1
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos">
6
<!ENTITY TIMESTAMP "2008-08-29">
5
<!ENTITY TIMESTAMP "2012-06-17">
6
<!ENTITY % common SYSTEM "common.ent">
9
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
11
12
<title>Mandos Manual</title>
12
13
<!-- NWalsh’s docbook scripts use this to generate the footer: -->
13
14
<productname>Mandos</productname>
14
<productnumber>&VERSION;</productnumber>
15
<productnumber>&version;</productnumber>
15
16
<date>&TIMESTAMP;</date>
18
19
<firstname>Björn</firstname>
19
20
<surname>Påhlsson</surname>
21
<email>belorn@fukt.bsnet.se</email>
22
<email>belorn@recompile.se</email>
25
26
<firstname>Teddy</firstname>
26
27
<surname>Hogeborn</surname>
28
<email>teddy@fukt.bsnet.se</email>
29
<email>teddy@recompile.se</email>
34
39
<holder>Teddy Hogeborn</holder>
35
40
<holder>Björn Påhlsson</holder>
39
This manual page is free software: you can redistribute it
40
and/or modify it under the terms of the GNU General Public
41
License as published by the Free Software Foundation,
42
either version 3 of the License, or (at your option) any
47
This manual page is distributed in the hope that it will
48
be useful, but WITHOUT ANY WARRANTY; without even the
49
implied warranty of MERCHANTABILITY or FITNESS FOR A
50
PARTICULAR PURPOSE. See the GNU General Public License
55
You should have received a copy of the GNU General Public
56
License along with this program; If not, see
57
<ulink url="http://www.gnu.org/licenses/"/>.
42
<xi:include href="legalnotice.xml"/>
63
46
<refentrytitle>&COMMANDNAME;</refentrytitle>
64
47
<manvolnum>8</manvolnum>
68
51
<refname><command>&COMMANDNAME;</command></refname>
70
Sends encrypted passwords to authenticated Mandos clients
53
Gives encrypted passwords to authenticated Mandos clients
76
59
<command>&COMMANDNAME;</command>
77
<arg>--interface<arg choice="plain">NAME</arg></arg>
78
<arg>--address<arg choice="plain">ADDRESS</arg></arg>
79
<arg>--port<arg choice="plain">PORT</arg></arg>
80
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
81
<arg>--servicename<arg choice="plain">NAME</arg></arg>
82
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
86
<command>&COMMANDNAME;</command>
87
<arg>-i<arg choice="plain">NAME</arg></arg>
88
<arg>-a<arg choice="plain">ADDRESS</arg></arg>
89
<arg>-p<arg choice="plain">PORT</arg></arg>
90
<arg>--priority<arg choice="plain">PRIORITY</arg></arg>
91
<arg>--servicename<arg choice="plain">NAME</arg></arg>
92
<arg>--configdir<arg choice="plain">DIRECTORY</arg></arg>
61
<arg choice="plain"><option>--interface
62
<replaceable>NAME</replaceable></option></arg>
63
<arg choice="plain"><option>-i
64
<replaceable>NAME</replaceable></option></arg>
68
<arg choice="plain"><option>--address
69
<replaceable>ADDRESS</replaceable></option></arg>
70
<arg choice="plain"><option>-a
71
<replaceable>ADDRESS</replaceable></option></arg>
75
<arg choice="plain"><option>--port
76
<replaceable>PORT</replaceable></option></arg>
77
<arg choice="plain"><option>-p
78
<replaceable>PORT</replaceable></option></arg>
81
<arg><option>--priority
82
<replaceable>PRIORITY</replaceable></option></arg>
84
<arg><option>--servicename
85
<replaceable>NAME</replaceable></option></arg>
87
<arg><option>--configdir
88
<replaceable>DIRECTORY</replaceable></option></arg>
90
<arg><option>--debug</option></arg>
92
<arg><option>--debuglevel
93
<replaceable>LEVEL</replaceable></option></arg>
95
<arg><option>--no-dbus</option></arg>
97
<arg><option>--no-ipv6</option></arg>
99
<arg><option>--no-restore</option></arg>
101
<arg><option>--statedir
102
<replaceable>DIRECTORY</replaceable></option></arg>
104
<arg><option>--socket
105
<replaceable>FD</replaceable></option></arg>
107
<arg><option>--foreground</option></arg>
96
110
<command>&COMMANDNAME;</command>
97
111
<group choice="req">
98
<arg choice="plain">-h</arg>
99
<arg choice="plain">--help</arg>
112
<arg choice="plain"><option>--help</option></arg>
113
<arg choice="plain"><option>-h</option></arg>
103
117
<command>&COMMANDNAME;</command>
104
<arg choice="plain">--version</arg>
118
<arg choice="plain"><option>--version</option></arg>
107
121
<command>&COMMANDNAME;</command>
108
<arg choice="plain">--check</arg>
122
<arg choice="plain"><option>--check</option></arg>
110
124
</refsynopsisdiv>
112
126
<refsect1 id="description">
113
127
<title>DESCRIPTION</title>
115
129
<command>&COMMANDNAME;</command> is a server daemon which
116
130
handles incoming request for passwords for a pre-defined list of
117
client host computers. The Mandos server uses Zeroconf to
118
announce itself on the local network, and uses TLS to
119
communicate securely with and to authenticate the clients. The
120
Mandos server uses IPv6 to allow Mandos clients to use IPv6
121
link-local addresses, since the clients will probably not have
122
any other addresses configured (see <xref linkend="overview"/>).
123
Any authenticated client is then given the stored pre-encrypted
124
password for that specific client.
131
client host computers. For an introduction, see
132
<citerefentry><refentrytitle>intro</refentrytitle>
133
<manvolnum>8mandos</manvolnum></citerefentry>. The Mandos server
134
uses Zeroconf to announce itself on the local network, and uses
135
TLS to communicate securely with and to authenticate the
136
clients. The Mandos server uses IPv6 to allow Mandos clients to
137
use IPv6 link-local addresses, since the clients will probably
138
not have any other addresses configured (see <xref
139
linkend="overview"/>). Any authenticated client is then given
140
the stored pre-encrypted password for that specific client.
129
144
<refsect1 id="purpose">
130
145
<title>PURPOSE</title>
133
147
The purpose of this is to enable <emphasis>remote and unattended
134
148
rebooting</emphasis> of client host computer with an
135
149
<emphasis>encrypted root file system</emphasis>. See <xref
136
150
linkend="overview"/> for details.
141
154
<refsect1 id="options">
142
155
<title>OPTIONS</title>
158
<term><option>--help</option></term>
146
159
<term><option>-h</option></term>
147
<term><option>--help</option></term>
150
162
Show a help message and exit
168
<term><option>--interface</option>
169
<replaceable>NAME</replaceable></term>
156
170
<term><option>-i</option>
157
171
<replaceable>NAME</replaceable></term>
158
<term><option>--interface</option>
159
<replaceable>NAME</replaceable></term>
161
173
<xi:include href="mandos-options.xml" xpointer="interface"/>
166
<term><literal>-a</literal>, <literal>--address <replaceable>
167
ADDRESS</replaceable></literal></term>
178
<term><option>--address
179
<replaceable>ADDRESS</replaceable></option></term>
181
<replaceable>ADDRESS</replaceable></option></term>
169
183
<xi:include href="mandos-options.xml" xpointer="address"/>
174
<term><literal>-p</literal>, <literal>--port <replaceable>
175
PORT</replaceable></literal></term>
189
<replaceable>PORT</replaceable></option></term>
191
<replaceable>PORT</replaceable></option></term>
177
193
<xi:include href="mandos-options.xml" xpointer="port"/>
182
<term><literal>--check</literal></term>
198
<term><option>--check</option></term>
185
201
Run the server’s self-tests. This includes any unit
192
<term><literal>--debug</literal></term>
208
<term><option>--debug</option></term>
194
210
<xi:include href="mandos-options.xml" xpointer="debug"/>
199
<term><literal>--priority <replaceable>
200
PRIORITY</replaceable></literal></term>
215
<term><option>--debuglevel
216
<replaceable>LEVEL</replaceable></option></term>
219
Set the debugging log level.
220
<replaceable>LEVEL</replaceable> is a string, one of
221
<quote><literal>CRITICAL</literal></quote>,
222
<quote><literal>ERROR</literal></quote>,
223
<quote><literal>WARNING</literal></quote>,
224
<quote><literal>INFO</literal></quote>, or
225
<quote><literal>DEBUG</literal></quote>, in order of
226
increasing verbosity. The default level is
227
<quote><literal>WARNING</literal></quote>.
233
<term><option>--priority <replaceable>
234
PRIORITY</replaceable></option></term>
202
236
<xi:include href="mandos-options.xml" xpointer="priority"/>
207
<term><literal>--servicename <replaceable>NAME</replaceable>
241
<term><option>--servicename
242
<replaceable>NAME</replaceable></option></term>
210
244
<xi:include href="mandos-options.xml"
211
245
xpointer="servicename"/>
216
<term><literal>--configdir <replaceable>DIR</replaceable>
250
<term><option>--configdir
251
<replaceable>DIRECTORY</replaceable></option></term>
220
254
Directory to search for configuration files. Default is
231
<term><literal>--version</literal></term>
265
<term><option>--version</option></term>
234
268
Prints the program version and exit.
274
<term><option>--no-dbus</option></term>
276
<xi:include href="mandos-options.xml" xpointer="dbus"/>
278
See also <xref linkend="dbus_interface"/>.
284
<term><option>--no-ipv6</option></term>
286
<xi:include href="mandos-options.xml" xpointer="ipv6"/>
291
<term><option>--no-restore</option></term>
293
<xi:include href="mandos-options.xml" xpointer="restore"/>
295
See also <xref linkend="persistent_state"/>.
301
<term><option>--statedir
302
<replaceable>DIRECTORY</replaceable></option></term>
304
<xi:include href="mandos-options.xml" xpointer="statedir"/>
309
<term><option>--socket
310
<replaceable>FD</replaceable></option></term>
312
<xi:include href="mandos-options.xml" xpointer="socket"/>
317
<term><option>--foreground</option></term>
319
<xi:include href="mandos-options.xml"
320
xpointer="foreground"/>
241
327
<refsect1 id="overview">
242
328
<title>OVERVIEW</title>
243
329
<xi:include href="overview.xml"/>
245
331
This program is the server part. It is a normal server program
246
332
and will run in a normal system environment, not in an initial
247
RAM disk environment.
333
<acronym>RAM</acronym> disk environment.
251
337
<refsect1 id="protocol">
252
338
<title>NETWORK PROTOCOL</title>
306
392
</tbody></tgroup></table>
309
395
<refsect1 id="checking">
310
396
<title>CHECKING</title>
312
398
The server will, by default, continually check that the clients
313
399
are still up. If a client has not been confirmed as being up
314
400
for some time, the client is assumed to be compromised and is no
315
longer eligible to receive the encrypted password. The timeout,
316
checker program, and interval between checks can be configured
317
both globally and per client; see <citerefentry>
401
longer eligible to receive the encrypted password. (Manual
402
intervention is required to re-enable a client.) The timeout,
403
extended timeout, checker program, and interval between checks
404
can be configured both globally and per client; see
405
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
406
<manvolnum>5</manvolnum></citerefentry>.
410
<refsect1 id="approval">
411
<title>APPROVAL</title>
413
The server can be configured to require manual approval for a
414
client before it is sent its secret. The delay to wait for such
415
approval and the default action (approve or deny) can be
416
configured both globally and per client; see <citerefentry>
318
417
<refentrytitle>mandos-clients.conf</refentrytitle>
319
<manvolnum>5</manvolnum></citerefentry>.
418
<manvolnum>5</manvolnum></citerefentry>. By default all clients
419
will be approved immediately without delay.
422
This can be used to deny a client its secret if not manually
423
approved within a specified time. It can also be used to make
424
the server delay before giving a client its secret, allowing
425
optional manual denying of this specific client.
323
430
<refsect1 id="logging">
324
431
<title>LOGGING</title>
326
433
The server will send log message with various severity levels to
327
<filename>/dev/log</filename>. With the
434
<filename class="devicefile">/dev/log</filename>. With the
328
435
<option>--debug</option> option, it will log even more messages,
329
436
and also show them on the console.
440
<refsect1 id="persistent_state">
441
<title>PERSISTENT STATE</title>
443
Client settings, initially read from
444
<filename>clients.conf</filename>, are persistent across
445
restarts, and run-time changes will override settings in
446
<filename>clients.conf</filename>. However, if a setting is
447
<emphasis>changed</emphasis> (or a client added, or removed) in
448
<filename>clients.conf</filename>, this will take precedence.
452
<refsect1 id="dbus_interface">
453
<title>D-BUS INTERFACE</title>
455
The server will by default provide a D-Bus system bus interface.
456
This interface will only be accessible by the root user or a
457
Mandos-specific user, if such a user exists. For documentation
458
of the D-Bus API, see the file <filename>DBUS-API</filename>.
333
462
<refsect1 id="exit_status">
334
463
<title>EXIT STATUS</title>
516
646
compromised if they are gone for too long.
519
If a client is compromised, its downtime should be duly noted
520
by the server which would therefore declare the client
521
invalid. But if the server was ever restarted, it would
522
re-read its client list from its configuration file and again
523
regard all clients therein as valid, and hence eligible to
524
receive their passwords. Therefore, be careful when
525
restarting servers if it is suspected that a client has, in
526
fact, been compromised by parties who may now be running a
527
fake Mandos client with the keys from the non-encrypted
528
initial RAM image of the client host. What should be done in
529
that case (if restarting the server program really is
530
necessary) is to stop the server program, edit the
531
configuration file to omit any suspect clients, and restart
535
649
For more details on client-side security, see
536
<citerefentry><refentrytitle>password-request</refentrytitle>
650
<citerefentry><refentrytitle>mandos-client</refentrytitle>
537
651
<manvolnum>8mandos</manvolnum></citerefentry>.
542
656
<refsect1 id="see_also">
543
657
<title>SEE ALSO</title>
546
<refentrytitle>mandos-clients.conf</refentrytitle>
547
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
548
<refentrytitle>mandos.conf</refentrytitle>
549
<manvolnum>5</manvolnum></citerefentry>, <citerefentry>
550
<refentrytitle>password-request</refentrytitle>
551
<manvolnum>8mandos</manvolnum></citerefentry>, <citerefentry>
552
<refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
659
<citerefentry><refentrytitle>intro</refentrytitle>
660
<manvolnum>8mandos</manvolnum></citerefentry>,
661
<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
662
<manvolnum>5</manvolnum></citerefentry>,
663
<citerefentry><refentrytitle>mandos.conf</refentrytitle>
664
<manvolnum>5</manvolnum></citerefentry>,
665
<citerefentry><refentrytitle>mandos-client</refentrytitle>
666
<manvolnum>8mandos</manvolnum></citerefentry>,
667
<citerefentry><refentrytitle>sh</refentrytitle>
668
<manvolnum>1</manvolnum></citerefentry>