40
40
+ GnuTLS 2.4 http://www.gnu.org/software/gnutls/
41
41
+ Avahi 0.6.16 http://www.avahi.org/
42
+ Python 2.4 http://www.python.org/
42
+ Python 2.5 http://www.python.org/
43
43
+ Python-GnuTLS 1.1.5 http://pypi.python.org/pypi/python-gnutls/
44
44
+ dbus-python 0.82.4 http://dbus.freedesktop.org/doc/dbus-python/
45
45
+ python-ctypes 1.0.0 http://pypi.python.org/pypi/ctypes
46
+ PyGObject 2.14.2 http://library.gnome.org/devel/pygobject/
47
48
Strongly recommended:
48
49
+ fping 2.4b2-to-ipv6 http://www.fping.com/
51
52
python-gnutls avahi-daemon python python-avahi python-dbus
53
python-ctypes python-gobject
55
56
+ initramfs-tools 0.85i
97
98
and append this to the file "/etc/mandos/clients.conf" *on the
100
4. On the server computer, start the server by running the command
101
4. Configure the client to use the correct network interface. The
102
default is "eth0", and if this needs to be adjusted, it will be
103
necessary to edit /etc/mandos/plugin-runner.conf to uncomment and
104
change the line there. If that file is changed, the initrd.img
105
file must be updated, possibly using the following command:
107
# update-initramfs -k all -u
109
5. On the server computer, start the server by running the command
101
110
For Debian: su -c 'invoke-rc.d mandos start'
102
111
For Ubuntu: sudo invoke-rc.d mandos start
113
At this point, it is possible to verify that the correct password
114
will be received by the client by running the command:
116
# /usr/lib/mandos/plugins.d/mandos-client \
117
--pubkey=/etc/keys/mandos/pubkey.txt \
118
--seckey=/etc/keys/mandos/seckey.txt; echo
120
This command should retrieve the password from the server,
121
decrypt it, and output it to standard output.
104
123
After this, the client computer should be able to reboot without
105
124
needing a password entered on the console, as long as it does not
106
125
take more than an hour to reboot.
110
129
You may want to tighten or loosen the timeouts in the server
111
130
configuration files; see mandos.conf(5) and mandos-clients.conf(5).
112
Is IPsec is not used, it is suggested that a more cryptographically
131
If IPsec is not used, it is suggested that a more cryptographically
113
132
secure checker program is used and configured, since without IPsec
114
133
ping packets can be faked.