/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to INSTALL

Committer: Teddy Hogeborn
Date: 2009-01-13 01:36:46 UTC
Revision ID: teddy@fukt.bsnet.se-20090113013646-1u21ie2oaotcekdz

* plugin-runner.c (main): Use "sscanf" instead of "strtol"; using the
                          correct type instead of casting.
* plugins.d/mandos-cliend.c (main): Detect an empty string when
                                    parsing DH bits and port number.
* plugins.d/splashy.c (main): Use "sscanf" instead of "strtoul"; using
                              the correct type instead of casting.
* plugins.d/usplash.c (main): - '' -

files added:
NEWS

common.ent

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos.README.Debian

debian/mandos.docs

debian/mandos.postinst

debian/mandos.prerm

debian/po

mandos-list

mandos.lsm

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
etc-plugins.d-README

plugins.d/usplash

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/rules

init.d-mandos

initramfs-tools-hook

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

97

97

and append this to the file "/etc/mandos/clients.conf" *on the

98

98

server computer*.

99

99

100

4. On the server computer, start the server by running the command

100

4. Configure the client to use the correct network interface. The

101

default is "eth0", and if this needs to be adjusted, it will be

102

necessary to edit /etc/mandos/plugin-runner.conf to uncomment and

103

change the line there. If that file is changed, the initrd.img

104

file must be updated, possibly using the following command:

105

106

# update-initramfs -k all -u

107

108

5. On the server computer, start the server by running the command

101

109

For Debian: su -c 'invoke-rc.d mandos start'

102

110

For Ubuntu: sudo invoke-rc.d mandos start

103

111

112

At this point, it is possible to verify that the correct password

113

will be received by the client by running the command:

114

115

# /usr/lib/mandos/plugins.d/mandos-client \

116

--pubkey=/etc/keys/mandos/pubkey.txt \

117

--seckey=/etc/keys/mandos/seckey.txt; echo

118

119

This command should retrieve the password from the server,

120

decrypt it, and output it to standard output.

121

104

122

After this, the client computer should be able to reboot without

105

123

needing a password entered on the console, as long as it does not

106

124

take more than an hour to reboot.

109

127

110

128

You may want to tighten or loosen the timeouts in the server

111

129

configuration files; see mandos.conf(5) and mandos-clients.conf(5).

112

Is IPsec is not used, it is suggested that a more cryptographically

130

If IPsec is not used, it is suggested that a more cryptographically

113

131

secure checker program is used and configured, since without IPsec

114

132

ping packets can be faked.

Older »