/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-10-03 09:32:30 UTC
  • Revision ID: teddy@fukt.bsnet.se-20081003093230-rshn19e0c19zz12i
* .bzrignore (plugins.d/askpass-fifo): Added.

* Makefile (FORTIFY): Added "-fstack-protector-all".
  (mandos, mandos-keygen): Use more strict regexps when updating the
                           version number.

* mandos (Client.__init__): Use os.path.expandvars() and
                            os.path.expanduser() on the "secfile"
                            config value.

* plugins.d/splashy.c: Update comments and order of #include's.
  (main): Check user and group when looking for running splashy
          process.  Do not ignore ENOENT from execl().  Use _exit()
          instead of "return" when an error happens in child
          processes.  Bug fix: Only wait for splashy_update
          completion if it was started.  Bug fix: detect failing
          waitpid().  Only kill splashy_update if it is running.  Do
          the killing of the old splashy process before the fork().
          Do setsid() and setuid(geteuid()) before starting the new
          splashy.  Report failing execl().

* plugins.d/usplash.c: Update comments and order of #include's.
  (main): Check user and group when looking for running usplash
          process.  Do not report execv() error if interrupted by a
          signal.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
 
5
<!ENTITY TIMESTAMP "2008-09-30">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
6
8
]>
7
9
 
8
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
9
11
  <refentryinfo>
10
 
    <title>&COMMANDNAME;</title>
 
12
    <title>Mandos Manual</title>
11
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
12
 
    <productname>&COMMANDNAME;</productname>
13
 
    <productnumber>&VERSION;</productnumber>
 
14
    <productname>Mandos</productname>
 
15
    <productnumber>&version;</productnumber>
 
16
    <date>&TIMESTAMP;</date>
14
17
    <authorgroup>
15
18
      <author>
16
19
        <firstname>Björn</firstname>
32
35
      <holder>Teddy Hogeborn</holder>
33
36
      <holder>Björn Påhlsson</holder>
34
37
    </copyright>
35
 
    <legalnotice>
36
 
      <para>
37
 
        This manual page is free software: you can redistribute it
38
 
        and/or modify it under the terms of the GNU General Public
39
 
        License as published by the Free Software Foundation,
40
 
        either version 3 of the License, or (at your option) any
41
 
        later version.
42
 
      </para>
43
 
 
44
 
      <para>
45
 
        This manual page is distributed in the hope that it will
46
 
        be useful, but WITHOUT ANY WARRANTY; without even the
47
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
48
 
        PARTICULAR PURPOSE.  See the GNU General Public License
49
 
        for more details.
50
 
      </para>
51
 
 
52
 
      <para>
53
 
        You should have received a copy of the GNU General Public
54
 
        License along with this program; If not, see
55
 
        <ulink url="http://www.gnu.org/licenses/"/>.
56
 
      </para>
57
 
    </legalnotice>
 
38
    <xi:include href="legalnotice.xml"/>
58
39
  </refentryinfo>
59
 
 
 
40
  
60
41
  <refmeta>
61
42
    <refentrytitle>&COMMANDNAME;</refentrytitle>
62
43
    <manvolnum>8</manvolnum>
65
46
  <refnamediv>
66
47
    <refname><command>&COMMANDNAME;</command></refname>
67
48
    <refpurpose>
68
 
      Generate keys for <citerefentry><refentrytitle>password-request
69
 
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
 
49
      Generate key and password for Mandos client and server.
70
50
    </refpurpose>
71
51
  </refnamediv>
72
 
 
 
52
  
73
53
  <refsynopsisdiv>
74
54
    <cmdsynopsis>
75
55
      <command>&COMMANDNAME;</command>
76
 
      <group choice="opt">
77
 
        <arg choice="plain"><option>--dir</option>
78
 
        <replaceable>directory</replaceable></arg>
79
 
      </group>
80
 
      <group choice="opt">
81
 
        <arg choice="plain"><option>--type</option>
82
 
        <replaceable>type</replaceable></arg>
83
 
      </group>
84
 
      <group choice="opt">
85
 
        <arg choice="plain"><option>--length</option>
86
 
        <replaceable>bits</replaceable></arg>
87
 
      </group>
88
 
      <group choice="opt">
89
 
        <arg choice="plain"><option>--subtype</option>
90
 
        <replaceable>type</replaceable></arg>
91
 
      </group>
92
 
      <group choice="opt">
93
 
        <arg choice="plain"><option>--sublength</option>
94
 
        <replaceable>bits</replaceable></arg>
95
 
      </group>
96
 
      <group choice="opt">
97
 
        <arg choice="plain"><option>--name</option>
98
 
        <replaceable>NAME</replaceable></arg>
99
 
      </group>
100
 
      <group choice="opt">
101
 
        <arg choice="plain"><option>--email</option>
102
 
        <replaceable>EMAIL</replaceable></arg>
103
 
      </group>
104
 
      <group choice="opt">
105
 
        <arg choice="plain"><option>--comment</option>
106
 
        <replaceable>COMMENT</replaceable></arg>
107
 
      </group>
108
 
      <group choice="opt">
109
 
        <arg choice="plain"><option>--expire</option>
110
 
        <replaceable>TIME</replaceable></arg>
111
 
      </group>
112
 
      <group choice="opt">
113
 
        <arg choice="plain"><option>--force</option></arg>
114
 
      </group>
115
 
    </cmdsynopsis>
116
 
    <cmdsynopsis>
117
 
      <command>&COMMANDNAME;</command>
118
 
      <group choice="opt">
119
 
        <arg choice="plain"><option>-d</option>
120
 
        <replaceable>directory</replaceable></arg>
121
 
      </group>
122
 
      <group choice="opt">
123
 
        <arg choice="plain"><option>-t</option>
124
 
        <replaceable>type</replaceable></arg>
125
 
      </group>
126
 
      <group choice="opt">
127
 
        <arg choice="plain"><option>-l</option>
128
 
        <replaceable>bits</replaceable></arg>
129
 
      </group>
130
 
      <group choice="opt">
131
 
        <arg choice="plain"><option>-s</option>
132
 
        <replaceable>type</replaceable></arg>
133
 
      </group>
134
 
      <group choice="opt">
135
 
        <arg choice="plain"><option>-L</option>
136
 
        <replaceable>bits</replaceable></arg>
137
 
      </group>
138
 
      <group choice="opt">
139
 
        <arg choice="plain"><option>-n</option>
140
 
        <replaceable>NAME</replaceable></arg>
141
 
      </group>
142
 
      <group choice="opt">
143
 
        <arg choice="plain"><option>-e</option>
144
 
        <replaceable>EMAIL</replaceable></arg>
145
 
      </group>
146
 
      <group choice="opt">
147
 
        <arg choice="plain"><option>-c</option>
148
 
        <replaceable>COMMENT</replaceable></arg>
149
 
      </group>
150
 
      <group choice="opt">
151
 
        <arg choice="plain"><option>-x</option>
152
 
        <replaceable>TIME</replaceable></arg>
153
 
      </group>
154
 
      <group choice="opt">
155
 
        <arg choice="plain"><option>-f</option></arg>
156
 
      </group>
 
56
      <group>
 
57
        <arg choice="plain"><option>--dir
 
58
        <replaceable>DIRECTORY</replaceable></option></arg>
 
59
        <arg choice="plain"><option>-d
 
60
        <replaceable>DIRECTORY</replaceable></option></arg>
 
61
      </group>
 
62
      <sbr/>
 
63
      <group>
 
64
        <arg choice="plain"><option>--type
 
65
        <replaceable>KEYTYPE</replaceable></option></arg>
 
66
        <arg choice="plain"><option>-t
 
67
        <replaceable>KEYTYPE</replaceable></option></arg>
 
68
      </group>
 
69
      <sbr/>
 
70
      <group>
 
71
        <arg choice="plain"><option>--length
 
72
        <replaceable>BITS</replaceable></option></arg>
 
73
        <arg choice="plain"><option>-l
 
74
        <replaceable>BITS</replaceable></option></arg>
 
75
      </group>
 
76
      <sbr/>
 
77
      <group>
 
78
        <arg choice="plain"><option>--subtype
 
79
        <replaceable>KEYTYPE</replaceable></option></arg>
 
80
        <arg choice="plain"><option>-s
 
81
        <replaceable>KEYTYPE</replaceable></option></arg>
 
82
      </group>
 
83
      <sbr/>
 
84
      <group>
 
85
        <arg choice="plain"><option>--sublength
 
86
        <replaceable>BITS</replaceable></option></arg>
 
87
        <arg choice="plain"><option>-L
 
88
        <replaceable>BITS</replaceable></option></arg>
 
89
      </group>
 
90
      <sbr/>
 
91
      <group>
 
92
        <arg choice="plain"><option>--name
 
93
        <replaceable>NAME</replaceable></option></arg>
 
94
        <arg choice="plain"><option>-n
 
95
        <replaceable>NAME</replaceable></option></arg>
 
96
      </group>
 
97
      <sbr/>
 
98
      <group>
 
99
        <arg choice="plain"><option>--email
 
100
        <replaceable>ADDRESS</replaceable></option></arg>
 
101
        <arg choice="plain"><option>-e
 
102
        <replaceable>ADDRESS</replaceable></option></arg>
 
103
      </group>
 
104
      <sbr/>
 
105
      <group>
 
106
        <arg choice="plain"><option>--comment
 
107
        <replaceable>TEXT</replaceable></option></arg>
 
108
        <arg choice="plain"><option>-c
 
109
        <replaceable>TEXT</replaceable></option></arg>
 
110
      </group>
 
111
      <sbr/>
 
112
      <group>
 
113
        <arg choice="plain"><option>--expire
 
114
        <replaceable>TIME</replaceable></option></arg>
 
115
        <arg choice="plain"><option>-x
 
116
        <replaceable>TIME</replaceable></option></arg>
 
117
      </group>
 
118
      <sbr/>
 
119
      <arg><option>--force</option></arg>
157
120
    </cmdsynopsis>
158
121
    <cmdsynopsis>
159
122
      <command>&COMMANDNAME;</command>
160
123
      <group choice="req">
 
124
        <arg choice="plain"><option>--password</option></arg>
161
125
        <arg choice="plain"><option>-p</option></arg>
162
 
        <arg choice="plain"><option>--password</option></arg>
163
 
      </group>
164
 
      <group choice="opt">
165
 
        <arg choice="plain"><option>--dir</option>
166
 
        <replaceable>directory</replaceable></arg>
167
 
      </group>
168
 
      <group choice="opt">
169
 
        <arg choice="plain"><option>--name</option>
170
 
        <replaceable>NAME</replaceable></arg>
 
126
        <arg choice="plain"><option>--passfile
 
127
        <replaceable>FILE</replaceable></option></arg>
 
128
        <arg choice="plain"><option>-F</option>
 
129
        <replaceable>FILE</replaceable></arg>
 
130
      </group>
 
131
      <sbr/>
 
132
      <group>
 
133
        <arg choice="plain"><option>--dir
 
134
        <replaceable>DIRECTORY</replaceable></option></arg>
 
135
        <arg choice="plain"><option>-d
 
136
        <replaceable>DIRECTORY</replaceable></option></arg>
 
137
      </group>
 
138
      <sbr/>
 
139
      <group>
 
140
        <arg choice="plain"><option>--name
 
141
        <replaceable>NAME</replaceable></option></arg>
 
142
        <arg choice="plain"><option>-n
 
143
        <replaceable>NAME</replaceable></option></arg>
171
144
      </group>
172
145
    </cmdsynopsis>
173
146
    <cmdsynopsis>
174
147
      <command>&COMMANDNAME;</command>
175
148
      <group choice="req">
 
149
        <arg choice="plain"><option>--help</option></arg>
176
150
        <arg choice="plain"><option>-h</option></arg>
177
 
        <arg choice="plain"><option>--help</option></arg>
178
151
      </group>
179
152
    </cmdsynopsis>
180
153
    <cmdsynopsis>
181
154
      <command>&COMMANDNAME;</command>
182
155
      <group choice="req">
 
156
        <arg choice="plain"><option>--version</option></arg>
183
157
        <arg choice="plain"><option>-v</option></arg>
184
 
        <arg choice="plain"><option>--version</option></arg>
185
158
      </group>
186
159
    </cmdsynopsis>
187
160
  </refsynopsisdiv>
188
 
 
 
161
  
189
162
  <refsect1 id="description">
190
163
    <title>DESCRIPTION</title>
191
164
    <para>
192
165
      <command>&COMMANDNAME;</command> is a program to generate the
193
 
      OpenPGP keys used by
194
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
195
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
166
      OpenPGP key used by
 
167
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
168
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
196
169
      normally written to /etc/mandos for later installation into the
197
 
      initrd image, but this, like most things, can be changed with
198
 
      command line options.
 
170
      initrd image, but this, and most other things, can be changed
 
171
      with command line options.
199
172
    </para>
200
173
    <para>
201
 
      It can also be used to generate ready-made sections for
 
174
      This program can also be used with the
 
175
      <option>--password</option> or <option>--passfile</option>
 
176
      options to generate a ready-made section for
 
177
      <filename>clients.conf</filename> (see
202
178
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
203
 
      <manvolnum>5</manvolnum></citerefentry> using the
204
 
      <option>--password</option> option.
 
179
      <manvolnum>5</manvolnum></citerefentry>).
205
180
    </para>
206
181
  </refsect1>
207
182
  
208
183
  <refsect1 id="purpose">
209
184
    <title>PURPOSE</title>
210
 
 
211
185
    <para>
212
186
      The purpose of this is to enable <emphasis>remote and unattended
213
187
      rebooting</emphasis> of client host computer with an
214
188
      <emphasis>encrypted root file system</emphasis>.  See <xref
215
189
      linkend="overview"/> for details.
216
190
    </para>
217
 
 
218
191
  </refsect1>
219
192
  
220
193
  <refsect1 id="options">
221
194
    <title>OPTIONS</title>
222
 
 
 
195
    
223
196
    <variablelist>
224
197
      <varlistentry>
225
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
198
        <term><option>--help</option></term>
 
199
        <term><option>-h</option></term>
226
200
        <listitem>
227
201
          <para>
228
202
            Show a help message and exit
229
203
          </para>
230
204
        </listitem>
231
205
      </varlistentry>
232
 
 
 
206
      
233
207
      <varlistentry>
234
 
        <term><literal>-d</literal>, <literal>--dir
235
 
        <replaceable>directory</replaceable></literal></term>
 
208
        <term><option>--dir
 
209
        <replaceable>DIRECTORY</replaceable></option></term>
 
210
        <term><option>-d
 
211
        <replaceable>DIRECTORY</replaceable></option></term>
236
212
        <listitem>
237
213
          <para>
238
214
            Target directory for key files.  Default is
240
216
          </para>
241
217
        </listitem>
242
218
      </varlistentry>
243
 
 
 
219
      
244
220
      <varlistentry>
245
 
        <term><literal>-t</literal>, <literal>--type
246
 
        <replaceable>type</replaceable></literal></term>
 
221
        <term><option>--type
 
222
        <replaceable>TYPE</replaceable></option></term>
 
223
        <term><option>-t
 
224
        <replaceable>TYPE</replaceable></option></term>
247
225
        <listitem>
248
226
          <para>
249
227
            Key type.  Default is <quote>DSA</quote>.
250
228
          </para>
251
229
        </listitem>
252
230
      </varlistentry>
253
 
 
 
231
      
254
232
      <varlistentry>
255
 
        <term><literal>-l</literal>, <literal>--length
256
 
        <replaceable>bits</replaceable></literal></term>
 
233
        <term><option>--length
 
234
        <replaceable>BITS</replaceable></option></term>
 
235
        <term><option>-l
 
236
        <replaceable>BITS</replaceable></option></term>
257
237
        <listitem>
258
238
          <para>
259
239
            Key length in bits.  Default is 2048.
260
240
          </para>
261
241
        </listitem>
262
242
      </varlistentry>
263
 
 
 
243
      
264
244
      <varlistentry>
265
 
        <term><literal>-s</literal>, <literal>--subtype
266
 
        <replaceable>type</replaceable></literal></term>
 
245
        <term><option>--subtype
 
246
        <replaceable>KEYTYPE</replaceable></option></term>
 
247
        <term><option>-s
 
248
        <replaceable>KEYTYPE</replaceable></option></term>
267
249
        <listitem>
268
250
          <para>
269
251
            Subkey type.  Default is <quote>ELG-E</quote> (Elgamal
271
253
          </para>
272
254
        </listitem>
273
255
      </varlistentry>
274
 
 
 
256
      
275
257
      <varlistentry>
276
 
        <term><literal>-L</literal>, <literal>--sublength
277
 
        <replaceable>bits</replaceable></literal></term>
 
258
        <term><option>--sublength
 
259
        <replaceable>BITS</replaceable></option></term>
 
260
        <term><option>-L
 
261
        <replaceable>BITS</replaceable></option></term>
278
262
        <listitem>
279
263
          <para>
280
264
            Subkey length in bits.  Default is 2048.
281
265
          </para>
282
266
        </listitem>
283
267
      </varlistentry>
284
 
 
 
268
      
285
269
      <varlistentry>
286
 
        <term><literal>-e</literal>, <literal>--email</literal>
287
 
        <replaceable>address</replaceable></term>
 
270
        <term><option>--email
 
271
        <replaceable>ADDRESS</replaceable></option></term>
 
272
        <term><option>-e
 
273
        <replaceable>ADDRESS</replaceable></option></term>
288
274
        <listitem>
289
275
          <para>
290
276
            Email address of key.  Default is empty.
291
277
          </para>
292
278
        </listitem>
293
279
      </varlistentry>
294
 
 
 
280
      
295
281
      <varlistentry>
296
 
        <term><literal>-c</literal>, <literal>--comment</literal>
297
 
        <replaceable>comment</replaceable></term>
 
282
        <term><option>--comment
 
283
        <replaceable>TEXT</replaceable></option></term>
 
284
        <term><option>-c
 
285
        <replaceable>TEXT</replaceable></option></term>
298
286
        <listitem>
299
287
          <para>
300
288
            Comment field for key.  The default value is
302
290
          </para>
303
291
        </listitem>
304
292
      </varlistentry>
305
 
 
 
293
      
306
294
      <varlistentry>
307
 
        <term><literal>-x</literal>, <literal>--expire</literal>
308
 
        <replaceable>time</replaceable></term>
 
295
        <term><option>--expire
 
296
        <replaceable>TIME</replaceable></option></term>
 
297
        <term><option>-x
 
298
        <replaceable>TIME</replaceable></option></term>
309
299
        <listitem>
310
300
          <para>
311
301
            Key expire time.  Default is no expiration.  See
314
304
          </para>
315
305
        </listitem>
316
306
      </varlistentry>
317
 
 
 
307
      
318
308
      <varlistentry>
319
 
        <term><literal>-f</literal>, <literal>--force</literal></term>
 
309
        <term><option>--force</option></term>
 
310
        <term><option>-f</option></term>
320
311
        <listitem>
321
312
          <para>
322
 
            Force overwriting old keys.
 
313
            Force overwriting old key.
323
314
          </para>
324
315
        </listitem>
325
316
      </varlistentry>
326
317
      <varlistentry>
327
 
        <term><literal>-p</literal>, <literal>--password</literal
328
 
        ></term>
 
318
        <term><option>--password</option></term>
 
319
        <term><option>-p</option></term>
329
320
        <listitem>
330
321
          <para>
331
322
            Prompt for a password and encrypt it with the key already
337
328
            >8</manvolnum></citerefentry>.  The host name or the name
338
329
            specified with the <option>--name</option> option is used
339
330
            for the section header.  All other options are ignored,
340
 
            and no keys are created.
 
331
            and no key is created.
 
332
          </para>
 
333
        </listitem>
 
334
      </varlistentry>
 
335
      <varlistentry>
 
336
        <term><option>--passfile
 
337
        <replaceable>FILE</replaceable></option></term>
 
338
        <term><option>-F
 
339
        <replaceable>FILE</replaceable></option></term>
 
340
        <listitem>
 
341
          <para>
 
342
            The same as <option>--password</option>, but read from
 
343
            <replaceable>FILE</replaceable>, not the terminal.
341
344
          </para>
342
345
        </listitem>
343
346
      </varlistentry>
344
347
    </variablelist>
345
348
  </refsect1>
346
 
 
 
349
  
347
350
  <refsect1 id="overview">
348
351
    <title>OVERVIEW</title>
349
352
    <xi:include href="overview.xml"/>
350
353
    <para>
351
354
      This program is a small utility to generate new OpenPGP keys for
352
 
      new Mandos clients.
 
355
      new Mandos clients, and to generate sections for inclusion in
 
356
      <filename>clients.conf</filename> on the server.
353
357
    </para>
354
358
  </refsect1>
355
 
 
 
359
  
356
360
  <refsect1 id="exit_status">
357
361
    <title>EXIT STATUS</title>
358
362
    <para>
359
 
      The exit status will be 0 if new keys were successfully created,
360
 
      otherwise not.
 
363
      The exit status will be 0 if a new key (or password, if the
 
364
      <option>--password</option> option was used) was successfully
 
365
      created, otherwise not.
361
366
    </para>
362
367
  </refsect1>
363
368
  
365
370
    <title>ENVIRONMENT</title>
366
371
    <variablelist>
367
372
      <varlistentry>
368
 
        <term><varname>TMPDIR</varname></term>
 
373
        <term><envar>TMPDIR</envar></term>
369
374
        <listitem>
370
375
          <para>
371
376
            If set, temporary files will be created here. See
414
419
      </varlistentry>
415
420
    </variablelist>
416
421
  </refsect1>
417
 
 
418
 
  <refsect1 id="bugs">
419
 
    <title>BUGS</title>
420
 
    <para>
421
 
      None are known at this time.
422
 
    </para>
423
 
  </refsect1>
424
 
 
 
422
  
 
423
<!--   <refsect1 id="bugs"> -->
 
424
<!--     <title>BUGS</title> -->
 
425
<!--     <para> -->
 
426
<!--     </para> -->
 
427
<!--   </refsect1> -->
 
428
  
425
429
  <refsect1 id="example">
426
430
    <title>EXAMPLE</title>
427
431
    <informalexample>
429
433
        Normal invocation needs no options:
430
434
      </para>
431
435
      <para>
432
 
        <userinput>mandos-keygen</userinput>
 
436
        <userinput>&COMMANDNAME;</userinput>
433
437
      </para>
434
438
    </informalexample>
435
439
    <informalexample>
436
440
      <para>
437
 
        Create keys in another directory and of another type.  Force
 
441
        Create key in another directory and of another type.  Force
438
442
        overwriting old key files:
439
443
      </para>
440
444
      <para>
441
445
 
442
446
<!-- do not wrap this line -->
443
 
<userinput>mandos-keygen --dir ~/keydir --type RSA --force</userinput>
 
447
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
 
448
 
 
449
      </para>
 
450
    </informalexample>
 
451
    <informalexample>
 
452
      <para>
 
453
        Prompt for a password, encrypt it with the key in
 
454
        <filename>/etc/mandos</filename> and output a section suitable
 
455
        for <filename>clients.conf</filename>.
 
456
      </para>
 
457
      <para>
 
458
        <userinput>&COMMANDNAME; --password</userinput>
 
459
      </para>
 
460
    </informalexample>
 
461
    <informalexample>
 
462
      <para>
 
463
        Prompt for a password, encrypt it with the key in the
 
464
        <filename>client-key</filename> directory and output a section
 
465
        suitable for <filename>clients.conf</filename>.
 
466
      </para>
 
467
      <para>
 
468
 
 
469
<!-- do not wrap this line -->
 
470
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
444
471
 
445
472
      </para>
446
473
    </informalexample>
447
474
  </refsect1>
448
 
 
 
475
  
449
476
  <refsect1 id="security">
450
477
    <title>SECURITY</title>
451
478
    <para>
452
479
      The <option>--type</option>, <option>--length</option>,
453
480
      <option>--subtype</option>, and <option>--sublength</option>
454
 
      options can be used to create keys of insufficient security.  If
455
 
      in doubt, leave them to the default values.
 
481
      options can be used to create keys of low security.  If in
 
482
      doubt, leave them to the default values.
456
483
    </para>
457
484
    <para>
458
 
      The key expire time is not guaranteed to be honored by
459
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
 
485
      The key expire time is <emphasis>not</emphasis> guaranteed to be
 
486
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
460
487
      <manvolnum>8</manvolnum></citerefentry>.
461
488
    </para>
462
489
  </refsect1>
463
 
 
 
490
  
464
491
  <refsect1 id="see_also">
465
492
    <title>SEE ALSO</title>
466
493
    <para>
467
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
468
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
494
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
495
      <manvolnum>1</manvolnum></citerefentry>,
 
496
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
497
      <manvolnum>5</manvolnum></citerefentry>,
469
498
      <citerefentry><refentrytitle>mandos</refentrytitle>
470
499
      <manvolnum>8</manvolnum></citerefentry>,
471
 
      <citerefentry><refentrytitle>gpg</refentrytitle>
472
 
      <manvolnum>1</manvolnum></citerefentry>
 
500
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
501
      <manvolnum>8mandos</manvolnum></citerefentry>
473
502
    </para>
474
503
  </refsect1>
475
504
  
476
505
</refentry>
 
506
<!-- Local Variables: -->
 
507
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
508
<!-- time-stamp-end: "[\"']>" -->
 
509
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
510
<!-- End: -->