/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Björn Påhlsson
  • Date: 2011-11-24 19:27:53 UTC
  • mto: (518.2.5 persistent-state-gpgme)
  • mto: This revision was merged to the branch mainline in revision 524.
  • Revision ID: belorn@fukt.bsnet.se-20111124192753-y5jxlc1h3tcxpubc
First run of python-lint. Fixed some *obviously* bad code and turned
them into good code.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2010-09-26">
 
5
<!ENTITY TIMESTAMP "2011-10-22">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
19
19
        <firstname>Björn</firstname>
20
20
        <surname>Påhlsson</surname>
21
21
        <address>
22
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
23
23
        </address>
24
24
      </author>
25
25
      <author>
26
26
        <firstname>Teddy</firstname>
27
27
        <surname>Hogeborn</surname>
28
28
        <address>
29
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
30
30
        </address>
31
31
      </author>
32
32
    </authorgroup>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
 
37
      <year>2011</year>
37
38
      <holder>Teddy Hogeborn</holder>
38
39
      <holder>Björn Påhlsson</holder>
39
40
    </copyright>
87
88
      <sbr/>
88
89
      <arg><option>--debug</option></arg>
89
90
      <sbr/>
 
91
      <arg><option>--debuglevel
 
92
      <replaceable>LEVEL</replaceable></option></arg>
 
93
      <sbr/>
90
94
      <arg><option>--no-dbus</option></arg>
91
95
      <sbr/>
92
96
      <arg><option>--no-ipv6</option></arg>
 
97
      <sbr/>
 
98
      <arg><option>--no-restore</option></arg>
93
99
    </cmdsynopsis>
94
100
    <cmdsynopsis>
95
101
      <command>&COMMANDNAME;</command>
113
119
    <para>
114
120
      <command>&COMMANDNAME;</command> is a server daemon which
115
121
      handles incoming request for passwords for a pre-defined list of
116
 
      client host computers.  The Mandos server uses Zeroconf to
117
 
      announce itself on the local network, and uses TLS to
118
 
      communicate securely with and to authenticate the clients.  The
119
 
      Mandos server uses IPv6 to allow Mandos clients to use IPv6
120
 
      link-local addresses, since the clients will probably not have
121
 
      any other addresses configured (see <xref linkend="overview"/>).
122
 
      Any authenticated client is then given the stored pre-encrypted
123
 
      password for that specific client.
 
122
      client host computers. For an introduction, see
 
123
      <citerefentry><refentrytitle>intro</refentrytitle>
 
124
      <manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
 
125
      uses Zeroconf to announce itself on the local network, and uses
 
126
      TLS to communicate securely with and to authenticate the
 
127
      clients.  The Mandos server uses IPv6 to allow Mandos clients to
 
128
      use IPv6 link-local addresses, since the clients will probably
 
129
      not have any other addresses configured (see <xref
 
130
      linkend="overview"/>).  Any authenticated client is then given
 
131
      the stored pre-encrypted password for that specific client.
124
132
    </para>
125
133
  </refsect1>
126
134
  
195
203
      </varlistentry>
196
204
      
197
205
      <varlistentry>
 
206
        <term><option>--debuglevel
 
207
        <replaceable>LEVEL</replaceable></option></term>
 
208
        <listitem>
 
209
          <para>
 
210
            Set the debugging log level.
 
211
            <replaceable>LEVEL</replaceable> is a string, one of
 
212
            <quote><literal>CRITICAL</literal></quote>,
 
213
            <quote><literal>ERROR</literal></quote>,
 
214
            <quote><literal>WARNING</literal></quote>,
 
215
            <quote><literal>INFO</literal></quote>, or
 
216
            <quote><literal>DEBUG</literal></quote>, in order of
 
217
            increasing verbosity.  The default level is
 
218
            <quote><literal>WARNING</literal></quote>.
 
219
          </para>
 
220
        </listitem>
 
221
      </varlistentry>
 
222
      
 
223
      <varlistentry>
198
224
        <term><option>--priority <replaceable>
199
225
        PRIORITY</replaceable></option></term>
200
226
        <listitem>
251
277
          <xi:include href="mandos-options.xml" xpointer="ipv6"/>
252
278
        </listitem>
253
279
      </varlistentry>
 
280
      
 
281
      <varlistentry>
 
282
        <term><option>--no-restore</option></term>
 
283
        <listitem>
 
284
          <xi:include href="mandos-options.xml" xpointer="restore"/>
 
285
        </listitem>
 
286
      </varlistentry>
254
287
    </variablelist>
255
288
  </refsect1>
256
289
  
330
363
      for some time, the client is assumed to be compromised and is no
331
364
      longer eligible to receive the encrypted password.  (Manual
332
365
      intervention is required to re-enable a client.)  The timeout,
333
 
      checker program, and interval between checks can be configured
334
 
      both globally and per client; see <citerefentry>
335
 
      <refentrytitle>mandos-clients.conf</refentrytitle>
 
366
      extended timeout, checker program, and interval between checks
 
367
      can be configured both globally and per client; see
 
368
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
336
369
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
337
370
      receiving its password will also be treated as a successful
338
371
      checker run.
485
518
      Debug mode is conflated with running in the foreground.
486
519
    </para>
487
520
    <para>
488
 
      The console log messages do not show a time stamp.
489
 
    </para>
490
 
    <para>
491
521
      This server does not check the expire time of clients’ OpenPGP
492
522
      keys.
493
523
    </para>
588
618
  <refsect1 id="see_also">
589
619
    <title>SEE ALSO</title>
590
620
    <para>
591
 
      <citerefentry>
592
 
        <refentrytitle>mandos-clients.conf</refentrytitle>
593
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
594
 
        <refentrytitle>mandos.conf</refentrytitle>
595
 
        <manvolnum>5</manvolnum></citerefentry>, <citerefentry>
596
 
        <refentrytitle>mandos-client</refentrytitle>
597
 
        <manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
598
 
        <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
599
 
      </citerefentry>
 
621
      <citerefentry><refentrytitle>intro</refentrytitle>
 
622
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
623
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
624
      <manvolnum>5</manvolnum></citerefentry>,
 
625
      <citerefentry><refentrytitle>mandos.conf</refentrytitle>
 
626
      <manvolnum>5</manvolnum></citerefentry>,
 
627
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
628
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
629
      <citerefentry><refentrytitle>sh</refentrytitle>
 
630
      <manvolnum>1</manvolnum></citerefentry>
600
631
    </para>
601
632
    <variablelist>
602
633
      <varlistentry>