/mandos/trunk : revision 780

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2015-08-02 09:36:40 UTC
Revision ID: teddy@recompile.se-20150802093640-nc0n17rbmqlbaxuf

Add D-Bus annotations on a few properties on the Client object.

The D-Bus property "Secret" on the interface
"se.recompile.Mandos.Client" should have the annotation
"org.freedesktop.DBus.Property.EmitsChangedSignal" set to
"invalidates".  Also, the properties "Created", "Fingerprint", "Name",
and "ObjectPath" should have the same annotation set to "const".

* mandos (ClientDBus.Name_dbus_property): Set annotation
                    "org.freedesktop.DBus.Property.EmitsChangedSignal"
                    to "const".
  (ClientDBus.Fingerprint_dbus_property): - '' -
  (ClientDBus.Created_dbus_property): - '' -
  (ClientDBus.ObjectPath_dbus_property): - '' -
  (ClientDBus.Secret_dbus_property): Set annotation
                    "org.freedesktop.DBus.Property.EmitsChangedSignal"
                    to "invalidates".

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

README

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

legalnotice.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-08-31">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<para>

This manual page is free software: you can redistribute it

and/or modify it under the terms of the GNU General Public

License as published by the Free Software Foundation,

either version 3 of the License, or (at your option) any

later version.

</para>

<para>

This manual page is distributed in the hope that it will

be useful, but WITHOUT ANY WARRANTY; without even the

implied warranty of MERCHANTABILITY or FITNESS FOR A

PARTICULAR PURPOSE. See the GNU General Public License

for more details.

</para>

<para>

You should have received a copy of the GNU General Public

License along with this program; If not, see

<ulink url="http://www.gnu.org/licenses/"/>.

</para>

</legalnotice>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

137

123

138

124

</group>

139

125

<sbr/>

140

<arg><option>--force</option></arg>

126

<group>

127

<arg choice="plain"><option>--force</option></arg>

128

129

</group>

141

130

</cmdsynopsis>

142

131

143

132

<command>&COMMANDNAME;</command>

144

133

145

134

<arg choice="plain"><option>--password</option></arg>

146

135

136

<arg choice="plain"><option>--passfile

137

138

139

147

140

</group>

148

141

<sbr/>

149

142

<group>

159

152

<arg choice="plain"><option>-n

160

153

161

154

</group>

155

<group>

156

157

158

</group>

162

159

</cmdsynopsis>

163

160

164

161

<command>&COMMANDNAME;</command>

181

178

<para>

182

179

<command>&COMMANDNAME;</command> is a program to generate the

183

180

OpenPGP key used by

184

<citerefentry><refentrytitle>password-request</refentrytitle>

181

<citerefentry><refentrytitle>mandos-client</refentrytitle>

185

182

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

186

183

normally written to /etc/mandos for later installation into the

187

184

initrd image, but this, and most other things, can be changed

189

186

</para>

190

187

<para>

191

188

This program can also be used with the

192

<option>--password</option> option to generate a ready-made

193

section for <filename>clients.conf</filename> (see

189

<option>--password</option> or <option>--passfile</option>

190

options to generate a ready-made section for

191

<filename>clients.conf</filename> (see

194

192

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

195

193

<manvolnum>5</manvolnum></citerefentry>).

196

194

</para>

219

217

</para>

220

218

</listitem>

221

219

</varlistentry>

222

220

223

221

224

222

<term><option>--dir

225

223

<replaceable>DIRECTORY</replaceable></option></term>

228

226

229

227

<para>

230

228

Target directory for key files. Default is

231

<filename>/etc/mandos</filename>.

229

<filename class="directory">/etc/mandos</filename>.

232

230

</para>

233

231

</listitem>

234

232

</varlistentry>

235

233

236

234

237

235

<term><option>--type

238

236

240

238

241

239

242

240

<para>

243

Key type. Default is <quote>DSA</quote>.

241

Key type. Default is <quote>RSA</quote>.

244

242

</para>

245

243

</listitem>

246

244

</varlistentry>

247

245

248

246

249

247

<term><option>--length

250

248

252

250

253

251

254

252

<para>

255

Key length in bits. Default is 2048.

253

Key length in bits. Default is 4096.

256

254

</para>

257

255

</listitem>

258

256

</varlistentry>

259

257

260

258

261

259

<term><option>--subtype

262

260

<replaceable>KEYTYPE</replaceable></option></term>

264

262

<replaceable>KEYTYPE</replaceable></option></term>

265

263

266

264

<para>

267

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

265

Subkey type. Default is <quote>RSA</quote> (Elgamal

268

266

encryption-only).

269

267

</para>

270

268

</listitem>

271

269

</varlistentry>

272

270

273

271

274

272

<term><option>--sublength

275

273

277

275

278

276

279

277

<para>

280

Subkey length in bits. Default is 2048.

278

Subkey length in bits. Default is 4096.

281

279

</para>

282

280

</listitem>

283

281

</varlistentry>

284

282

285

283

286

284

<term><option>--email

287

285

<replaceable>ADDRESS</replaceable></option></term>

293

291

</para>

294

292

</listitem>

295

293

</varlistentry>

296

294

297

295

298

296

<term><option>--comment

299

297

301

299

302

300

303

301

<para>

304

Comment field for key. The default value is

305

<quote><literal>Mandos client key</literal></quote>.

302

Comment field for key. Default is empty.

306

303

</para>

307

304

</listitem>

308

305

</varlistentry>

309

306

310

307

311

308

<term><option>--expire

312

309

320

317

</para>

321

318

</listitem>

322

319

</varlistentry>

323

320

324

321

325

322

<term><option>--force</option></term>

326

323

348

345

</para>

349

346

</listitem>

350

347

</varlistentry>

348

349

<term><option>--passfile

350

351

<term><option>-F

352

353

354

<para>

355

The same as <option>--password</option>, but read from

356

<replaceable>FILE</replaceable>, not the terminal.

357

</para>

358

</listitem>

359

</varlistentry>

360

361

362

363

364

<para>

365

When <option>--password</option> or

366

<option>--passfile</option> is given, this option will

367

prevent <command>&COMMANDNAME;</command> from calling

368

<command>ssh-keyscan</command> to get an SSH fingerprint

369

for this host and, if successful, output suitable config

370

options to use this fingerprint as a

371

<option>checker</option> option in the output. This is

372

otherwise the default behavior.

373

</para>

374

</listitem>

375

</varlistentry>

351

376

</variablelist>

352

377

</refsect1>

353

378

354

379

355

380

<title>OVERVIEW</title>

356

381

<xi:include href="overview.xml"/>

360

385

<filename>clients.conf</filename> on the server.

361

386

</para>

362

387

</refsect1>

363

388

364

389

365

390

<title>EXIT STATUS</title>

366

391

<para>

386

411

</variablelist>

387

412

</refsect1>

388

413

389

414

390

415

<title>FILES</title>

391

416

<para>

392

417

Use the <option>--dir</option> option to change where

413

438

</listitem>

414

439

</varlistentry>

415

440

416

441

417

442

418

443

<para>

419

444

Temporary files will be written here if

423

448

</varlistentry>

424

449

</variablelist>

425

450

</refsect1>

426

427

428

429

<para>

430

None are known at this time.

431

</para>

432

</refsect1>

433

451

452

453

454

455

456

457

434

458

435

459

<title>EXAMPLE</title>

436

460

455

479

</informalexample>

456

480

457

481

<para>

458

Prompt for a password, encrypt it with the key in

459

<filename>/etc/mandos</filename> and output a section suitable

460

for <filename>clients.conf</filename>.

482

Prompt for a password, encrypt it with the key in <filename

483

class="directory">/etc/mandos</filename> and output a section

484

suitable for <filename>clients.conf</filename>.

461

485

</para>

462

486

<para>

463

487

<userinput>&COMMANDNAME; --password</userinput>

477

501

</para>

478

502

</informalexample>

479

503

</refsect1>

480

504

481

505

482

506

<title>SECURITY</title>

483

507

<para>

492

516

<manvolnum>8</manvolnum></citerefentry>.

493

517

</para>

494

518

</refsect1>

495

519

496

520

497

521

498

522

<para>

523

<citerefentry><refentrytitle>intro</refentrytitle>

524

<manvolnum>8mandos</manvolnum></citerefentry>,

499

525

500

526

<manvolnum>1</manvolnum></citerefentry>,

501

527

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

502

528

<manvolnum>5</manvolnum></citerefentry>,

503

529

<citerefentry><refentrytitle>mandos</refentrytitle>

504

530

<manvolnum>8</manvolnum></citerefentry>,

505

<citerefentry><refentrytitle>password-request</refentrytitle>

506

<manvolnum>8mandos</manvolnum></citerefentry>

531

<citerefentry><refentrytitle>mandos-client</refentrytitle>

532

<manvolnum>8mandos</manvolnum></citerefentry>,

533

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

534

507

535

</para>

508

536

</refsect1>

509

537

Older »