/mandos/trunk : revision 24.1.179

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to debian/mandos.templates

Committer: Björn Påhlsson
Date: 2011-09-18 14:28:47 UTC
mto: This revision was merged to the branch mainline in revision 497.
Revision ID: belorn@fukt.bsnet.se-20110918142847-wx9ru8lxxsc4timi

New feature:
extended timeout given once when password is sent to client

New dbus-API property (Expire):
Time and date when a client will be disabled

New dbus-API property (ExtendedTimeout):
The duration of extended timeout

Changed default values:
Timeout: Changed from 1 hour to 5 minutes
Interval: Changed from 5 minutes to 2 minutes

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.examples

debian/mandos-client.templates

debian/mandos.templates

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

initramfs-tools-conf

initramfs-tools-script-stop

initramfs-unpack

mandos-to-cryptroot-unlock

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

dbus-mandos.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

debian/mandos.templates

Template: mandos/key_id

Type: note

Description: New client option "key_id" is REQUIRED on server

A new "key_id" client option is REQUIRED in the clients.conf file, otherwise the client most likely will not reboot unattended. This option:

key_id = <HEXSTRING>

must be added in the file /etc/mandos/clients.conf, right before the "fingerprint" option, for each Mandos client. You must edit that file and add this option for all clients. To see the correct key ID for each client, run this command (on each client):

mandos-keygen -F/dev/null|grep ^key_id

Note: the client must all also be using GnuTLS 3.6.6 or later; the server cannot serve passwords for both old and new clients!

Rationale: With GnuTLS 3.6.6, Mandos has been forced to stop using OpenPGP keys as TLS session keys. A new TLS key pair will be generated on each client and will be used as identification, but the key ID of the public key needs to be added to this server, since this will now be used to identify the client to the server.

Older »