/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2016-03-05">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
38
      <holder>Teddy Hogeborn</holder>
44
39
      <holder>Björn Påhlsson</holder>
45
40
    </copyright>
104
99
      <sbr/>
105
100
      <arg><option>--statedir
106
101
      <replaceable>DIRECTORY</replaceable></option></arg>
107
 
      <sbr/>
108
 
      <arg><option>--socket
109
 
      <replaceable>FD</replaceable></option></arg>
110
 
      <sbr/>
111
 
      <arg><option>--foreground</option></arg>
112
 
      <sbr/>
113
 
      <arg><option>--no-zeroconf</option></arg>
114
102
    </cmdsynopsis>
115
103
    <cmdsynopsis>
116
104
      <command>&COMMANDNAME;</command>
297
285
        <term><option>--no-restore</option></term>
298
286
        <listitem>
299
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
300
 
          <para>
301
 
            See also <xref linkend="persistent_state"/>.
302
 
          </para>
303
288
        </listitem>
304
289
      </varlistentry>
305
290
      
310
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
311
296
        </listitem>
312
297
      </varlistentry>
313
 
      
314
 
      <varlistentry>
315
 
        <term><option>--socket
316
 
        <replaceable>FD</replaceable></option></term>
317
 
        <listitem>
318
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
319
 
        </listitem>
320
 
      </varlistentry>
321
 
      
322
 
      <varlistentry>
323
 
        <term><option>--foreground</option></term>
324
 
        <listitem>
325
 
          <xi:include href="mandos-options.xml"
326
 
                      xpointer="foreground"/>
327
 
        </listitem>
328
 
      </varlistentry>
329
 
      
330
 
      <varlistentry>
331
 
        <term><option>--no-zeroconf</option></term>
332
 
        <listitem>
333
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
334
 
        </listitem>
335
 
      </varlistentry>
336
 
      
337
298
    </variablelist>
338
299
  </refsect1>
339
300
  
416
377
      extended timeout, checker program, and interval between checks
417
378
      can be configured both globally and per client; see
418
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
419
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
420
383
    </para>
421
384
  </refsect1>
422
385
  
450
413
    </para>
451
414
  </refsect1>
452
415
  
453
 
  <refsect1 id="persistent_state">
454
 
    <title>PERSISTENT STATE</title>
455
 
    <para>
456
 
      Client settings, initially read from
457
 
      <filename>clients.conf</filename>, are persistent across
458
 
      restarts, and run-time changes will override settings in
459
 
      <filename>clients.conf</filename>.  However, if a setting is
460
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
461
 
      <filename>clients.conf</filename>, this will take precedence.
462
 
    </para>
463
 
  </refsect1>
464
 
  
465
416
  <refsect1 id="dbus_interface">
466
417
    <title>D-BUS INTERFACE</title>
467
418
    <para>
529
480
        </listitem>
530
481
      </varlistentry>
531
482
      <varlistentry>
532
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
533
484
        <listitem>
534
485
          <para>
535
486
            The file containing the process id of the
536
487
            <command>&COMMANDNAME;</command> process started last.
537
 
            <emphasis >Note:</emphasis> If the <filename
538
 
            class="directory">/run</filename> directory does not
539
 
            exist, <filename>/var/run/mandos.pid</filename> will be
540
 
            used instead.
541
488
          </para>
542
489
        </listitem>
543
490
      </varlistentry>
544
491
      <varlistentry>
 
492
        <term><filename class="devicefile">/dev/log</filename></term>
 
493
      </varlistentry>
 
494
      <varlistentry>
545
495
        <term><filename
546
496
        class="directory">/var/lib/mandos</filename></term>
547
497
        <listitem>
553
503
        </listitem>
554
504
      </varlistentry>
555
505
      <varlistentry>
556
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
506
        <term><filename>/dev/log</filename></term>
557
507
        <listitem>
558
508
          <para>
559
509
            The Unix domain socket to where local syslog messages are
585
535
      There is no fine-grained control over logging and debug output.
586
536
    </para>
587
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
588
541
      This server does not check the expire time of clients’ OpenPGP
589
542
      keys.
590
543
    </para>
591
 
    <xi:include href="bugs.xml"/>
592
544
  </refsect1>
593
545
  
594
546
  <refsect1 id="example">
707
659
      </varlistentry>
708
660
      <varlistentry>
709
661
        <term>
710
 
          <ulink url="http://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
711
664
        </term>
712
665
      <listitem>
713
666
        <para>
751
704
      </varlistentry>
752
705
      <varlistentry>
753
706
        <term>
754
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
755
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
756
709
        </term>
757
710
      <listitem>
758
711
        <para>
759
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
760
713
        </para>
761
714
      </listitem>
762
715
      </varlistentry>
772
725
      </varlistentry>
773
726
      <varlistentry>
774
727
        <term>
775
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
776
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
777
730
        </term>
778
731
      <listitem>
779
732
        <para>