/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-09-29 15:52:19 UTC
  • Revision ID: teddy@recompile.se-20130929155219-rer4z6583z1qu7kj
* debian/mandos-client.README.Debian: Update Linux documentation link.
* mandos-keygen: Change default key and subkey type to RSA and default
                 key length to 4096 bits.

Show diffs side-by-side

added added

removed removed

Lines of Context:
plugins.d/mandos-client.xml
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2015-03-08">
 
5
<!ENTITY TIMESTAMP "2013-06-21">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
37
      <holder>Teddy Hogeborn</holder>
40
38
      <holder>Björn Påhlsson</holder>
41
39
    </copyright>
220
218
            assumed to separate the address from the port number.
221
219
          </para>
222
220
          <para>
223
 
            Normally, Zeroconf would be used to locate Mandos servers,
224
 
            in which case this option would only be used when testing
225
 
            and debugging.
 
221
            This option is normally only useful for testing and
 
222
            debugging.
226
223
          </para>
227
224
        </listitem>
228
225
      </varlistentry>
261
258
          <para>
262
259
            <replaceable>NAME</replaceable> can be the string
263
260
            <quote><literal>none</literal></quote>; this will make
264
 
            <command>&COMMANDNAME;</command> only bring up interfaces
265
 
            specified <emphasis>before</emphasis> this string.  This
266
 
            is not recommended, and only meant for advanced users.
 
261
            <command>&COMMANDNAME;</command> not bring up
 
262
            <emphasis>any</emphasis> interfaces specified
 
263
            <emphasis>after</emphasis> this string.  This is not
 
264
            recommended, and only meant for advanced users.
267
265
          </para>
268
266
        </listitem>
269
267
      </varlistentry>
311
309
        <listitem>
312
310
          <para>
313
311
            Sets the number of bits to use for the prime number in the
314
 
            TLS Diffie-Hellman key exchange.  The default value is
315
 
            selected automatically based on the OpenPGP key.
 
312
            TLS Diffie-Hellman key exchange.  Default is 1024.
316
313
          </para>
317
314
        </listitem>
318
315
      </varlistentry>
749
746
    <para>
750
747
      It will also help if the checker program on the server is
751
748
      configured to request something from the client which can not be
752
 
      spoofed by someone else on the network, like SSH server key
753
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
754
 
      echo (<quote>ping</quote>) replies.
 
749
      spoofed by someone else on the network, unlike unencrypted
 
750
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
755
751
    </para>
756
752
    <para>
757
753
      <emphasis>Note</emphasis>: This makes it completely insecure to