/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2015-01-25">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
38
      <holder>Teddy Hogeborn</holder>
41
39
      <holder>Björn Påhlsson</holder>
42
40
    </copyright>
101
99
      <sbr/>
102
100
      <arg><option>--statedir
103
101
      <replaceable>DIRECTORY</replaceable></option></arg>
104
 
      <sbr/>
105
 
      <arg><option>--socket
106
 
      <replaceable>FD</replaceable></option></arg>
107
 
      <sbr/>
108
 
      <arg><option>--foreground</option></arg>
109
 
      <sbr/>
110
 
      <arg><option>--no-zeroconf</option></arg>
111
102
    </cmdsynopsis>
112
103
    <cmdsynopsis>
113
104
      <command>&COMMANDNAME;</command>
236
227
        <term><option>--priority <replaceable>
237
228
        PRIORITY</replaceable></option></term>
238
229
        <listitem>
239
 
          <xi:include href="mandos-options.xml"
240
 
                      xpointer="priority_compat"/>
 
230
          <xi:include href="mandos-options.xml" xpointer="priority"/>
241
231
        </listitem>
242
232
      </varlistentry>
243
233
      
295
285
        <term><option>--no-restore</option></term>
296
286
        <listitem>
297
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
298
 
          <para>
299
 
            See also <xref linkend="persistent_state"/>.
300
 
          </para>
301
288
        </listitem>
302
289
      </varlistentry>
303
290
      
308
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
309
296
        </listitem>
310
297
      </varlistentry>
311
 
      
312
 
      <varlistentry>
313
 
        <term><option>--socket
314
 
        <replaceable>FD</replaceable></option></term>
315
 
        <listitem>
316
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
317
 
        </listitem>
318
 
      </varlistentry>
319
 
      
320
 
      <varlistentry>
321
 
        <term><option>--foreground</option></term>
322
 
        <listitem>
323
 
          <xi:include href="mandos-options.xml"
324
 
                      xpointer="foreground"/>
325
 
        </listitem>
326
 
      </varlistentry>
327
 
      
328
 
      <varlistentry>
329
 
        <term><option>--no-zeroconf</option></term>
330
 
        <listitem>
331
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
332
 
        </listitem>
333
 
      </varlistentry>
334
 
      
335
298
    </variablelist>
336
299
  </refsect1>
337
300
  
414
377
      extended timeout, checker program, and interval between checks
415
378
      can be configured both globally and per client; see
416
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
417
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
418
383
    </para>
419
384
  </refsect1>
420
385
  
448
413
    </para>
449
414
  </refsect1>
450
415
  
451
 
  <refsect1 id="persistent_state">
452
 
    <title>PERSISTENT STATE</title>
453
 
    <para>
454
 
      Client settings, initially read from
455
 
      <filename>clients.conf</filename>, are persistent across
456
 
      restarts, and run-time changes will override settings in
457
 
      <filename>clients.conf</filename>.  However, if a setting is
458
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
459
 
      <filename>clients.conf</filename>, this will take precedence.
460
 
    </para>
461
 
  </refsect1>
462
 
  
463
416
  <refsect1 id="dbus_interface">
464
417
    <title>D-BUS INTERFACE</title>
465
418
    <para>
527
480
        </listitem>
528
481
      </varlistentry>
529
482
      <varlistentry>
530
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
531
484
        <listitem>
532
485
          <para>
533
486
            The file containing the process id of the
534
487
            <command>&COMMANDNAME;</command> process started last.
535
 
            <emphasis >Note:</emphasis> If the <filename
536
 
            class="directory">/run</filename> directory does not
537
 
            exist, <filename>/var/run/mandos.pid</filename> will be
538
 
            used instead.
539
488
          </para>
540
489
        </listitem>
541
490
      </varlistentry>
586
535
      There is no fine-grained control over logging and debug output.
587
536
    </para>
588
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
589
541
      This server does not check the expire time of clients’ OpenPGP
590
542
      keys.
591
543
    </para>
707
659
      </varlistentry>
708
660
      <varlistentry>
709
661
        <term>
710
 
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
711
664
        </term>
712
665
      <listitem>
713
666
        <para>
751
704
      </varlistentry>
752
705
      <varlistentry>
753
706
        <term>
754
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
755
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
756
709
        </term>
757
710
      <listitem>
758
711
        <para>
759
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
760
713
        </para>
761
714
      </listitem>
762
715
      </varlistentry>
772
725
      </varlistentry>
773
726
      <varlistentry>
774
727
        <term>
775
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
776
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
777
730
        </term>
778
731
      <listitem>
779
732
        <para>