/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-10-20 19:13:09 UTC
  • Revision ID: teddy@recompile.se-20131020191309-7tyca3oo0zqxn45s
* mandos-keygen: Bug fix: Specify key usage to avoid creating keys
                 with key usage flags which GnuTLS does not like.
                 Also fix --help output documentation about default
                 subkey type.

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2018-02-08">
 
6
<!ENTITY TIMESTAMP "2013-10-15">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
40
 
      <year>2013</year>
41
 
      <year>2014</year>
42
 
      <year>2015</year>
43
 
      <year>2016</year>
44
 
      <year>2017</year>
45
 
      <year>2018</year>
46
40
      <holder>Teddy Hogeborn</holder>
47
41
      <holder>Björn Påhlsson</holder>
48
42
    </copyright>
183
177
            <varname>PATH</varname> will be searched.  The default
184
178
            value for the checker command is <quote><literal
185
179
            ><command>fping</command> <option>-q</option> <option
186
 
            >--</option> %%(host)s</literal></quote>.  Note that
187
 
            <command>mandos-keygen</command>, when generating output
188
 
            to be inserted into this file, normally looks for an SSH
189
 
            server on the Mandos client, and, if it find one, outputs
190
 
            a <option>checker</option> option to check for the
191
 
            client’s key fingerprint – this is more secure against
192
 
            spoofing.
 
180
            >--</option> %%(host)s</literal></quote>.
193
181
          </para>
194
182
          <para>
195
183
            In addition to normal start time expansion, this option
232
220
          <para>
233
221
            This option sets the OpenPGP fingerprint that identifies
234
222
            the public key that clients authenticate themselves with
235
 
            through TLS.  The string needs to be in hexadecimal form,
 
223
            through TLS.  The string needs to be in hexidecimal form,
236
224
            but spaces or upper/lower case are not significant.
237
225
          </para>
238
226
        </listitem>
465
453
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
466
454
      obscure.
467
455
    </para>
468
 
    <xi:include href="bugs.xml"/>
469
456
  </refsect1>
470
457
  
471
458
  <refsect1 id="example">