/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2017-02-23">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
38
      <holder>Teddy Hogeborn</holder>
45
39
      <holder>Björn Påhlsson</holder>
46
40
    </copyright>
105
99
      <sbr/>
106
100
      <arg><option>--statedir
107
101
      <replaceable>DIRECTORY</replaceable></option></arg>
108
 
      <sbr/>
109
 
      <arg><option>--socket
110
 
      <replaceable>FD</replaceable></option></arg>
111
 
      <sbr/>
112
 
      <arg><option>--foreground</option></arg>
113
 
      <sbr/>
114
 
      <arg><option>--no-zeroconf</option></arg>
115
102
    </cmdsynopsis>
116
103
    <cmdsynopsis>
117
104
      <command>&COMMANDNAME;</command>
298
285
        <term><option>--no-restore</option></term>
299
286
        <listitem>
300
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
301
 
          <para>
302
 
            See also <xref linkend="persistent_state"/>.
303
 
          </para>
304
288
        </listitem>
305
289
      </varlistentry>
306
290
      
311
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
312
296
        </listitem>
313
297
      </varlistentry>
314
 
      
315
 
      <varlistentry>
316
 
        <term><option>--socket
317
 
        <replaceable>FD</replaceable></option></term>
318
 
        <listitem>
319
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
320
 
        </listitem>
321
 
      </varlistentry>
322
 
      
323
 
      <varlistentry>
324
 
        <term><option>--foreground</option></term>
325
 
        <listitem>
326
 
          <xi:include href="mandos-options.xml"
327
 
                      xpointer="foreground"/>
328
 
        </listitem>
329
 
      </varlistentry>
330
 
      
331
 
      <varlistentry>
332
 
        <term><option>--no-zeroconf</option></term>
333
 
        <listitem>
334
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
335
 
        </listitem>
336
 
      </varlistentry>
337
 
      
338
298
    </variablelist>
339
299
  </refsect1>
340
300
  
417
377
      extended timeout, checker program, and interval between checks
418
378
      can be configured both globally and per client; see
419
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
420
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
421
383
    </para>
422
384
  </refsect1>
423
385
  
451
413
    </para>
452
414
  </refsect1>
453
415
  
454
 
  <refsect1 id="persistent_state">
455
 
    <title>PERSISTENT STATE</title>
456
 
    <para>
457
 
      Client settings, initially read from
458
 
      <filename>clients.conf</filename>, are persistent across
459
 
      restarts, and run-time changes will override settings in
460
 
      <filename>clients.conf</filename>.  However, if a setting is
461
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
462
 
      <filename>clients.conf</filename>, this will take precedence.
463
 
    </para>
464
 
  </refsect1>
465
 
  
466
416
  <refsect1 id="dbus_interface">
467
417
    <title>D-BUS INTERFACE</title>
468
418
    <para>
530
480
        </listitem>
531
481
      </varlistentry>
532
482
      <varlistentry>
533
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
534
484
        <listitem>
535
485
          <para>
536
486
            The file containing the process id of the
537
487
            <command>&COMMANDNAME;</command> process started last.
538
 
            <emphasis >Note:</emphasis> If the <filename
539
 
            class="directory">/run</filename> directory does not
540
 
            exist, <filename>/var/run/mandos.pid</filename> will be
541
 
            used instead.
542
488
          </para>
543
489
        </listitem>
544
490
      </varlistentry>
545
491
      <varlistentry>
 
492
        <term><filename class="devicefile">/dev/log</filename></term>
 
493
      </varlistentry>
 
494
      <varlistentry>
546
495
        <term><filename
547
496
        class="directory">/var/lib/mandos</filename></term>
548
497
        <listitem>
554
503
        </listitem>
555
504
      </varlistentry>
556
505
      <varlistentry>
557
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
506
        <term><filename>/dev/log</filename></term>
558
507
        <listitem>
559
508
          <para>
560
509
            The Unix domain socket to where local syslog messages are
586
535
      There is no fine-grained control over logging and debug output.
587
536
    </para>
588
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
589
541
      This server does not check the expire time of clients’ OpenPGP
590
542
      keys.
591
543
    </para>
592
 
    <xi:include href="bugs.xml"/>
593
544
  </refsect1>
594
545
  
595
546
  <refsect1 id="example">
708
659
      </varlistentry>
709
660
      <varlistentry>
710
661
        <term>
711
 
          <ulink url="https://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
712
664
        </term>
713
665
      <listitem>
714
666
        <para>
752
704
      </varlistentry>
753
705
      <varlistentry>
754
706
        <term>
755
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
756
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
757
709
        </term>
758
710
      <listitem>
759
711
        <para>
760
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
761
713
        </para>
762
714
      </listitem>
763
715
      </varlistentry>
773
725
      </varlistentry>
774
726
      <varlistentry>
775
727
        <term>
776
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
777
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
778
730
        </term>
779
731
      <listitem>
780
732
        <para>