/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-09-23 20:32:01 UTC
  • Revision ID: teddy@fukt.bsnet.se-20080923203201-3206nf092qsy7rvk
* plugins.d/splashy.c (main): Bug fix: free "exe_link".

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY VERSION "1.0">
5
 
<!ENTITY COMMANDNAME "password-request">
6
 
<!ENTITY TIMESTAMP "2008-09-03">
 
5
<!ENTITY COMMANDNAME "mandos-client">
 
6
<!ENTITY TIMESTAMP "2008-09-12">
7
7
]>
8
8
 
9
9
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
36
36
    </copyright>
37
37
    <xi:include href="../legalnotice.xml"/>
38
38
  </refentryinfo>
39
 
 
 
39
  
40
40
  <refmeta>
41
41
    <refentrytitle>&COMMANDNAME;</refentrytitle>
42
42
    <manvolnum>8mandos</manvolnum>
45
45
  <refnamediv>
46
46
    <refname><command>&COMMANDNAME;</command></refname>
47
47
    <refpurpose>
48
 
      Client for mandos
 
48
      Client for <application>Mandos</application>
49
49
    </refpurpose>
50
50
  </refnamediv>
51
 
 
 
51
  
52
52
  <refsynopsisdiv>
53
53
    <cmdsynopsis>
54
54
      <command>&COMMANDNAME;</command>
55
55
      <group>
56
56
        <arg choice="plain"><option>--connect
57
 
        <replaceable>IPADDR</replaceable><literal>:</literal
 
57
        <replaceable>ADDRESS</replaceable><literal>:</literal
58
58
        ><replaceable>PORT</replaceable></option></arg>
59
59
        <arg choice="plain"><option>-c
60
 
        <replaceable>IPADDR</replaceable><literal>:</literal
 
60
        <replaceable>ADDRESS</replaceable><literal>:</literal
61
61
        ><replaceable>PORT</replaceable></option></arg>
62
62
      </group>
63
63
      <sbr/>
64
64
      <group>
65
 
        <arg choice="plain"><option>--keydir
66
 
        <replaceable>DIRECTORY</replaceable></option></arg>
67
 
        <arg choice="plain"><option>-d
68
 
        <replaceable>DIRECTORY</replaceable></option></arg>
69
 
      </group>
70
 
      <sbr/>
71
 
      <group>
72
65
        <arg choice="plain"><option>--interface
73
66
        <replaceable>NAME</replaceable></option></arg>
74
67
        <arg choice="plain"><option>-i
120
113
      </group>
121
114
    </cmdsynopsis>
122
115
  </refsynopsisdiv>
123
 
 
 
116
  
124
117
  <refsect1 id="description">
125
118
    <title>DESCRIPTION</title>
126
119
    <para>
131
124
      network connectivity, Zeroconf to find servers, and TLS with an
132
125
      OpenPGP key to ensure authenticity and confidentiality.  It
133
126
      keeps running, trying all servers on the network, until it
134
 
      receives a satisfactory reply or a TERM signal is recieved.
 
127
      receives a satisfactory reply or a TERM signal is received.
135
128
    </para>
136
129
    <para>
137
130
      This program is not meant to be run directly; it is really meant
191
184
      </varlistentry>
192
185
      
193
186
      <varlistentry>
194
 
        <term><option>--keydir=<replaceable
195
 
        >DIRECTORY</replaceable></option></term>
196
 
        <term><option>-d
197
 
        <replaceable>DIRECTORY</replaceable></option></term>
198
 
        <listitem>
199
 
          <para>
200
 
            Directory to read the OpenPGP key files
201
 
            <filename>pubkey.txt</filename> and
202
 
            <filename>seckey.txt</filename> from.  The default is
203
 
            <filename>/conf/conf.d/mandos</filename> (in the initial
204
 
            <acronym>RAM</acronym> disk environment).
205
 
          </para>
206
 
        </listitem>
207
 
      </varlistentry>
208
 
 
209
 
      <varlistentry>
210
187
        <term><option>--interface=
211
188
        <replaceable>NAME</replaceable></option></term>
212
189
        <term><option>-i
232
209
        <replaceable>FILE</replaceable></option></term>
233
210
        <listitem>
234
211
          <para>
235
 
            OpenPGP public key file base name.  This will be combined
236
 
            with the directory from the <option>--keydir</option>
237
 
            option to form an absolute file name.  The default name is
238
 
            <quote><literal>pubkey.txt</literal></quote>.
 
212
            OpenPGP public key file name.  The default name is
 
213
            <quote><filename>/conf/conf.d/mandos/pubkey.txt</filename
 
214
            ></quote>.
239
215
          </para>
240
216
        </listitem>
241
217
      </varlistentry>
242
 
 
 
218
      
243
219
      <varlistentry>
244
220
        <term><option>--seckey=<replaceable
245
221
        >FILE</replaceable></option></term>
247
223
        <replaceable>FILE</replaceable></option></term>
248
224
        <listitem>
249
225
          <para>
250
 
            OpenPGP secret key file base name.  This will be combined
251
 
            with the directory from the <option>--keydir</option>
252
 
            option to form an absolute file name.  The default name is
253
 
            <quote><literal>seckey.txt</literal></quote>.
 
226
            OpenPGP secret key file name.  The default name is
 
227
            <quote><filename>/conf/conf.d/mandos/seckey.txt</filename
 
228
            ></quote>.
254
229
          </para>
255
230
        </listitem>
256
231
      </varlistentry>
263
238
                      xpointer="priority"/>
264
239
        </listitem>
265
240
      </varlistentry>
266
 
 
 
241
      
267
242
      <varlistentry>
268
243
        <term><option>--dh-bits=<replaceable
269
244
        >BITS</replaceable></option></term>
309
284
          </para>
310
285
        </listitem>
311
286
      </varlistentry>
312
 
 
 
287
      
313
288
      <varlistentry>
314
289
        <term><option>--version</option></term>
315
290
        <term><option>-V</option></term>
321
296
      </varlistentry>
322
297
    </variablelist>
323
298
  </refsect1>
324
 
 
 
299
  
325
300
  <refsect1 id="overview">
326
301
    <title>OVERVIEW</title>
327
302
    <xi:include href="../overview.xml"/>
336
311
      <filename>/etc/crypttab</filename>, but it would then be
337
312
      impossible to enter a password for the encrypted root disk at
338
313
      the console, since this program does not read from the console
339
 
      at all.  This is why a separate plugin (<citerefentry>
340
 
      <refentrytitle>password-prompt</refentrytitle>
341
 
      <manvolnum>8mandos</manvolnum></citerefentry>) does that, which
342
 
      will be run in parallell to this one by the plugin runner.
 
314
      at all.  This is why a separate plugin runner (<citerefentry>
 
315
      <refentrytitle>plugin-runner</refentrytitle>
 
316
      <manvolnum>8mandos</manvolnum></citerefentry>) is used to run
 
317
      both this program and others in in parallel,
 
318
      <emphasis>one</emphasis> of which will prompt for passwords on
 
319
      the system console.
343
320
    </para>
344
321
  </refsect1>
345
322
  
352
329
      program will exit with a non-zero exit status only if a critical
353
330
      error occurs.  Otherwise, it will forever connect to new
354
331
      <application>Mandos</application> servers as they appear, trying
355
 
      to get a decryptable password.
 
332
      to get a decryptable password and print it.
356
333
    </para>
357
334
  </refsect1>
358
335
  
391
368
<!--     <para> -->
392
369
<!--     </para> -->
393
370
<!--   </refsect1> -->
394
 
 
 
371
  
395
372
  <refsect1 id="example">
396
373
    <title>EXAMPLE</title>
397
374
    <para>
411
388
    </informalexample>
412
389
    <informalexample>
413
390
      <para>
414
 
        Search for Mandos servers on another interface:
 
391
        Search for Mandos servers (and connect to them) using another
 
392
        interface:
415
393
      </para>
416
394
      <para>
417
395
        <!-- do not wrap this line -->
420
398
    </informalexample>
421
399
    <informalexample>
422
400
      <para>
423
 
        Run in debug mode, and use a custom key directory:
 
401
        Run in debug mode, and use a custom key:
424
402
      </para>
425
403
      <para>
426
 
        <!-- do not wrap this line -->
427
 
        <userinput>&COMMANDNAME; --debug --keydir keydir</userinput>
 
404
 
 
405
<!-- do not wrap this line -->
 
406
<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt</userinput>
 
407
 
428
408
      </para>
429
409
    </informalexample>
430
410
    <informalexample>
431
411
      <para>
432
 
        Run in debug mode, with a custom key directory, and do not use
433
 
        Zeroconf to locate a server; connect directly to the IPv6
434
 
        address <quote><systemitem class="ipaddress"
 
412
        Run in debug mode, with a custom key, and do not use Zeroconf
 
413
        to locate a server; connect directly to the IPv6 address
 
414
        <quote><systemitem class="ipaddress"
435
415
        >2001:db8:f983:bd0b:30de:ae4a:71f2:f672</systemitem></quote>,
436
416
        port 4711, using interface eth2:
437
417
      </para>
438
418
      <para>
439
419
 
440
420
<!-- do not wrap this line -->
441
 
<userinput>&COMMANDNAME; --debug --keydir keydir --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>
 
421
<userinput>&COMMANDNAME; --debug --pubkey keydir/pubkey.txt --seckey keydir/seckey.txt --connect 2001:db8:f983:bd0b:30de:ae4a:71f2:f672:4711 --interface eth2</userinput>
442
422
 
443
423
      </para>
444
424
    </informalexample>
445
425
  </refsect1>
446
 
 
 
426
  
447
427
  <refsect1 id="security">
448
428
    <title>SECURITY</title>
449
429
    <para>
490
470
      confidential.
491
471
    </para>
492
472
  </refsect1>
493
 
 
 
473
  
494
474
  <refsect1 id="see_also">
495
475
    <title>SEE ALSO</title>
496
476
    <para>
621
601
      </varlistentry>
622
602
    </variablelist>
623
603
  </refsect1>
624
 
 
625
604
</refentry>
 
605
 
626
606
<!-- Local Variables: -->
627
607
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
628
608
<!-- time-stamp-end: "[\"']>" -->