/mandos/trunk : revision 541

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.conf.xml

Committer: Teddy Hogeborn
Date: 2011-12-31 20:07:11 UTC
mfrom: (535.1.9 wireless-network-hook)
Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r

Merge new wireless network hook. Fix bridge network hook to use
hardware addresses instead of interface names. Implement and document
new "CONNECT" environment variable for network hooks.

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/watch

default-mandos

init.d-mandos

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos.conf.xml

<?xml version='1.0' encoding='UTF-8'?>

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY CONFNAME "mandos.conf">

<!ENTITY CONFPATH "<filename>/etc/mandos/mandos.conf</filename>">

<!ENTITY TIMESTAMP "2008-08-29">

<!ENTITY TIMESTAMP "2011-11-26">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&CONFNAME;</refentrytitle>

Configuration file for the Mandos server

</refpurpose>

</refnamediv>

&CONFPATH;

</synopsis>

<synopsis>&CONFPATH;</synopsis>

</refsynopsisdiv>

<title>DESCRIPTION</title>

<para>

<quote>#</quote> or <quote>;</quote> are ignored and may be used

to provide comments.

</para>

</refsect1>

100

101

<title>OPTIONS</title>

102

103

104

105

<term><varname>interface</varname></term>

<term><option>interface<literal> = </literal><replaceable

>NAME</replaceable></option></term>

106

107

<synopsis><literal>interface = </literal><replaceable

108

>NAME</replaceable>

109

</synopsis>

110

<xi:include href="mandos-options.xml" xpointer="interface"/>

111

</listitem>

112

</varlistentry>

113

114

115

<term><varname>address</varname></term>

<term><option>address<literal> = </literal><replaceable

>ADDRESS</replaceable></option></term>

116

117

<synopsis><literal>address = </literal><replaceable

118

>ADDRESS</replaceable>

119

</synopsis>

120

<xi:include href="mandos-options.xml" xpointer="address"/>

121

</listitem>

122

</varlistentry>

123

124

125

100

<term><option>port<literal> = </literal><replaceable

101

>NUMBER</replaceable></option></term>

126

102

127

<synopsis><literal>port = </literal><replaceable

128

>NUMBER</replaceable>

129

</synopsis>

130

103

<xi:include href="mandos-options.xml" xpointer="port"/>

131

104

</listitem>

132

105

</varlistentry>

133

106

134

107

135

<term><varname>debug</varname></term>

136

137

<synopsis><literal>debug = </literal>{ <literal

108

<term><option>debug<literal> = </literal>{ <literal

138

109

>1</literal> | <literal>yes</literal> | <literal

139

110

>true</literal> | <literal>on</literal> | <literal

140

111

>0</literal> | <literal>no</literal> | <literal

141

>false</literal> | <literal>off</literal> }

142

</synopsis>

112

>false</literal> | <literal>off</literal> }</option></term>

113

143

114

<xi:include href="mandos-options.xml" xpointer="debug"/>

144

115

</listitem>

145

116

</varlistentry>

146

117

147

118

148

<term><varname>priority</varname></term>

119

<term><option>priority<literal> = </literal><replaceable

120

>STRING</replaceable></option></term>

149

121

150

<synopsis><literal>priority = </literal><replaceable

151

>STRING</replaceable>

152

</synopsis>

153

122

<xi:include href="mandos-options.xml" xpointer="priority"/>

154

123

</listitem>

155

124

</varlistentry>

156

125

157

126

158

<term><varname>servicename</varname></term>

127

<term><option>servicename<literal> = </literal

128

><replaceable>NAME</replaceable></option></term>

159

129

160

<synopsis><literal>servicename = </literal><replaceable

161

>NAME</replaceable>

162

</synopsis>

163

130

<xi:include href="mandos-options.xml"

164

131

xpointer="servicename"/>

165

132

</listitem>

166

133

</varlistentry>

167

134

135

136

<term><option>use_dbus<literal> = </literal>{ <literal

137

>1</literal> | <literal>yes</literal> | <literal

138

>true</literal> | <literal>on</literal> | <literal

139

>0</literal> | <literal>no</literal> | <literal

140

>false</literal> | <literal>off</literal> }</option></term>

141

142

<xi:include href="mandos-options.xml" xpointer="dbus"/>

143

</listitem>

144

</varlistentry>

145

146

147

<term><option>use_ipv6<literal> = </literal>{ <literal

148

>1</literal> | <literal>yes</literal> | <literal

149

>true</literal> | <literal>on</literal> | <literal

150

>0</literal> | <literal>no</literal> | <literal

151

>false</literal> | <literal>off</literal> }</option></term>

152

153

<xi:include href="mandos-options.xml" xpointer="ipv6"/>

154

</listitem>

155

</varlistentry>

156

157

158

<term><option>restore<literal> = </literal>{ <literal

159

>1</literal> | <literal>yes</literal> | <literal

160

>true</literal> | <literal>on</literal> | <literal

161

>0</literal> | <literal>no</literal> | <literal

162

>false</literal> | <literal>off</literal> }</option></term>

163

164

<xi:include href="mandos-options.xml" xpointer="restore"/>

165

</listitem>

166

</varlistentry>

167

168

169

<term><option>statedir<literal> = </literal><replaceable

170

>DIRECTORY</replaceable></option></term>

171

172

<xi:include href="mandos-options.xml" xpointer="statedir"/>

173

</listitem>

174

</varlistentry>

175

168

176

</variablelist>

169

177

</refsect1>

170

178

180

188

<para>

181

189

The <literal>[DEFAULT]</literal> is necessary because the Python

182

190

built-in module <systemitem class="library">ConfigParser</systemitem>

183

requres it.

191

requires it.

184

192

</para>

185

193

</refsect1>

186

194

202

210

[DEFAULT]

203

211

# A configuration example

204

212

interface = eth0

205

address = 2001:db8:f983:bd0b:30de:ae4a:71f2:f672

213

address = fe80::aede:48ff:fe71:f6f2

206

214

port = 1025

207

215

debug = true

208

216

priority = SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP

209

217

servicename = Daena

218

use_dbus = False

219

use_ipv6 = True

220

restore = True

221

statedir = /var/lib/mandos

210

222

</programlisting>

211

223

</informalexample>

212

224

</refsect1>

214

226

215

227

216

228

<para>

229

<citerefentry><refentrytitle>intro</refentrytitle>

230

<manvolnum>8mandos</manvolnum></citerefentry>,

217

231

<citerefentry><refentrytitle>gnutls_priority_init</refentrytitle

218

232

><manvolnum>3</manvolnum></citerefentry>,

219

233

<citerefentry><refentrytitle>mandos</refentrytitle>

221

235

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

222

236

223

237

</para>

224

238

225

239

226

240

227

241

<term>

247

261

<para>

248

262

The clients use IPv6 link-local addresses, which are

249

263

immediately usable since a link-local addresses is

250

automatically assigned to a network interfaces when it

264

automatically assigned to a network interface when it

251

265

is brought up.

252

266

</para>

253

267

</listitem>

Older »