/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

• browse files at revision 24.1.117
• compare with another revision
• download diff
• download tarball
• view history from revision 24.1.117

• reverse the comparison (24.1.117 to 156)
• stop comparing with revision 156

Show diffs side-by-side

added

removed

mandos.xml

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

 

<!ENTITY VERSION "1.0">

5

4

<!ENTITY COMMANDNAME "mandos">

6

 

<!ENTITY TIMESTAMP "2008-09-04">

 

5

<!ENTITY TIMESTAMP "2008-12-28">

 

6

<!ENTITY % common SYSTEM "common.ent">

 

7

%common;

7

8

]>

8

9

 

9

10

<refentry xmlns:xi="http://www.w3.org/2001/XInclude">

10

 

  <refentryinfo>

 

11

   <refentryinfo>

11

12

    <title>Mandos Manual</title>

12

13

    <!-- NWalsh’s docbook scripts use this to generate the footer: -->

13

14

    <productname>Mandos</productname>

14

 

    <productnumber>&VERSION;</productnumber>

 

15

    <productnumber>&version;</productnumber>

15

16

    <date>&TIMESTAMP;</date>

16

17

    <authorgroup>

17

18

      <author>

36

37

    </copyright>

37

38

    <xi:include href="legalnotice.xml"/>

38

39

  </refentryinfo>

39

 

 

 

40

  

40

41

  <refmeta>

41

42

    <refentrytitle>&COMMANDNAME;</refentrytitle>

42

43

    <manvolnum>8</manvolnum>

48

49

      Gives encrypted passwords to authenticated Mandos clients

49

50

    </refpurpose>

50

51

  </refnamediv>

51

 

 

 

52

  

52

53

  <refsynopsisdiv>

53

54

    <cmdsynopsis>

54

55

      <command>&COMMANDNAME;</command>

83

84

      <replaceable>DIRECTORY</replaceable></option></arg>

84

85

      <sbr/>

85

86

      <arg><option>--debug</option></arg>

 

87

      <sbr/>

 

88

      <arg><option>--no-dbus</option></arg>

86

89

    </cmdsynopsis>

87

90

    <cmdsynopsis>

88

91

      <command>&COMMANDNAME;</command>

100

103

      <arg choice="plain"><option>--check</option></arg>

101

104

    </cmdsynopsis>

102

105

  </refsynopsisdiv>

103

 

 

 

106

  

104

107

  <refsect1 id="description">

105

108

    <title>DESCRIPTION</title>

106

109

    <para>

186

189

          <xi:include href="mandos-options.xml" xpointer="debug"/>

187

190

        </listitem>

188

191

      </varlistentry>

189

 

 

 

192

      

190

193

      <varlistentry>

191

194

        <term><option>--priority <replaceable>

192

195

        PRIORITY</replaceable></option></term>

194

197

          <xi:include href="mandos-options.xml" xpointer="priority"/>

195

198

        </listitem>

196

199

      </varlistentry>

197

 

 

 

200

      

198

201

      <varlistentry>

199

202

        <term><option>--servicename

200

203

        <replaceable>NAME</replaceable></option></term>

203

206

                      xpointer="servicename"/>

204

207

        </listitem>

205

208

      </varlistentry>

206

 

 

 

209

      

207

210

      <varlistentry>

208

211

        <term><option>--configdir

209

212

        <replaceable>DIRECTORY</replaceable></option></term>

218

221

          </para>

219

222

        </listitem>

220

223

      </varlistentry>

221

 

 

 

224

      

222

225

      <varlistentry>

223

226

        <term><option>--version</option></term>

224

227

        <listitem>

227

230

          </para>

228

231

        </listitem>

229

232

      </varlistentry>

 

233

      

 

234

      <varlistentry>

 

235

        <term><option>--no-dbus</option></term>

 

236

        <listitem>

 

237

          <xi:include href="mandos-options.xml" xpointer="dbus"/>

 

238

          <para>

 

239

            See also <xref linkend="dbus"/>.

 

240

        </listitem>

 

241

      </varlistentry>

230

242

    </variablelist>

231

243

  </refsect1>

232

 

 

 

244

  

233

245

  <refsect1 id="overview">

234

246

    <title>OVERVIEW</title>

235

247

    <xi:include href="overview.xml"/>

239

251

      <acronym>RAM</acronym> disk environment.

240

252

    </para>

241

253

  </refsect1>

242

 

 

 

254

  

243

255

  <refsect1 id="protocol">

244

256

    <title>NETWORK PROTOCOL</title>

245

257

    <para>

297

309

      </row>

298

310

    </tbody></tgroup></table>

299

311

  </refsect1>

300

 

 

 

312

  

301

313

  <refsect1 id="checking">

302

314

    <title>CHECKING</title>

303

315

    <para>

311

323

      <manvolnum>5</manvolnum></citerefentry>.

312

324

    </para>

313

325

  </refsect1>

314

 

 

 

326

  

315

327

  <refsect1 id="logging">

316

328

    <title>LOGGING</title>

317

329

    <para>

321

333

      and also show them on the console.

322

334

    </para>

323

335

  </refsect1>

 

336

  

 

337

  <refsect1 id="dbus">

 

338

    <title>D-BUS INTERFACE</title>

 

339

    <para>

 

340

      The server will by default provide a D-Bus system bus interface.

 

341

      This interface will only be accessible by the root user or a

 

342

      Mandos-specific user, if such a user exists.

 

343

      <!-- XXX -->

 

344

    </para>

 

345

  </refsect1>

324

346

 

325

347

  <refsect1 id="exit_status">

326

348

    <title>EXIT STATUS</title>

329

351

      critical error is encountered.

330

352

    </para>

331

353

  </refsect1>

332

 

 

 

354

  

333

355

  <refsect1 id="environment">

334

356

    <title>ENVIRONMENT</title>

335

357

    <variablelist>

349

371

      </varlistentry>

350

372

    </variablelist>

351

373

  </refsect1>

352

 

 

353

 

  <refsect1 id="file">

 

374

  

 

375

  <refsect1 id="files">

354

376

    <title>FILES</title>

355

377

    <para>

356

378

      Use the <option>--configdir</option> option to change where

379

401

        </listitem>

380

402

      </varlistentry>

381

403

      <varlistentry>

382

 

        <term><filename>/var/run/mandos/mandos.pid</filename></term>

 

404

        <term><filename>/var/run/mandos.pid</filename></term>

383

405

        <listitem>

384

406

          <para>

385

407

            The file containing the process id of

420

442

      Currently, if a client is declared <quote>invalid</quote> due to

421

443

      having timed out, the server does not record this fact onto

422

444

      permanent storage.  This has some security implications, see

423

 

      <xref linkend="CLIENTS"/>.

 

445

      <xref linkend="clients"/>.

424

446

    </para>

425

447

    <para>

426

448

      There is currently no way of querying the server of the current

479

501

      </para>

480

502

    </informalexample>

481

503

  </refsect1>

482

 

 

 

504

  

483

505

  <refsect1 id="security">

484

506

    <title>SECURITY</title>

485

 

    <refsect2 id="SERVER">

 

507

    <refsect2 id="server">

486

508

      <title>SERVER</title>

487

509

      <para>

488

510

        Running this <command>&COMMANDNAME;</command> server program

489

511

        should not in itself present any security risk to the host

490

 

        computer running it.  The program does not need any special

491

 

        privileges to run, and is designed to run as a non-root user.

 

512

        computer running it.  The program switches to a non-root user

 

513

        soon after startup.

492

514

      </para>

493

515

    </refsect2>

494

 

    <refsect2 id="CLIENTS">

 

516

    <refsect2 id="clients">

495

517

      <title>CLIENTS</title>

496

518

      <para>

497

519

        The server only gives out its stored data to clients which

504

526

        <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

505

527

        <manvolnum>5</manvolnum></citerefentry>)

506

528

        <emphasis>must</emphasis> be made non-readable by anyone

507

 

        except the user running the server.

 

529

        except the user starting the server (usually root).

508

530

      </para>

509

531

      <para>

510

532

        As detailed in <xref linkend="checking"/>, the status of all

529

551

      </para>

530

552

      <para>

531

553

        For more details on client-side security, see

532

 

        <citerefentry><refentrytitle>password-request</refentrytitle>

 

554

        <citerefentry><refentrytitle>mandos-client</refentrytitle>

533

555

        <manvolnum>8mandos</manvolnum></citerefentry>.

534

556

      </para>

535

557

    </refsect2>

536

558

  </refsect1>

537

 

 

 

559

  

538

560

  <refsect1 id="see_also">

539

561

    <title>SEE ALSO</title>

540

562

    <para>

543

565

        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>

544

566

        <refentrytitle>mandos.conf</refentrytitle>

545

567

        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>

546

 

        <refentrytitle>password-request</refentrytitle>

 

568

        <refentrytitle>mandos-client</refentrytitle>

547

569

        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>

548

570

        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>

549

571

      </citerefentry>

• Older »

Loggerhead is a web-based interface for Breezy
Version: 2.0.2.dev0