/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2013-10-20 21:04:35 UTC
  • Revision ID: teddy@recompile.se-20131020210435-jc94ovr5i4sve16r
* Makefile (install-client-nokey): Install "mandos-change-keytype".
  (uninstall-client): Uninstall "mandos-change-keytype".
* mandos (priority): Changed back default GnuTLS priority string to
                     "SECURE256:!CTYPE-X.509:+CTYPE-OPENPGP".
* mandos-change-keytype: New script which, assuming the Mandos server
                         is responding, will generate a new key with
                         the new mandos-keygen default parameters
                         (currently 4096-bit RSA), and output a
                         replacement section for clients.conf on the
                         Mandos server.
* mandos-keygen: Bug fix: output password prompt even when redirecting
                 stdout.
* mandos-options.xml (priority): Document new default value.
* mandos.conf (priority): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2016-06-23">
 
6
<!ENTITY TIMESTAMP "2013-10-15">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
40
 
      <year>2013</year>
41
 
      <year>2014</year>
42
 
      <year>2015</year>
43
 
      <year>2016</year>
44
40
      <holder>Teddy Hogeborn</holder>
45
41
      <holder>Björn Påhlsson</holder>
46
42
    </copyright>
181
177
            <varname>PATH</varname> will be searched.  The default
182
178
            value for the checker command is <quote><literal
183
179
            ><command>fping</command> <option>-q</option> <option
184
 
            >--</option> %%(host)s</literal></quote>.  Note that
185
 
            <command>mandos-keygen</command>, when generating output
186
 
            to be inserted into this file, normally looks for an SSH
187
 
            server on the Mandos client, and, if it find one, outputs
188
 
            a <option>checker</option> option to check for the
189
 
            client’s key fingerprint – this is more secure against
190
 
            spoofing.
 
180
            >--</option> %%(host)s</literal></quote>.
191
181
          </para>
192
182
          <para>
193
183
            In addition to normal start time expansion, this option
230
220
          <para>
231
221
            This option sets the OpenPGP fingerprint that identifies
232
222
            the public key that clients authenticate themselves with
233
 
            through TLS.  The string needs to be in hexadecimal form,
 
223
            through TLS.  The string needs to be in hexidecimal form,
234
224
            but spaces or upper/lower case are not significant.
235
225
          </para>
236
226
        </listitem>
463
453
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
464
454
      obscure.
465
455
    </para>
466
 
    <xi:include href="bugs.xml"/>
467
456
  </refsect1>
468
457
  
469
458
  <refsect1 id="example">