/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to plugins.d/mandos-client.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-10-13 01:49:18 UTC
  • Revision ID: teddy@recompile.se-20131013014918-08ybiy64qxy4ceza
* initramfs-tools-hook: Bug fix: Make sure the right version of GnuPG
                        is copied into the initramfs image.  Always
                        assume that GPGME is used to avoid searching
                        for it since the path might not be /usr/lib.
                        Thanks to Félix Sipma <felix+debian@gueux.org>
                        for the initial bug report, and also thanks to
                        Dick Middleton <dick@lingbrae.com> for some
                        more debugging.
* initramfs-unpack: New script to help with development and debugging.
                    It is only part of the source tree, it is not
                    installed.

Show diffs side-by-side

added added

removed removed

Lines of Context:
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY COMMANDNAME "mandos-client">
5
 
<!ENTITY TIMESTAMP "2015-06-29">
 
5
<!ENTITY TIMESTAMP "2013-06-21">
6
6
<!ENTITY % common SYSTEM "../common.ent">
7
7
%common;
8
8
]>
34
34
      <year>2008</year>
35
35
      <year>2009</year>
36
36
      <year>2012</year>
37
 
      <year>2013</year>
38
 
      <year>2014</year>
39
 
      <year>2015</year>
40
37
      <holder>Teddy Hogeborn</holder>
41
38
      <holder>Björn Påhlsson</holder>
42
39
    </copyright>
221
218
            assumed to separate the address from the port number.
222
219
          </para>
223
220
          <para>
224
 
            Normally, Zeroconf would be used to locate Mandos servers,
225
 
            in which case this option would only be used when testing
226
 
            and debugging.
 
221
            This option is normally only useful for testing and
 
222
            debugging.
227
223
          </para>
228
224
        </listitem>
229
225
      </varlistentry>
262
258
          <para>
263
259
            <replaceable>NAME</replaceable> can be the string
264
260
            <quote><literal>none</literal></quote>; this will make
265
 
            <command>&COMMANDNAME;</command> only bring up interfaces
266
 
            specified <emphasis>before</emphasis> this string.  This
267
 
            is not recommended, and only meant for advanced users.
 
261
            <command>&COMMANDNAME;</command> not bring up
 
262
            <emphasis>any</emphasis> interfaces specified
 
263
            <emphasis>after</emphasis> this string.  This is not
 
264
            recommended, and only meant for advanced users.
268
265
          </para>
269
266
        </listitem>
270
267
      </varlistentry>
445
442
  
446
443
  <refsect1 id="environment">
447
444
    <title>ENVIRONMENT</title>
448
 
    <variablelist>
449
 
      <varlistentry>
450
 
        <term><envar>MANDOSPLUGINHELPERDIR</envar></term>
451
 
        <listitem>
452
 
          <para>
453
 
            This environment variable will be assumed to contain the
454
 
            directory containing any helper executables.  The use and
455
 
            nature of these helper executables, if any, is
456
 
            purposefully not documented.
457
 
        </para>
458
 
        </listitem>
459
 
      </varlistentry>
460
 
    </variablelist>
461
445
    <para>
462
 
      This program does not use any other environment variables, not
463
 
      even the ones provided by <citerefentry><refentrytitle
 
446
      This program does not use any environment variables, not even
 
447
      the ones provided by <citerefentry><refentrytitle
464
448
      >cryptsetup</refentrytitle><manvolnum>8</manvolnum>
465
449
    </citerefentry>.
466
450
    </para>
762
746
    <para>
763
747
      It will also help if the checker program on the server is
764
748
      configured to request something from the client which can not be
765
 
      spoofed by someone else on the network, like SSH server key
766
 
      fingerprints, and unlike unencrypted <acronym>ICMP</acronym>
767
 
      echo (<quote>ping</quote>) replies.
 
749
      spoofed by someone else on the network, unlike unencrypted
 
750
      <acronym>ICMP</acronym> echo (<quote>ping</quote>) replies.
768
751
    </para>
769
752
    <para>
770
753
      <emphasis>Note</emphasis>: This makes it completely insecure to