4
4
<!ENTITY VERSION "1.0">
5
5
<!ENTITY CONFNAME "mandos-clients.conf">
6
6
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
7
<!ENTITY TIMESTAMP "2008-08-31">
7
<!ENTITY TIMESTAMP "2008-09-12">
10
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
93
93
start time expansion, see <xref linkend="expansion"/>.
96
Uknown options are ignored. The used options are as follows:
96
Unknown options are ignored. The used options are as follows:
102
102
<term><option>timeout<literal> = </literal><replaceable
103
103
>TIME</replaceable></option></term>
106
This option is <emphasis>optional</emphasis>.
106
109
The timeout is how long the server will wait for a
107
110
successful checker run until a client is considered
108
111
invalid - that is, ineligible to get the data this server
128
131
<term><option>interval<literal> = </literal><replaceable
129
132
>TIME</replaceable></option></term>
135
This option is <emphasis>optional</emphasis>.
132
138
How often to run the checker to confirm that a client is
133
139
still up. <emphasis>Note:</emphasis> a new checker will
134
140
not be started if an old one is still running. The server
148
154
<term><option>checker<literal> = </literal><replaceable
149
155
>COMMAND</replaceable></option></term>
158
This option is <emphasis>optional</emphasis>.
152
161
This option allows you to override the default shell
153
162
command that the server will use to check if the client is
154
163
still up. Any output of the command will be ignored, only
174
183
><replaceable>HEXSTRING</replaceable></option></term>
186
This option is <emphasis>required</emphasis>.
177
189
This option sets the OpenPGP fingerprint that identifies
178
190
the public key that clients authenticate themselves with
179
191
through TLS. The string needs to be in hexidecimal form,
187
199
>BASE64_ENCODED_DATA</replaceable></option></term>
202
If this option is not specified, the <option
203
>secfile</option> option is <emphasis>required</emphasis>
190
207
If present, this option must be set to a string of
191
208
base64-encoded binary data. It will be decoded and sent
192
209
to the client matching the above
204
221
lines is that a line beginning with white space adds to
205
222
the value of the previous line, RFC 822-style.
208
If this option is not specified, the <option
209
>secfile</option> option is used instead, but one of them
210
<emphasis>must</emphasis> be present.
216
228
<term><option>secfile<literal> = </literal><replaceable
217
229
>FILENAME</replaceable></option></term>
232
This option is only used if <option>secret</option> is not
233
specified, in which case this option is
234
<emphasis>required</emphasis>.
220
237
Similar to the <option>secret</option>, except the secret
221
238
data is in an external file. The contents of the file
222
239
should <emphasis>not</emphasis> be base64-encoded, but
223
240
will be sent to clients verbatim.
226
This option is only used, and <emphasis>must</emphasis> be
227
present, if <option>secret</option> is not specified.
233
246
<term><option><literal>host = </literal><replaceable
234
247
>STRING</replaceable></option></term>
250
This option is <emphasis>optional</emphasis>, but highly
251
<emphasis>recommended</emphasis> unless the
252
<option>checker</option> option is modified to a
253
non-standard value without <quote>%(host)s</quote> in it.
237
256
Host name for this client. This is not used by the server
238
257
directly, but can be, and is by default, used by the
239
258
checker. See the <option>checker</option> option.
added
removed
mandos-clients.conf.xml
