/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-19 00:00:51 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080919000051-tgm5erxuj0zhs867
* debian/mandos-client.README.Debian: Document "eth0" default and how
                                      to change it.

* debian/mandos-client.postrm (update_initramfs): Use "type" instead
                                                  of "which".

* plugin-runner.c (handle_sigchld, print_out_password): Declared
                                                        static.

* plugin-runner.xml (SYNOPSIS, OPTIONS): Changed "VAR" to "ENV" in the
                                         "--global-env" option to be
                                         consistent with the
                                         "--env-for" option.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
 
4
<!ENTITY VERSION "1.0">
4
5
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2009-01-04">
6
 
<!ENTITY % common SYSTEM "../common.ent">
7
 
%common;
 
6
<!ENTITY TIMESTAMP "2008-09-12">
8
7
]>
9
8
 
10
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
10
  <refentryinfo>
12
11
    <title>Mandos Manual</title>
13
 
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
12
    <!-- Nwalsh’s docbook scripts use this to generate the footer: -->
14
13
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
 
14
    <productnumber>&VERSION;</productnumber>
16
15
    <date>&TIMESTAMP;</date>
17
16
    <authorgroup>
18
17
      <author>
32
31
    </authorgroup>
33
32
    <copyright>
34
33
      <year>2008</year>
35
 
      <year>2009</year>
36
34
      <holder>Teddy Hogeborn</holder>
37
35
      <holder>Björn Påhlsson</holder>
38
36
    </copyright>
93
91
      </arg>
94
92
      <sbr/>
95
93
      <arg>
96
 
        <option>--delay <replaceable>SECONDS</replaceable></option>
97
 
      </arg>
98
 
      <sbr/>
99
 
      <arg>
100
94
        <option>--debug</option>
101
95
      </arg>
102
96
    </cmdsynopsis>
255
249
          </para>
256
250
        </listitem>
257
251
      </varlistentry>
258
 
 
259
 
      <varlistentry>
260
 
        <term><option>--delay=<replaceable
261
 
        >SECONDS</replaceable></option></term>
262
 
        <listitem>
263
 
          <para>
264
 
            After bringing the network interface up, the program waits
265
 
            for the interface to arrive in a <quote>running</quote>
266
 
            state before proceeding.  During this time, the kernel log
267
 
            level will be lowered to reduce clutter on the system
268
 
            console, alleviating any other plugins which might be
269
 
            using the system console.  This option sets the upper
270
 
            limit of seconds to wait.  The default is 2.5 seconds.
271
 
          </para>
272
 
        </listitem>
273
 
      </varlistentry>
274
252
      
275
253
      <varlistentry>
276
254
        <term><option>--debug</option></term>
365
343
    </para>
366
344
  </refsect1>
367
345
  
368
 
  <refsect1 id="files">
 
346
  <refsect1 id="file">
369
347
    <title>FILES</title>
370
348
    <variablelist>
371
349
      <varlistentry>
471
449
      The only remaining weak point is that someone with physical
472
450
      access to the client hard drive might turn off the client
473
451
      computer, read the OpenPGP keys directly from the hard drive,
474
 
      and communicate with the server.  To safeguard against this, the
475
 
      server is supposed to notice the client disappearing and stop
476
 
      giving out the encrypted data.  Therefore, it is important to
477
 
      set the timeout and checker interval values tightly on the
478
 
      server.  See <citerefentry><refentrytitle
 
452
      and communicate with the server.  The defense against this is
 
453
      that the server is supposed to notice the client disappearing
 
454
      and will stop giving out the encrypted data.  Therefore, it is
 
455
      important to set the timeout and checker interval values tightly
 
456
      on the server.  See <citerefentry><refentrytitle
479
457
      >mandos</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
480
458
    </para>
481
459
    <para>