/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2015-07-20">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
38
      <holder>Teddy Hogeborn</holder>
41
39
      <holder>Björn Påhlsson</holder>
42
40
    </copyright>
101
99
      <sbr/>
102
100
      <arg><option>--statedir
103
101
      <replaceable>DIRECTORY</replaceable></option></arg>
104
 
      <sbr/>
105
 
      <arg><option>--socket
106
 
      <replaceable>FD</replaceable></option></arg>
107
 
      <sbr/>
108
 
      <arg><option>--foreground</option></arg>
109
 
      <sbr/>
110
 
      <arg><option>--no-zeroconf</option></arg>
111
102
    </cmdsynopsis>
112
103
    <cmdsynopsis>
113
104
      <command>&COMMANDNAME;</command>
294
285
        <term><option>--no-restore</option></term>
295
286
        <listitem>
296
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
297
 
          <para>
298
 
            See also <xref linkend="persistent_state"/>.
299
 
          </para>
300
288
        </listitem>
301
289
      </varlistentry>
302
290
      
307
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
308
296
        </listitem>
309
297
      </varlistentry>
310
 
      
311
 
      <varlistentry>
312
 
        <term><option>--socket
313
 
        <replaceable>FD</replaceable></option></term>
314
 
        <listitem>
315
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
316
 
        </listitem>
317
 
      </varlistentry>
318
 
      
319
 
      <varlistentry>
320
 
        <term><option>--foreground</option></term>
321
 
        <listitem>
322
 
          <xi:include href="mandos-options.xml"
323
 
                      xpointer="foreground"/>
324
 
        </listitem>
325
 
      </varlistentry>
326
 
      
327
 
      <varlistentry>
328
 
        <term><option>--no-zeroconf</option></term>
329
 
        <listitem>
330
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
331
 
        </listitem>
332
 
      </varlistentry>
333
 
      
334
298
    </variablelist>
335
299
  </refsect1>
336
300
  
413
377
      extended timeout, checker program, and interval between checks
414
378
      can be configured both globally and per client; see
415
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
416
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
417
383
    </para>
418
384
  </refsect1>
419
385
  
447
413
    </para>
448
414
  </refsect1>
449
415
  
450
 
  <refsect1 id="persistent_state">
451
 
    <title>PERSISTENT STATE</title>
452
 
    <para>
453
 
      Client settings, initially read from
454
 
      <filename>clients.conf</filename>, are persistent across
455
 
      restarts, and run-time changes will override settings in
456
 
      <filename>clients.conf</filename>.  However, if a setting is
457
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
458
 
      <filename>clients.conf</filename>, this will take precedence.
459
 
    </para>
460
 
  </refsect1>
461
 
  
462
416
  <refsect1 id="dbus_interface">
463
417
    <title>D-BUS INTERFACE</title>
464
418
    <para>
526
480
        </listitem>
527
481
      </varlistentry>
528
482
      <varlistentry>
529
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
530
484
        <listitem>
531
485
          <para>
532
486
            The file containing the process id of the
533
487
            <command>&COMMANDNAME;</command> process started last.
534
 
            <emphasis >Note:</emphasis> If the <filename
535
 
            class="directory">/run</filename> directory does not
536
 
            exist, <filename>/var/run/mandos.pid</filename> will be
537
 
            used instead.
538
488
          </para>
539
489
        </listitem>
540
490
      </varlistentry>
585
535
      There is no fine-grained control over logging and debug output.
586
536
    </para>
587
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
588
541
      This server does not check the expire time of clients’ OpenPGP
589
542
      keys.
590
543
    </para>
706
659
      </varlistentry>
707
660
      <varlistentry>
708
661
        <term>
709
 
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
710
664
        </term>
711
665
      <listitem>
712
666
        <para>
750
704
      </varlistentry>
751
705
      <varlistentry>
752
706
        <term>
753
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
754
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
755
709
        </term>
756
710
      <listitem>
757
711
        <para>
758
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
759
713
        </para>
760
714
      </listitem>
761
715
      </varlistentry>
771
725
      </varlistentry>
772
726
      <varlistentry>
773
727
        <term>
774
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
775
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
776
730
        </term>
777
731
      <listitem>
778
732
        <para>