/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to INSTALL

Committer: Teddy Hogeborn
Date: 2008-09-12 19:12:40 UTC
Revision ID: teddy@fukt.bsnet.se-20080912191240-edjlcll43eoijkx0

* Makefile (install): Use "install-client-nokey".
  (install-server): Create "/etc/default" and "/usr/sbin", too.
  (install-client): Do not depend on "$(INITRAMFSTOOLS)/hooks/.".
                    Renamed to "install-client-nokey".  Split out
                    post-installation-stuff to new "install-client"
                    target.

* mandos-clients.conf.xml: White space adjustments.
* mandos-keygen.xml: - '' -
* mandos.conf.xml: - '' -
* mandos.xml: - '' -
* plugin-runner.xml: - '' -
* plugins.d/mandos-client.xml: - '' -

* overview.xml: Improved grammar.

files added:
debian

etc-plugins.d-README

plugins.d/usplash

files removed:
.bzr-builddeb

.bzr-builddeb/default.conf

NEWS

common.ent

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

default-mandos

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

97

97

and append this to the file "/etc/mandos/clients.conf" *on the

98

98

server computer*.

99

99

100

4. Configure the client to use the correct network interface. The

101

default is "eth0", and if this needs to be adjusted, it will be

102

necessary to edit /etc/mandos/plugin-runner.conf to uncomment and

103

change the line there. If that file is changed, the initrd.img

104

file must be updated, possibly using the following command:

105

106

# update-initramfs -k all -u

107

108

5. On the server computer, start the server by running the command

100

4. On the server computer, start the server by running the command

109

101

For Debian: su -c 'invoke-rc.d mandos start'

110

102

For Ubuntu: sudo invoke-rc.d mandos start

111

103

112

At this point, it is possible to verify that the correct password

113

will be received by the client by running the command:

114

115

# /usr/lib/mandos/plugins.d/mandos-client \

116

--pubkey=/etc/keys/mandos/pubkey.txt \

117

--seckey=/etc/keys/mandos/seckey.txt; echo

118

119

This command should retrieve the password from the server,

120

decrypt it, and output it to standard output.

121

122

104

After this, the client computer should be able to reboot without

123

105

needing a password entered on the console, as long as it does not

124

106

take more than an hour to reboot.

127

109

128

110

You may want to tighten or loosen the timeouts in the server

129

111

configuration files; see mandos.conf(5) and mandos-clients.conf(5).

130

If IPsec is not used, it is suggested that a more cryptographically

112

Is IPsec is not used, it is suggested that a more cryptographically

131

113

secure checker program is used and configured, since without IPsec

132

114

ping packets can be faked.

Older »