/mandos/trunk : revision 305

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to INSTALL

Committer: Teddy Hogeborn
Date: 2009-02-09 02:13:58 UTC
Revision ID: teddy@fukt.bsnet.se-20090209021358-6nrlc91oi08hn5hb

* initramfs-tools-hook: Whitespace change only.

files added:
NEWS

debian/watch

mandos-ctl

mandos.lsm

plugins.d/askpass-fifo.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

initramfs-tools-hook

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/splashy.c

plugins.d/usplash.c

Show diffs side-by-side

added added

removed removed

INSTALL

+ Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/

+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/

+ python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes

+ PyGObject 2.14.2 http://library.gnome.org/devel/pygobject/

Strongly recommended:

+ fping 2.4b2-to-ipv6 http://www.fping.com/

Package names:

python-gnutls avahi-daemon python python-avahi python-dbus

python-ctypes

python-ctypes python-gobject

*** Mandos Client

+ initramfs-tools 0.85i

and append this to the file "/etc/mandos/clients.conf" *on the

server computer*.

100

4. On the server computer, start the server by running the command

101

4. Configure the client to use the correct network interface. The

102

default is "eth0", and if this needs to be adjusted, it will be

103

necessary to edit /etc/mandos/plugin-runner.conf to uncomment and

104

change the line there. If that file is changed, the initrd.img

105

file must be updated, possibly using the following command:

106

107

# update-initramfs -k all -u

108

109

5. On the server computer, start the server by running the command

101

110

For Debian: su -c 'invoke-rc.d mandos start'

102

111

For Ubuntu: sudo invoke-rc.d mandos start

103

112

113

At this point, it is possible to verify that the correct password

114

will be received by the client by running the command:

115

116

# /usr/lib/mandos/plugins.d/mandos-client \

117

--pubkey=/etc/keys/mandos/pubkey.txt \

118

--seckey=/etc/keys/mandos/seckey.txt; echo

119

120

This command should retrieve the password from the server,

121

decrypt it, and output it to standard output.

122

104

123

After this, the client computer should be able to reboot without

105

124

needing a password entered on the console, as long as it does not

106

125

take more than an hour to reboot.

109

128

110

129

You may want to tighten or loosen the timeouts in the server

111

130

configuration files; see mandos.conf(5) and mandos-clients.conf(5).

112

Is IPsec is not used, it is suggested that a more cryptographically

131

If IPsec is not used, it is suggested that a more cryptographically

113

132

secure checker program is used and configured, since without IPsec

114

133

ping packets can be faked.

Older »