/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-ctl.xml

  • Committer: Teddy Hogeborn
  • Date: 2008-12-10 01:26:02 UTC
  • mfrom: (237.1.2 mandos)
  • Revision ID: teddy@fukt.bsnet.se-20081210012602-vhz3h75xkj24t340
First version of a somewhat complete D-Bus server interface.  Also
change user/group name to "_mandos".

* debian/mandos.postinst: Rename old "mandos" user and group to
                          "_mandos"; create "_mandos" user and group
                          if none exist.
* debian/mandos-client.postinst: - '' -

* initramfs-tools-hook: Try "_mandos" before "mandos" as user and
                        group name.

* mandos (_datetime_to_dbus_struct): New; was previously local.
  (Client.started): Renamed to "last_started".  All users changed.
  (Client.started): New; boolean.
  (Client.dbus_object_path): New.
  (Client.check_command): Renamed to "checker_command".  All users
                          changed.
  (Client.__init__): Set and use "self.dbus_object_path".  Set
                     "self.started".
  (Client.start): Update "self.started".  Emit "self.PropertyChanged"
                  signals for both "started" and "last_started".
  (Client.stop): Update "self.started".  Emit "self.PropertyChanged"
                 signal for "started".
  (Client.checker_callback): Take additional "command" argument.  All
                             callers changed. Emit
                             "self.PropertyChanged" signal.
  (Client.bump_timeout): Emit "self.PropertyChanged" signal for
                         "last_checked_ok".
  (Client.start_checker): Emit "self.PropertyChanged" signal for
                          "checker_running".
  (Client.stop_checker): Emit "self.PropertyChanged" signal for
                         "checker_running".
  (Client.still_valid): Bug fix: use "getattr(self, started, False)"
                        instead of "self.started" in case this client
                        object is so new that the "started" attribute
                        has not been created yet.
  (Client.IntervalChanged, Client.CheckerIsRunning, Client.GetChecker,
  Client.GetCreated, Client.GetFingerprint, Client.GetHost,
  Client.GetInterval, Client.GetName, Client.GetStarted,
  Client.GetTimeout, Client.StateChanged, Client.TimeoutChanged):
  Removed; all callers changed.
  (Client.CheckerCompleted): Add "condition" and "command" arguments.
                             All callers changed.
  (Client.GetAllProperties, Client.PropertyChanged): New.
  (Client.StillValid): Renamed to "IsStillValid".
  (Client.StartChecker): Changed to its own function to avoid the
                         return value from "Client.start_checker()".
  (Client.Stop): Changed to its own function to avoid the return value
                 from "Client.stop()".
  (main): Try "_mandos" before "mandos" as user and group name.
          Removed inner function "remove_from_clients".  New inner
          class "MandosServer".

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version="1.0" encoding="UTF-8"?>
2
 
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
 
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY COMMANDNAME "mandos-ctl">
5
 
<!ENTITY TIMESTAMP "2019-02-10">
6
 
<!ENTITY % common SYSTEM "common.ent">
7
 
%common;
8
 
]>
9
 
 
10
 
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
 
  <refentryinfo>
12
 
    <title>Mandos Manual</title>
13
 
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
14
 
    <productname>Mandos</productname>
15
 
    <productnumber>&version;</productnumber>
16
 
    <date>&TIMESTAMP;</date>
17
 
    <authorgroup>
18
 
      <author>
19
 
        <firstname>Björn</firstname>
20
 
        <surname>Påhlsson</surname>
21
 
        <address>
22
 
          <email>belorn@recompile.se</email>
23
 
        </address>
24
 
      </author>
25
 
      <author>
26
 
        <firstname>Teddy</firstname>
27
 
        <surname>Hogeborn</surname>
28
 
        <address>
29
 
          <email>teddy@recompile.se</email>
30
 
        </address>
31
 
      </author>
32
 
    </authorgroup>
33
 
    <copyright>
34
 
      <year>2010</year>
35
 
      <year>2011</year>
36
 
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
 
      <year>2016</year>
41
 
      <year>2017</year>
42
 
      <year>2018</year>
43
 
      <year>2019</year>
44
 
      <holder>Teddy Hogeborn</holder>
45
 
      <holder>Björn Påhlsson</holder>
46
 
    </copyright>
47
 
    <xi:include href="legalnotice.xml"/>
48
 
  </refentryinfo>
49
 
  
50
 
  <refmeta>
51
 
    <refentrytitle>&COMMANDNAME;</refentrytitle>
52
 
    <manvolnum>8</manvolnum>
53
 
  </refmeta>
54
 
  
55
 
  <refnamediv>
56
 
    <refname><command>&COMMANDNAME;</command></refname>
57
 
    <refpurpose>
58
 
      Control or query the operation of the Mandos server
59
 
    </refpurpose>
60
 
  </refnamediv>
61
 
  
62
 
  <refsynopsisdiv>
63
 
    <cmdsynopsis>
64
 
      <command>&COMMANDNAME;</command>
65
 
      <group choice="req">
66
 
        <group>
67
 
          <arg choice="plain"><option>--enable</option></arg>
68
 
          <arg choice="plain"><option>-e</option></arg>
69
 
          <sbr/>
70
 
          <arg choice="plain"><option>--disable</option></arg>
71
 
          <arg choice="plain"><option>-d</option></arg>
72
 
        </group>
73
 
        <sbr/>
74
 
        <group>
75
 
          <arg choice="plain"><option>--bump-timeout</option></arg>
76
 
          <arg choice="plain"><option>-b</option></arg>
77
 
        </group>
78
 
        <sbr/>
79
 
        <group>
80
 
          <arg choice="plain"><option>--start-checker</option></arg>
81
 
        </group>
82
 
        <sbr/>
83
 
        <group>
84
 
          <arg choice="plain"><option>--stop-checker</option></arg>
85
 
        </group>
86
 
        <sbr/>
87
 
        <group>
88
 
          <arg choice="plain"><option>--remove</option></arg>
89
 
          <arg choice="plain"><option>-r</option></arg>
90
 
        </group>
91
 
        <sbr/>
92
 
        <group>
93
 
          <arg choice="plain"><option>--checker
94
 
          <replaceable>COMMAND</replaceable></option></arg>
95
 
          <arg choice="plain"><option>-c
96
 
          <replaceable>COMMAND</replaceable></option></arg>
97
 
        </group>
98
 
        <sbr/>
99
 
        <group>
100
 
          <arg choice="plain"><option>--timeout
101
 
          <replaceable>TIME</replaceable></option></arg>
102
 
          <arg choice="plain"><option>-t
103
 
          <replaceable>TIME</replaceable></option></arg>
104
 
        </group>
105
 
        <sbr/>
106
 
        <group>
107
 
          <arg choice="plain"><option>--extended-timeout
108
 
          <replaceable>TIME</replaceable></option></arg>
109
 
        </group>
110
 
        <sbr/>
111
 
        <group>
112
 
          <arg choice="plain"><option>--interval
113
 
          <replaceable>TIME</replaceable></option></arg>
114
 
          <arg choice="plain"><option>-i
115
 
          <replaceable>TIME</replaceable></option></arg>
116
 
        </group>
117
 
        <sbr/>
118
 
        <group>
119
 
          <arg choice="plain"><option>--approve-by-default</option
120
 
          ></arg>
121
 
          <sbr/>
122
 
          <arg choice="plain"><option>--deny-by-default</option></arg>
123
 
        </group>
124
 
        <sbr/>
125
 
        <group>
126
 
          <arg choice="plain"><option>--approval-delay
127
 
          <replaceable>TIME</replaceable></option></arg>
128
 
        </group>
129
 
        <sbr/>
130
 
        <group>
131
 
          <arg choice="plain"><option>--approval-duration
132
 
          <replaceable>TIME</replaceable></option></arg>
133
 
        </group>
134
 
        <sbr/>
135
 
        <group>
136
 
          <arg choice="plain"><option>--interval
137
 
          <replaceable>TIME</replaceable></option></arg>
138
 
          <arg choice="plain"><option>-i
139
 
          <replaceable>TIME</replaceable></option></arg>
140
 
        </group>
141
 
        <sbr/>
142
 
        <group>
143
 
          <arg choice="plain"><option>--host
144
 
          <replaceable>STRING</replaceable></option></arg>
145
 
          <arg choice="plain"><option>-H
146
 
          <replaceable>STRING</replaceable></option></arg>
147
 
        </group>
148
 
        <sbr/>
149
 
        <group>
150
 
          <arg choice="plain"><option>--secret
151
 
          <replaceable>FILENAME</replaceable></option></arg>
152
 
          <arg choice="plain"><option>-s
153
 
          <replaceable>FILENAME</replaceable></option></arg>
154
 
        </group>
155
 
        <sbr/>
156
 
        <group>
157
 
          <arg choice="plain"><option>--approve</option></arg>
158
 
          <arg choice="plain"><option>-A</option></arg>
159
 
          <sbr/>
160
 
          <arg choice="plain"><option>--deny</option></arg>
161
 
          <arg choice="plain"><option>-D</option></arg>
162
 
        </group>
163
 
      </group>
164
 
      <sbr/>
165
 
      <group choice="req">
166
 
        <arg choice="plain"><option>--all</option></arg>
167
 
        <arg choice="plain"><option>-a</option></arg>
168
 
        <arg rep='repeat' choice='plain'>
169
 
          <replaceable>CLIENT</replaceable>
170
 
        </arg>
171
 
      </group>
172
 
    </cmdsynopsis>
173
 
    <cmdsynopsis>
174
 
      <command>&COMMANDNAME;</command>
175
 
      <group>
176
 
          <arg choice="plain"><option>--verbose</option></arg>
177
 
          <arg choice="plain"><option>-v</option></arg>
178
 
          <sbr/>
179
 
          <arg choice="plain"><option>--dump-json</option></arg>
180
 
          <arg choice="plain"><option>-j</option></arg>
181
 
      </group>
182
 
      <group>
183
 
        <arg rep='repeat' choice='plain'>
184
 
          <replaceable>CLIENT</replaceable>
185
 
        </arg>
186
 
      </group>
187
 
    </cmdsynopsis>
188
 
    <cmdsynopsis>
189
 
      <command>&COMMANDNAME;</command>
190
 
      <group choice="req">
191
 
        <arg choice="plain"><option>--is-enabled</option></arg>
192
 
        <arg choice="plain"><option>-V</option></arg>
193
 
      </group>
194
 
      <arg choice='plain'><replaceable>CLIENT</replaceable></arg>
195
 
    </cmdsynopsis>
196
 
    <cmdsynopsis>
197
 
      <command>&COMMANDNAME;</command>
198
 
      <group choice="req">
199
 
        <arg choice="plain"><option>--help</option></arg>
200
 
        <arg choice="plain"><option>-h</option></arg>
201
 
      </group>
202
 
    </cmdsynopsis>
203
 
    <cmdsynopsis>
204
 
      <command>&COMMANDNAME;</command>
205
 
      <group choice="req">
206
 
        <arg choice="plain"><option>--version</option></arg>
207
 
        <arg choice="plain"><option>-v</option></arg>
208
 
      </group>
209
 
    </cmdsynopsis>
210
 
    <cmdsynopsis>
211
 
      <command>&COMMANDNAME;</command>
212
 
      <arg choice="plain"><option>--check</option></arg>
213
 
    </cmdsynopsis>
214
 
  </refsynopsisdiv>
215
 
  
216
 
  <refsect1 id="description">
217
 
    <title>DESCRIPTION</title>
218
 
    <para>
219
 
      <command>&COMMANDNAME;</command> is a program to control or
220
 
      query the operation of the Mandos server
221
 
      <citerefentry><refentrytitle>mandos</refentrytitle><manvolnum
222
 
      >8</manvolnum></citerefentry>.
223
 
    </para>
224
 
    <para>
225
 
      This program can be used to change client settings, approve or
226
 
      deny client requests, and to remove clients from the server.
227
 
    </para>
228
 
  </refsect1>
229
 
  
230
 
  <refsect1 id="purpose">
231
 
    <title>PURPOSE</title>
232
 
    <para>
233
 
      The purpose of this is to enable <emphasis>remote and unattended
234
 
      rebooting</emphasis> of client host computer with an
235
 
      <emphasis>encrypted root file system</emphasis>.  See <xref
236
 
      linkend="overview"/> for details.
237
 
    </para>
238
 
  </refsect1>
239
 
  
240
 
  <refsect1 id="options">
241
 
    <title>OPTIONS</title>
242
 
    
243
 
    <variablelist>
244
 
      <varlistentry>
245
 
        <term><option>--help</option></term>
246
 
        <term><option>-h</option></term>
247
 
        <listitem>
248
 
          <para>
249
 
            Show a help message and exit
250
 
          </para>
251
 
        </listitem>
252
 
      </varlistentry>
253
 
      
254
 
      <varlistentry>
255
 
        <term><option>--enable</option></term>
256
 
        <term><option>-e</option></term>
257
 
        <listitem>
258
 
          <para>
259
 
            Enable client(s).  An enabled client will be eligble to
260
 
            receive its secret.
261
 
          </para>
262
 
        </listitem>
263
 
      </varlistentry>
264
 
      
265
 
      <varlistentry>
266
 
        <term><option>--disable</option></term>
267
 
        <term><option>-d</option></term>
268
 
        <listitem>
269
 
          <para>
270
 
            Disable client(s).  A disabled client will not be eligble
271
 
            to receive its secret, and no checkers will be started for
272
 
            it.
273
 
          </para>
274
 
        </listitem>
275
 
      </varlistentry>
276
 
      
277
 
      <varlistentry>
278
 
        <term><option>--bump-timeout</option></term>
279
 
        <listitem>
280
 
          <para>
281
 
            Bump the timeout of the specified client(s), just as if a
282
 
            checker had completed successfully for it/them.
283
 
          </para>
284
 
        </listitem>
285
 
      </varlistentry>
286
 
      
287
 
      <varlistentry>
288
 
        <term><option>--start-checker</option></term>
289
 
        <listitem>
290
 
          <para>
291
 
            Start a new checker now for the specified client(s).
292
 
          </para>
293
 
        </listitem>
294
 
      </varlistentry>
295
 
      
296
 
      <varlistentry>
297
 
        <term><option>--stop-checker</option></term>
298
 
        <listitem>
299
 
          <para>
300
 
            Stop any running checker for the specified client(s).
301
 
          </para>
302
 
        </listitem>
303
 
      </varlistentry>
304
 
      
305
 
      <varlistentry>
306
 
        <term><option>--remove</option></term>
307
 
        <term><option>-r</option></term>
308
 
        <listitem>
309
 
          <para>
310
 
            Remove the specified client(s) from the server.
311
 
          </para>
312
 
        </listitem>
313
 
      </varlistentry>
314
 
      
315
 
      <varlistentry>
316
 
        <term><option>--checker
317
 
        <replaceable>COMMAND</replaceable></option></term>
318
 
        <term><option>-c
319
 
        <replaceable>COMMAND</replaceable></option></term>
320
 
        <listitem>
321
 
          <para>
322
 
            Set the <varname>checker</varname> option of the specified
323
 
            client(s); see <citerefentry><refentrytitle
324
 
            >mandos-clients.conf</refentrytitle><manvolnum
325
 
            >5</manvolnum></citerefentry>.
326
 
          </para>
327
 
        </listitem>
328
 
      </varlistentry>
329
 
      
330
 
      <varlistentry>
331
 
        <term><option>--timeout
332
 
        <replaceable>TIME</replaceable></option></term>
333
 
        <term><option>-t
334
 
        <replaceable>TIME</replaceable></option></term>
335
 
        <listitem>
336
 
          <para>
337
 
            Set the <varname>timeout</varname> option of the specified
338
 
            client(s); see <citerefentry><refentrytitle
339
 
            >mandos-clients.conf</refentrytitle><manvolnum
340
 
            >5</manvolnum></citerefentry>.
341
 
          </para>
342
 
        </listitem>
343
 
      </varlistentry>
344
 
 
345
 
      <varlistentry>
346
 
        <term><option>--extended-timeout
347
 
        <replaceable>TIME</replaceable></option></term>
348
 
        <listitem>
349
 
          <para>
350
 
            Set the <varname>extended_timeout</varname> option of the
351
 
            specified client(s); see <citerefentry><refentrytitle
352
 
            >mandos-clients.conf</refentrytitle><manvolnum
353
 
            >5</manvolnum></citerefentry>.
354
 
          </para>
355
 
        </listitem>
356
 
      </varlistentry>
357
 
      
358
 
      <varlistentry>
359
 
        <term><option>--interval
360
 
        <replaceable>TIME</replaceable></option></term>
361
 
        <term><option>-i
362
 
        <replaceable>TIME</replaceable></option></term>
363
 
        <listitem>
364
 
          <para>
365
 
            Set the <varname>interval</varname> option of the
366
 
            specified client(s); see <citerefentry><refentrytitle
367
 
            >mandos-clients.conf</refentrytitle><manvolnum
368
 
            >5</manvolnum></citerefentry>.
369
 
          </para>
370
 
        </listitem>
371
 
      </varlistentry>
372
 
      
373
 
      <varlistentry>
374
 
        <term><option>--approve-by-default</option></term>
375
 
        <term><option>--deny-by-default</option></term>
376
 
        <listitem>
377
 
          <para>
378
 
            Set the <varname>approved_by_default</varname> option of
379
 
            the specified client(s) to <literal>True</literal> or
380
 
            <literal>False</literal>, respectively; see
381
 
            <citerefentry><refentrytitle
382
 
            >mandos-clients.conf</refentrytitle><manvolnum
383
 
            >5</manvolnum></citerefentry>.
384
 
          </para>
385
 
        </listitem>
386
 
      </varlistentry>
387
 
      
388
 
      <varlistentry>
389
 
        <term><option>--approval-delay
390
 
        <replaceable>TIME</replaceable></option></term>
391
 
        <listitem>
392
 
          <para>
393
 
            Set the <varname>approval_delay</varname> option of the
394
 
            specified client(s); see <citerefentry><refentrytitle
395
 
            >mandos-clients.conf</refentrytitle><manvolnum
396
 
            >5</manvolnum></citerefentry>.
397
 
          </para>
398
 
        </listitem>
399
 
      </varlistentry>
400
 
      
401
 
      <varlistentry>
402
 
        <term><option>--approval-duration
403
 
        <replaceable>TIME</replaceable></option></term>
404
 
        <listitem>
405
 
          <para>
406
 
            Set the <varname>approval_duration</varname> option of the
407
 
            specified client(s); see <citerefentry><refentrytitle
408
 
            >mandos-clients.conf</refentrytitle><manvolnum
409
 
            >5</manvolnum></citerefentry>.
410
 
          </para>
411
 
        </listitem>
412
 
      </varlistentry>
413
 
      
414
 
      <varlistentry>
415
 
        <term><option>--host
416
 
        <replaceable>STRING</replaceable></option></term>
417
 
        <term><option>-H
418
 
        <replaceable>STRING</replaceable></option></term>
419
 
        <listitem>
420
 
          <para>
421
 
            Set the <varname>host</varname> option of the specified
422
 
            client(s); see <citerefentry><refentrytitle
423
 
            >mandos-clients.conf</refentrytitle><manvolnum
424
 
            >5</manvolnum></citerefentry>.
425
 
          </para>
426
 
        </listitem>
427
 
      </varlistentry>
428
 
      
429
 
      <varlistentry>
430
 
        <term><option>--secret
431
 
        <replaceable>FILENAME</replaceable></option></term>
432
 
        <term><option>-s
433
 
        <replaceable>FILENAME</replaceable></option></term>
434
 
        <listitem>
435
 
          <para>
436
 
            Set the <varname>secfile</varname> option of the specified
437
 
            client(s); see <citerefentry><refentrytitle
438
 
            >mandos-clients.conf</refentrytitle><manvolnum
439
 
            >5</manvolnum></citerefentry>.
440
 
          </para>
441
 
        </listitem>
442
 
      </varlistentry>
443
 
      
444
 
      <varlistentry>
445
 
        <term><option>--approve</option></term>
446
 
        <term><option>-A</option></term>
447
 
        <listitem>
448
 
          <para>
449
 
            Approve client(s) if currently waiting for approval.
450
 
          </para>
451
 
        </listitem>
452
 
      </varlistentry>
453
 
      
454
 
      <varlistentry>
455
 
        <term><option>--deny</option></term>
456
 
        <term><option>-D</option></term>
457
 
        <listitem>
458
 
          <para>
459
 
            Deny client(s) if currently waiting for approval.
460
 
          </para>
461
 
        </listitem>
462
 
      </varlistentry>
463
 
      
464
 
      <varlistentry>
465
 
        <term><option>--all</option></term>
466
 
        <term><option>-a</option></term>
467
 
        <listitem>
468
 
          <para>
469
 
            Make the client-modifying options modify <emphasis
470
 
            >all</emphasis> clients.
471
 
          </para>
472
 
        </listitem>
473
 
      </varlistentry>
474
 
      
475
 
      <varlistentry>
476
 
        <term><option>--verbose</option></term>
477
 
        <term><option>-v</option></term>
478
 
        <listitem>
479
 
          <para>
480
 
            Show all client settings, not just a subset.
481
 
          </para>
482
 
        </listitem>
483
 
      </varlistentry>
484
 
      
485
 
      <varlistentry>
486
 
        <term><option>--dump-json</option></term>
487
 
        <term><option>-j</option></term>
488
 
        <listitem>
489
 
          <para>
490
 
            Dump client settings as JSON to standard output.
491
 
          </para>
492
 
        </listitem>
493
 
      </varlistentry>
494
 
      
495
 
      <varlistentry>
496
 
        <term><option>--is-enabled</option></term>
497
 
        <term><option>-V</option></term>
498
 
        <listitem>
499
 
          <para>
500
 
            Check if a single client is enabled or not, and exit with
501
 
            a successful exit status only if the client is enabled.
502
 
          </para>
503
 
        </listitem>
504
 
      </varlistentry>
505
 
      
506
 
      <varlistentry>
507
 
        <term><option>--check</option></term>
508
 
        <listitem>
509
 
          <para>
510
 
            Run self-tests.  This includes any unit tests, etc.
511
 
          </para>
512
 
        </listitem>
513
 
      </varlistentry>
514
 
      
515
 
    </variablelist>
516
 
  </refsect1>
517
 
  
518
 
  <refsect1 id="overview">
519
 
    <title>OVERVIEW</title>
520
 
    <xi:include href="overview.xml"/>
521
 
    <para>
522
 
      This program is a small utility to generate new OpenPGP keys for
523
 
      new Mandos clients, and to generate sections for inclusion in
524
 
      <filename>clients.conf</filename> on the server.
525
 
    </para>
526
 
  </refsect1>
527
 
  
528
 
  <refsect1 id="exit_status">
529
 
    <title>EXIT STATUS</title>
530
 
    <para>
531
 
      If the <option>--is-enabled</option> option is used, the exit
532
 
      status will be 0 only if the specified client is enabled.
533
 
    </para>
534
 
  </refsect1>
535
 
  
536
 
  <refsect1 id="bugs">
537
 
    <title>BUGS</title>
538
 
    <xi:include href="bugs.xml"/>
539
 
  </refsect1>
540
 
  
541
 
  <refsect1 id="example">
542
 
    <title>EXAMPLE</title>
543
 
    <informalexample>
544
 
      <para>
545
 
        To list all clients:
546
 
      </para>
547
 
      <para>
548
 
        <userinput>&COMMANDNAME;</userinput>
549
 
      </para>
550
 
    </informalexample>
551
 
    
552
 
    <informalexample>
553
 
      <para>
554
 
        To list <emphasis>all</emphasis> settings for the clients
555
 
        named <quote>foo1.example.org</quote> and <quote
556
 
        >foo2.example.org</quote>:
557
 
      </para>
558
 
      <para>
559
 
 
560
 
<!-- do not wrap this line -->
561
 
<userinput>&COMMANDNAME; --verbose foo1.example.org foo2.example.org</userinput>
562
 
 
563
 
      </para>
564
 
    </informalexample>
565
 
    
566
 
    <informalexample>
567
 
      <para>
568
 
        To enable all clients:
569
 
      </para>
570
 
      <para>
571
 
        <userinput>&COMMANDNAME; --enable --all</userinput>
572
 
      </para>
573
 
    </informalexample>
574
 
    
575
 
    <informalexample>
576
 
      <para>
577
 
        To change timeout and interval value for the clients
578
 
        named <quote>foo1.example.org</quote> and <quote
579
 
        >foo2.example.org</quote>:
580
 
      </para>
581
 
      <para>
582
 
 
583
 
<!-- do not wrap this line -->
584
 
<userinput>&COMMANDNAME; --timeout="5m" --interval="1m" foo1.example.org foo2.example.org</userinput>
585
 
 
586
 
      </para>
587
 
    </informalexample>
588
 
    
589
 
    <informalexample>
590
 
      <para>
591
 
        To approve all clients currently waiting for it:
592
 
      </para>
593
 
      <para>
594
 
        <userinput>&COMMANDNAME; --approve --all</userinput>
595
 
      </para>
596
 
    </informalexample>
597
 
  </refsect1>
598
 
  
599
 
  <refsect1 id="security">
600
 
    <title>SECURITY</title>
601
 
    <para>
602
 
      This program must be permitted to access the Mandos server via
603
 
      the D-Bus interface.  This normally requires the root user, but
604
 
      could be configured otherwise by reconfiguring the D-Bus server.
605
 
    </para>
606
 
  </refsect1>
607
 
  
608
 
  <refsect1 id="see_also">
609
 
    <title>SEE ALSO</title>
610
 
    <para>
611
 
      <citerefentry><refentrytitle>intro</refentrytitle>
612
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
613
 
      <citerefentry><refentrytitle>mandos</refentrytitle>
614
 
      <manvolnum>8</manvolnum></citerefentry>,
615
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
616
 
      <manvolnum>5</manvolnum></citerefentry>,
617
 
      <citerefentry><refentrytitle>mandos-monitor</refentrytitle>
618
 
      <manvolnum>8</manvolnum></citerefentry>
619
 
    </para>
620
 
  </refsect1>
621
 
  
622
 
</refentry>
623
 
<!-- Local Variables: -->
624
 
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
625
 
<!-- time-stamp-end: "[\"']>" -->
626
 
<!-- time-stamp-format: "%:y-%02m-%02d" -->
627
 
<!-- End: -->