/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2012-06-23 00:58:49 UTC
  • Revision ID: teddy@recompile.se-20120623005849-02wj82cng433rt2k
* clients.conf: Convert all time intervals to new RFC 3339 syntax.
* mandos: All client options for time intervals now take an RFC 3339
          duration.
  (rfc3339_duration_to_delta): New function.
  (string_to_delta): Try rfc3339_duration_to_delta first.
* mandos-clients.conf.xml (OPTIONS/timeout): Document new format.
  (EXAMPLE): Update to new interval format.
  (SEE ALSO): Reference RFC 3339.

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-clients.conf.xml
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2017-02-23">
 
6
<!ENTITY TIMESTAMP "2012-06-23">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
40
 
      <year>2013</year>
41
 
      <year>2014</year>
42
 
      <year>2015</year>
43
 
      <year>2016</year>
44
 
      <year>2017</year>
45
40
      <holder>Teddy Hogeborn</holder>
46
41
      <holder>Björn Påhlsson</holder>
47
42
    </copyright>
122
117
          <para>
123
118
            How long to wait for external approval before resorting to
124
119
            use the <option>approved_by_default</option> value.  The
125
 
            default is <quote>PT0S</quote>, i.e. not to wait.
 
120
            default is <quote>0s</quote>, i.e. not to wait.
126
121
          </para>
127
122
          <para>
128
123
            The format of <replaceable>TIME</replaceable> is the same
182
177
            <varname>PATH</varname> will be searched.  The default
183
178
            value for the checker command is <quote><literal
184
179
            ><command>fping</command> <option>-q</option> <option
185
 
            >--</option> %%(host)s</literal></quote>.  Note that
186
 
            <command>mandos-keygen</command>, when generating output
187
 
            to be inserted into this file, normally looks for an SSH
188
 
            server on the Mandos client, and, if it find one, outputs
189
 
            a <option>checker</option> option to check for the
190
 
            client’s key fingerprint – this is more secure against
191
 
            spoofing.
 
180
            >--</option> %%(host)s</literal></quote>.
192
181
          </para>
193
182
          <para>
194
183
            In addition to normal start time expansion, this option
231
220
          <para>
232
221
            This option sets the OpenPGP fingerprint that identifies
233
222
            the public key that clients authenticate themselves with
234
 
            through TLS.  The string needs to be in hexadecimal form,
 
223
            through TLS.  The string needs to be in hexidecimal form,
235
224
            but spaces or upper/lower case are not significant.
236
225
          </para>
237
226
        </listitem>
464
453
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
465
454
      obscure.
466
455
    </para>
467
 
    <xi:include href="bugs.xml"/>
468
456
  </refsect1>
469
457
  
470
458
  <refsect1 id="example">