, and is designed to run as a non-root user.

490

computer running it. The program switches to a non-root user

491

soon after startup.

514

492

</para>

515

493

</refsect2>

516

494

543

521

restarting servers if it is suspected that a client has, in

544

522

fact, been compromised by parties who may now be running a

545

523

fake Mandos client with the keys from the non-encrypted

546

initial RAM image of the client host. What should be done in

547

that case (if restarting the server program really is

548

necessary) is to stop the server program, edit the

524

initial <acronym>RAM</acronym> image of the client host. What

525

should be done in that case (if restarting the server program

526

really is necessary) is to stop the server program, edit the

549

527

configuration file to omit any suspect clients, and restart

550

528

the server program.

551

529

</para>

552

530

<para>

553

531

For more details on client-side security, see

554

<citerefentry><refentrytitle>password-request</refentrytitle>

532

<citerefentry><refentrytitle>mandos-client</refentrytitle>

555

533

<manvolnum>8mandos</manvolnum></citerefentry>.

556

534

</para>

557

535

</refsect2>

565

543

566

544

<refentrytitle>mandos.conf</refentrytitle>

567

545

568

<refentrytitle>password-request</refentrytitle>

546

<refentrytitle>mandos-client</refentrytitle>

569

547

<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

570

548

571

549

</citerefentry>

Older »