/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2015-12-06">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
38
      <holder>Teddy Hogeborn</holder>
43
39
      <holder>Björn Påhlsson</holder>
44
40
    </copyright>
103
99
      <sbr/>
104
100
      <arg><option>--statedir
105
101
      <replaceable>DIRECTORY</replaceable></option></arg>
106
 
      <sbr/>
107
 
      <arg><option>--socket
108
 
      <replaceable>FD</replaceable></option></arg>
109
 
      <sbr/>
110
 
      <arg><option>--foreground</option></arg>
111
 
      <sbr/>
112
 
      <arg><option>--no-zeroconf</option></arg>
113
102
    </cmdsynopsis>
114
103
    <cmdsynopsis>
115
104
      <command>&COMMANDNAME;</command>
296
285
        <term><option>--no-restore</option></term>
297
286
        <listitem>
298
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
299
 
          <para>
300
 
            See also <xref linkend="persistent_state"/>.
301
 
          </para>
302
288
        </listitem>
303
289
      </varlistentry>
304
290
      
309
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
310
296
        </listitem>
311
297
      </varlistentry>
312
 
      
313
 
      <varlistentry>
314
 
        <term><option>--socket
315
 
        <replaceable>FD</replaceable></option></term>
316
 
        <listitem>
317
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
318
 
        </listitem>
319
 
      </varlistentry>
320
 
      
321
 
      <varlistentry>
322
 
        <term><option>--foreground</option></term>
323
 
        <listitem>
324
 
          <xi:include href="mandos-options.xml"
325
 
                      xpointer="foreground"/>
326
 
        </listitem>
327
 
      </varlistentry>
328
 
      
329
 
      <varlistentry>
330
 
        <term><option>--no-zeroconf</option></term>
331
 
        <listitem>
332
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
333
 
        </listitem>
334
 
      </varlistentry>
335
 
      
336
298
    </variablelist>
337
299
  </refsect1>
338
300
  
415
377
      extended timeout, checker program, and interval between checks
416
378
      can be configured both globally and per client; see
417
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
418
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
419
383
    </para>
420
384
  </refsect1>
421
385
  
449
413
    </para>
450
414
  </refsect1>
451
415
  
452
 
  <refsect1 id="persistent_state">
453
 
    <title>PERSISTENT STATE</title>
454
 
    <para>
455
 
      Client settings, initially read from
456
 
      <filename>clients.conf</filename>, are persistent across
457
 
      restarts, and run-time changes will override settings in
458
 
      <filename>clients.conf</filename>.  However, if a setting is
459
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
460
 
      <filename>clients.conf</filename>, this will take precedence.
461
 
    </para>
462
 
  </refsect1>
463
 
  
464
416
  <refsect1 id="dbus_interface">
465
417
    <title>D-BUS INTERFACE</title>
466
418
    <para>
528
480
        </listitem>
529
481
      </varlistentry>
530
482
      <varlistentry>
531
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
532
484
        <listitem>
533
485
          <para>
534
486
            The file containing the process id of the
535
487
            <command>&COMMANDNAME;</command> process started last.
536
 
            <emphasis >Note:</emphasis> If the <filename
537
 
            class="directory">/run</filename> directory does not
538
 
            exist, <filename>/var/run/mandos.pid</filename> will be
539
 
            used instead.
540
488
          </para>
541
489
        </listitem>
542
490
      </varlistentry>
543
491
      <varlistentry>
 
492
        <term><filename class="devicefile">/dev/log</filename></term>
 
493
      </varlistentry>
 
494
      <varlistentry>
544
495
        <term><filename
545
496
        class="directory">/var/lib/mandos</filename></term>
546
497
        <listitem>
552
503
        </listitem>
553
504
      </varlistentry>
554
505
      <varlistentry>
555
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
506
        <term><filename>/dev/log</filename></term>
556
507
        <listitem>
557
508
          <para>
558
509
            The Unix domain socket to where local syslog messages are
584
535
      There is no fine-grained control over logging and debug output.
585
536
    </para>
586
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
587
541
      This server does not check the expire time of clients’ OpenPGP
588
542
      keys.
589
543
    </para>
705
659
      </varlistentry>
706
660
      <varlistentry>
707
661
        <term>
708
 
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
709
664
        </term>
710
665
      <listitem>
711
666
        <para>
749
704
      </varlistentry>
750
705
      <varlistentry>
751
706
        <term>
752
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
753
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
754
709
        </term>
755
710
      <listitem>
756
711
        <para>
757
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
758
713
        </para>
759
714
      </listitem>
760
715
      </varlistentry>
770
725
      </varlistentry>
771
726
      <varlistentry>
772
727
        <term>
773
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
774
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
775
730
        </term>
776
731
      <listitem>
777
732
        <para>