/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos.xml

  • Committer: Teddy Hogeborn
  • Date: 2011-12-31 20:07:11 UTC
  • mfrom: (535.1.9 wireless-network-hook)
  • Revision ID: teddy@recompile.se-20111231200711-6dli3r8drftem57r
Merge new wireless network hook.  Fix bridge network hook to use
hardware addresses instead of interface names.  Implement and document
new "CONNECT" environment variable for network hooks.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos">
5
 
<!ENTITY TIMESTAMP "2018-02-08">
 
5
<!ENTITY TIMESTAMP "2011-11-26">
6
6
<!ENTITY % common SYSTEM "common.ent">
7
7
%common;
8
8
]>
35
35
      <year>2009</year>
36
36
      <year>2010</year>
37
37
      <year>2011</year>
38
 
      <year>2012</year>
39
 
      <year>2013</year>
40
 
      <year>2014</year>
41
 
      <year>2015</year>
42
 
      <year>2016</year>
43
 
      <year>2017</year>
44
 
      <year>2018</year>
45
38
      <holder>Teddy Hogeborn</holder>
46
39
      <holder>Björn Påhlsson</holder>
47
40
    </copyright>
106
99
      <sbr/>
107
100
      <arg><option>--statedir
108
101
      <replaceable>DIRECTORY</replaceable></option></arg>
109
 
      <sbr/>
110
 
      <arg><option>--socket
111
 
      <replaceable>FD</replaceable></option></arg>
112
 
      <sbr/>
113
 
      <arg><option>--foreground</option></arg>
114
 
      <sbr/>
115
 
      <arg><option>--no-zeroconf</option></arg>
116
102
    </cmdsynopsis>
117
103
    <cmdsynopsis>
118
104
      <command>&COMMANDNAME;</command>
299
285
        <term><option>--no-restore</option></term>
300
286
        <listitem>
301
287
          <xi:include href="mandos-options.xml" xpointer="restore"/>
302
 
          <para>
303
 
            See also <xref linkend="persistent_state"/>.
304
 
          </para>
305
288
        </listitem>
306
289
      </varlistentry>
307
290
      
312
295
          <xi:include href="mandos-options.xml" xpointer="statedir"/>
313
296
        </listitem>
314
297
      </varlistentry>
315
 
      
316
 
      <varlistentry>
317
 
        <term><option>--socket
318
 
        <replaceable>FD</replaceable></option></term>
319
 
        <listitem>
320
 
          <xi:include href="mandos-options.xml" xpointer="socket"/>
321
 
        </listitem>
322
 
      </varlistentry>
323
 
      
324
 
      <varlistentry>
325
 
        <term><option>--foreground</option></term>
326
 
        <listitem>
327
 
          <xi:include href="mandos-options.xml"
328
 
                      xpointer="foreground"/>
329
 
        </listitem>
330
 
      </varlistentry>
331
 
      
332
 
      <varlistentry>
333
 
        <term><option>--no-zeroconf</option></term>
334
 
        <listitem>
335
 
          <xi:include href="mandos-options.xml" xpointer="zeroconf"/>
336
 
        </listitem>
337
 
      </varlistentry>
338
 
      
339
298
    </variablelist>
340
299
  </refsect1>
341
300
  
418
377
      extended timeout, checker program, and interval between checks
419
378
      can be configured both globally and per client; see
420
379
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
421
 
      <manvolnum>5</manvolnum></citerefentry>.
 
380
      <manvolnum>5</manvolnum></citerefentry>.  A client successfully
 
381
      receiving its password will also be treated as a successful
 
382
      checker run.
422
383
    </para>
423
384
  </refsect1>
424
385
  
452
413
    </para>
453
414
  </refsect1>
454
415
  
455
 
  <refsect1 id="persistent_state">
456
 
    <title>PERSISTENT STATE</title>
457
 
    <para>
458
 
      Client settings, initially read from
459
 
      <filename>clients.conf</filename>, are persistent across
460
 
      restarts, and run-time changes will override settings in
461
 
      <filename>clients.conf</filename>.  However, if a setting is
462
 
      <emphasis>changed</emphasis> (or a client added, or removed) in
463
 
      <filename>clients.conf</filename>, this will take precedence.
464
 
    </para>
465
 
  </refsect1>
466
 
  
467
416
  <refsect1 id="dbus_interface">
468
417
    <title>D-BUS INTERFACE</title>
469
418
    <para>
531
480
        </listitem>
532
481
      </varlistentry>
533
482
      <varlistentry>
534
 
        <term><filename>/run/mandos.pid</filename></term>
 
483
        <term><filename>/var/run/mandos.pid</filename></term>
535
484
        <listitem>
536
485
          <para>
537
486
            The file containing the process id of the
538
487
            <command>&COMMANDNAME;</command> process started last.
539
 
            <emphasis >Note:</emphasis> If the <filename
540
 
            class="directory">/run</filename> directory does not
541
 
            exist, <filename>/var/run/mandos.pid</filename> will be
542
 
            used instead.
543
488
          </para>
544
489
        </listitem>
545
490
      </varlistentry>
546
491
      <varlistentry>
 
492
        <term><filename class="devicefile">/dev/log</filename></term>
 
493
      </varlistentry>
 
494
      <varlistentry>
547
495
        <term><filename
548
496
        class="directory">/var/lib/mandos</filename></term>
549
497
        <listitem>
555
503
        </listitem>
556
504
      </varlistentry>
557
505
      <varlistentry>
558
 
        <term><filename class="devicefile">/dev/log</filename></term>
 
506
        <term><filename>/dev/log</filename></term>
559
507
        <listitem>
560
508
          <para>
561
509
            The Unix domain socket to where local syslog messages are
587
535
      There is no fine-grained control over logging and debug output.
588
536
    </para>
589
537
    <para>
 
538
      Debug mode is conflated with running in the foreground.
 
539
    </para>
 
540
    <para>
590
541
      This server does not check the expire time of clients’ OpenPGP
591
542
      keys.
592
543
    </para>
593
 
    <xi:include href="bugs.xml"/>
594
544
  </refsect1>
595
545
  
596
546
  <refsect1 id="example">
709
659
      </varlistentry>
710
660
      <varlistentry>
711
661
        <term>
712
 
          <ulink url="https://gnutls.org/">GnuTLS</ulink>
 
662
          <ulink url="http://www.gnu.org/software/gnutls/"
 
663
          >GnuTLS</ulink>
713
664
        </term>
714
665
      <listitem>
715
666
        <para>
753
704
      </varlistentry>
754
705
      <varlistentry>
755
706
        <term>
756
 
          RFC 5246: <citetitle>The Transport Layer Security (TLS)
757
 
          Protocol Version 1.2</citetitle>
 
707
          RFC 4346: <citetitle>The Transport Layer Security (TLS)
 
708
          Protocol Version 1.1</citetitle>
758
709
        </term>
759
710
      <listitem>
760
711
        <para>
761
 
          TLS 1.2 is the protocol implemented by GnuTLS.
 
712
          TLS 1.1 is the protocol implemented by GnuTLS.
762
713
        </para>
763
714
      </listitem>
764
715
      </varlistentry>
774
725
      </varlistentry>
775
726
      <varlistentry>
776
727
        <term>
777
 
          RFC 6091: <citetitle>Using OpenPGP Keys for Transport Layer
778
 
          Security (TLS) Authentication</citetitle>
 
728
          RFC 5081: <citetitle>Using OpenPGP Keys for Transport Layer
 
729
          Security</citetitle>
779
730
        </term>
780
731
      <listitem>
781
732
        <para>