/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-07-16 00:29:19 UTC
  • Revision ID: teddy@fukt.bsnet.se-20110716002919-r77yikuiulj42o40
* initramfs-tools-script: Abort if plugin-runner is missing.  Removed
                          workaround for Debian bug #633582; the
                          workaround required getopt, which can not be
                          guaranteed.
* plugin-runner.c (main): Work around Debian bug #633582.
* plugins.d/mandos-client.c (main): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2011-10-22">
 
5
<!ENTITY TIMESTAMP "2011-02-27">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@recompile.se</email>
 
22
          <email>belorn@fukt.bsnet.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@recompile.se</email>
 
29
          <email>teddy@fukt.bsnet.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
94
94
      <arg><option>--no-dbus</option></arg>
95
95
      <sbr/>
96
96
      <arg><option>--no-ipv6</option></arg>
97
 
      <sbr/>
98
 
      <arg><option>--no-restore</option></arg>
99
97
    </cmdsynopsis>
100
98
    <cmdsynopsis>
101
99
      <command>&COMMANDNAME;</command>
119
117
    <para>
120
118
      <command>&COMMANDNAME;</command> is a server daemon which
121
119
      handles incoming request for passwords for a pre-defined list of
122
 
      client host computers. For an introduction, see
123
 
      <citerefentry><refentrytitle>intro</refentrytitle>
124
 
      <manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
125
 
      uses Zeroconf to announce itself on the local network, and uses
126
 
      TLS to communicate securely with and to authenticate the
127
 
      clients.  The Mandos server uses IPv6 to allow Mandos clients to
128
 
      use IPv6 link-local addresses, since the clients will probably
129
 
      not have any other addresses configured (see <xref
130
 
      linkend="overview"/>).  Any authenticated client is then given
131
 
      the stored pre-encrypted password for that specific client.
 
120
      client host computers.  The Mandos server uses Zeroconf to
 
121
      announce itself on the local network, and uses TLS to
 
122
      communicate securely with and to authenticate the clients.  The
 
123
      Mandos server uses IPv6 to allow Mandos clients to use IPv6
 
124
      link-local addresses, since the clients will probably not have
 
125
      any other addresses configured (see <xref linkend="overview"/>).
 
126
      Any authenticated client is then given the stored pre-encrypted
 
127
      password for that specific client.
132
128
    </para>
133
129
  </refsect1>
134
130
  
277
273
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
278
274
        </listitem>
279
275
      </varlistentry>
280
 
      
281
 
      <varlistentry>
282
 
        <term><option>--no-restore</option></term>
283
 
        <listitem>
284
 
          <xi:include href="mandos-options.xml" xpointer="restore"/>
285
 
        </listitem>
286
 
      </varlistentry>
287
276
    </variablelist>
288
277
  </refsect1>
289
278
  
363
352
      for some time, the client is assumed to be compromised and is no
364
353
      longer eligible to receive the encrypted password.  (Manual
365
354
      intervention is required to re-enable a client.)  The timeout,
366
 
      extended timeout, checker program, and interval between checks
367
 
      can be configured both globally and per client; see
368
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
355
      checker program, and interval between checks can be configured
 
356
      both globally and per client; see <citerefentry>
 
357
      <refentrytitle>mandos-clients.conf</refentrytitle>
369
358
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
370
359
      receiving its password will also be treated as a successful
371
360
      checker run.
396
385
    <title>LOGGING</title>
397
386
    <para>
398
387
      The server will send log message with various severity levels to
399
 
      <filename class="devicefile">/dev/log</filename>.  With the
 
388
      <filename>/dev/log</filename>.  With the
400
389
      <option>--debug</option> option, it will log even more messages,
401
390
      and also show them on the console.
402
391
    </para>
478
467
        </listitem>
479
468
      </varlistentry>
480
469
      <varlistentry>
481
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
470
        <term><filename>/dev/log</filename></term>
482
471
        <listitem>
483
472
          <para>
484
473
            The Unix domain socket to where local syslog messages are
518
507
      Debug mode is conflated with running in the foreground.
519
508
    </para>
520
509
    <para>
 
510
      The console log messages do not show a time stamp.
 
511
    </para>
 
512
    <para>
521
513
      This server does not check the expire time of clients’ OpenPGP
522
514
      keys.
523
515
    </para>
618
610
  <refsect1 id="see_also">
619
611
    <title>SEE ALSO</title>
620
612
    <para>
621
 
      <citerefentry><refentrytitle>intro</refentrytitle>
622
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
623
 
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
624
 
      <manvolnum>5</manvolnum></citerefentry>,
625
 
      <citerefentry><refentrytitle>mandos.conf</refentrytitle>
626
 
      <manvolnum>5</manvolnum></citerefentry>,
627
 
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
628
 
      <manvolnum>8mandos</manvolnum></citerefentry>,
629
 
      <citerefentry><refentrytitle>sh</refentrytitle>
630
 
      <manvolnum>1</manvolnum></citerefentry>
 
613
      <citerefentry>
 
614
        <refentrytitle>mandos-clients.conf</refentrytitle>
 
615
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
 
616
        <refentrytitle>mandos.conf</refentrytitle>
 
617
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
 
618
        <refentrytitle>mandos-client</refentrytitle>
 
619
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
 
620
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
 
621
      </citerefentry>
631
622
    </para>
632
623
    <variablelist>
633
624
      <varlistentry>