/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2009-01-04 21:26:57 UTC
  • Revision ID: teddy@fukt.bsnet.se-20090104212657-cl3kz35co2v3g3eo
* mandos (MandosServer.Quit): New.

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos">
6
 
<!ENTITY TIMESTAMP "2008-09-04">
 
5
<!ENTITY TIMESTAMP "2009-01-04">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
 
  <refentryinfo>
 
11
   <refentryinfo>
11
12
    <title>Mandos Manual</title>
12
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
    <productname>Mandos</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
15
    <productnumber>&version;</productnumber>
15
16
    <date>&TIMESTAMP;</date>
16
17
    <authorgroup>
17
18
      <author>
36
37
    </copyright>
37
38
    <xi:include href="legalnotice.xml"/>
38
39
  </refentryinfo>
39
 
 
 
40
  
40
41
  <refmeta>
41
42
    <refentrytitle>&COMMANDNAME;</refentrytitle>
42
43
    <manvolnum>8</manvolnum>
48
49
      Gives encrypted passwords to authenticated Mandos clients
49
50
    </refpurpose>
50
51
  </refnamediv>
51
 
 
 
52
  
52
53
  <refsynopsisdiv>
53
54
    <cmdsynopsis>
54
55
      <command>&COMMANDNAME;</command>
83
84
      <replaceable>DIRECTORY</replaceable></option></arg>
84
85
      <sbr/>
85
86
      <arg><option>--debug</option></arg>
 
87
      <sbr/>
 
88
      <arg><option>--no-dbus</option></arg>
86
89
    </cmdsynopsis>
87
90
    <cmdsynopsis>
88
91
      <command>&COMMANDNAME;</command>
100
103
      <arg choice="plain"><option>--check</option></arg>
101
104
    </cmdsynopsis>
102
105
  </refsynopsisdiv>
103
 
 
 
106
  
104
107
  <refsect1 id="description">
105
108
    <title>DESCRIPTION</title>
106
109
    <para>
186
189
          <xi:include href="mandos-options.xml" xpointer="debug"/>
187
190
        </listitem>
188
191
      </varlistentry>
189
 
 
 
192
      
190
193
      <varlistentry>
191
194
        <term><option>--priority <replaceable>
192
195
        PRIORITY</replaceable></option></term>
194
197
          <xi:include href="mandos-options.xml" xpointer="priority"/>
195
198
        </listitem>
196
199
      </varlistentry>
197
 
 
 
200
      
198
201
      <varlistentry>
199
202
        <term><option>--servicename
200
203
        <replaceable>NAME</replaceable></option></term>
203
206
                      xpointer="servicename"/>
204
207
        </listitem>
205
208
      </varlistentry>
206
 
 
 
209
      
207
210
      <varlistentry>
208
211
        <term><option>--configdir
209
212
        <replaceable>DIRECTORY</replaceable></option></term>
218
221
          </para>
219
222
        </listitem>
220
223
      </varlistentry>
221
 
 
 
224
      
222
225
      <varlistentry>
223
226
        <term><option>--version</option></term>
224
227
        <listitem>
227
230
          </para>
228
231
        </listitem>
229
232
      </varlistentry>
 
233
      
 
234
      <varlistentry>
 
235
        <term><option>--no-dbus</option></term>
 
236
        <listitem>
 
237
          <xi:include href="mandos-options.xml" xpointer="dbus"/>
 
238
          <para>
 
239
            See also <xref linkend="dbus_interface"/>.
 
240
          </para>
 
241
        </listitem>
 
242
      </varlistentry>
230
243
    </variablelist>
231
244
  </refsect1>
232
 
 
 
245
  
233
246
  <refsect1 id="overview">
234
247
    <title>OVERVIEW</title>
235
248
    <xi:include href="overview.xml"/>
239
252
      <acronym>RAM</acronym> disk environment.
240
253
    </para>
241
254
  </refsect1>
242
 
 
 
255
  
243
256
  <refsect1 id="protocol">
244
257
    <title>NETWORK PROTOCOL</title>
245
258
    <para>
297
310
      </row>
298
311
    </tbody></tgroup></table>
299
312
  </refsect1>
300
 
 
 
313
  
301
314
  <refsect1 id="checking">
302
315
    <title>CHECKING</title>
303
316
    <para>
311
324
      <manvolnum>5</manvolnum></citerefentry>.
312
325
    </para>
313
326
  </refsect1>
314
 
 
 
327
  
315
328
  <refsect1 id="logging">
316
329
    <title>LOGGING</title>
317
330
    <para>
321
334
      and also show them on the console.
322
335
    </para>
323
336
  </refsect1>
 
337
  
 
338
  <refsect1 id="dbus_interface">
 
339
    <title>D-BUS INTERFACE</title>
 
340
    <para>
 
341
      The server will by default provide a D-Bus system bus interface.
 
342
      This interface will only be accessible by the root user or a
 
343
      Mandos-specific user, if such a user exists.
 
344
      <!-- XXX -->
 
345
    </para>
 
346
  </refsect1>
324
347
 
325
348
  <refsect1 id="exit_status">
326
349
    <title>EXIT STATUS</title>
329
352
      critical error is encountered.
330
353
    </para>
331
354
  </refsect1>
332
 
 
 
355
  
333
356
  <refsect1 id="environment">
334
357
    <title>ENVIRONMENT</title>
335
358
    <variablelist>
349
372
      </varlistentry>
350
373
    </variablelist>
351
374
  </refsect1>
352
 
 
353
 
  <refsect1 id="file">
 
375
  
 
376
  <refsect1 id="files">
354
377
    <title>FILES</title>
355
378
    <para>
356
379
      Use the <option>--configdir</option> option to change where
379
402
        </listitem>
380
403
      </varlistentry>
381
404
      <varlistentry>
382
 
        <term><filename>/var/run/mandos/mandos.pid</filename></term>
 
405
        <term><filename>/var/run/mandos.pid</filename></term>
383
406
        <listitem>
384
407
          <para>
385
408
            The file containing the process id of
420
443
      Currently, if a client is declared <quote>invalid</quote> due to
421
444
      having timed out, the server does not record this fact onto
422
445
      permanent storage.  This has some security implications, see
423
 
      <xref linkend="CLIENTS"/>.
 
446
      <xref linkend="clients"/>.
424
447
    </para>
425
448
    <para>
426
449
      There is currently no way of querying the server of the current
479
502
      </para>
480
503
    </informalexample>
481
504
  </refsect1>
482
 
 
 
505
  
483
506
  <refsect1 id="security">
484
507
    <title>SECURITY</title>
485
 
    <refsect2 id="SERVER">
 
508
    <refsect2 id="server">
486
509
      <title>SERVER</title>
487
510
      <para>
488
511
        Running this <command>&COMMANDNAME;</command> server program
489
512
        should not in itself present any security risk to the host
490
 
        computer running it.  The program does not need any special
491
 
        privileges to run, and is designed to run as a non-root user.
 
513
        computer running it.  The program switches to a non-root user
 
514
        soon after startup.
492
515
      </para>
493
516
    </refsect2>
494
 
    <refsect2 id="CLIENTS">
 
517
    <refsect2 id="clients">
495
518
      <title>CLIENTS</title>
496
519
      <para>
497
520
        The server only gives out its stored data to clients which
504
527
        <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
505
528
        <manvolnum>5</manvolnum></citerefentry>)
506
529
        <emphasis>must</emphasis> be made non-readable by anyone
507
 
        except the user running the server.
 
530
        except the user starting the server (usually root).
508
531
      </para>
509
532
      <para>
510
533
        As detailed in <xref linkend="checking"/>, the status of all
529
552
      </para>
530
553
      <para>
531
554
        For more details on client-side security, see
532
 
        <citerefentry><refentrytitle>password-request</refentrytitle>
 
555
        <citerefentry><refentrytitle>mandos-client</refentrytitle>
533
556
        <manvolnum>8mandos</manvolnum></citerefentry>.
534
557
      </para>
535
558
    </refsect2>
536
559
  </refsect1>
537
 
 
 
560
  
538
561
  <refsect1 id="see_also">
539
562
    <title>SEE ALSO</title>
540
563
    <para>
543
566
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
544
567
        <refentrytitle>mandos.conf</refentrytitle>
545
568
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
546
 
        <refentrytitle>password-request</refentrytitle>
 
569
        <refentrytitle>mandos-client</refentrytitle>
547
570
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
548
571
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
549
572
      </citerefentry>