/mandos/trunk : revision 780

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2015-08-02 09:36:40 UTC
Revision ID: teddy@recompile.se-20150802093640-nc0n17rbmqlbaxuf

Add D-Bus annotations on a few properties on the Client object.

The D-Bus property "Secret" on the interface
"se.recompile.Mandos.Client" should have the annotation
"org.freedesktop.DBus.Property.EmitsChangedSignal" set to
"invalidates".  Also, the properties "Created", "Fingerprint", "Name",
and "ObjectPath" should have the same annotation set to "const".

* mandos (ClientDBus.Name_dbus_property): Set annotation
                    "org.freedesktop.DBus.Property.EmitsChangedSignal"
                    to "const".
  (ClientDBus.Fingerprint_dbus_property): - '' -
  (ClientDBus.Created_dbus_property): - '' -
  (ClientDBus.ObjectPath_dbus_property): - '' -
  (ClientDBus.Secret_dbus_property): Set annotation
                    "org.freedesktop.DBus.Property.EmitsChangedSignal"
                    to "invalidates".

files added:
.bzr-builddeb

.bzr-builddeb/default.conf

DBUS-API

INSTALL

NEWS

common.ent

dbus-mandos.conf

debian

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.examples

debian/mandos-client.links

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/po

debian/rules

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

default-mandos

init.d-mandos

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.conf

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

files removed:
plugins.d/usplash

files renamed:
plugins.d/password-request.c => plugins.d/mandos-client.c

plugins.d/password-request.xml => plugins.d/mandos-client.xml

files modified:
.bzrignore

Makefile

README

TODO

clients.conf

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

overview.xml

plugin-runner.c

plugin-runner.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-03">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

<xi:include href="legalnotice.xml"/>

</refentryinfo>

<refentrytitle>&COMMANDNAME;</refentrytitle>

Generate key and password for Mandos client and server.

</refpurpose>

</refnamediv>

<command>&COMMANDNAME;</command>

115

123

116

124

</group>

117

125

<sbr/>

118

<arg><option>--force</option></arg>

126

<group>

127

<arg choice="plain"><option>--force</option></arg>

128

129

</group>

119

130

</cmdsynopsis>

120

131

121

132

<command>&COMMANDNAME;</command>

122

133

123

134

<arg choice="plain"><option>--password</option></arg>

124

135

136

<arg choice="plain"><option>--passfile

137

138

139

125

140

</group>

126

141

<sbr/>

127

142

<group>

137

152

<arg choice="plain"><option>-n

138

153

139

154

</group>

155

<group>

156

157

158

</group>

140

159

</cmdsynopsis>

141

160

142

161

<command>&COMMANDNAME;</command>

159

178

<para>

160

179

<command>&COMMANDNAME;</command> is a program to generate the

161

180

OpenPGP key used by

162

<citerefentry><refentrytitle>password-request</refentrytitle>

181

<citerefentry><refentrytitle>mandos-client</refentrytitle>

163

182

<manvolnum>8mandos</manvolnum></citerefentry>. The key is

164

183

normally written to /etc/mandos for later installation into the

165

184

initrd image, but this, and most other things, can be changed

167

186

</para>

168

187

<para>

169

188

This program can also be used with the

170

<option>--password</option> option to generate a ready-made

171

section for <filename>clients.conf</filename> (see

189

<option>--password</option> or <option>--passfile</option>

190

options to generate a ready-made section for

191

<filename>clients.conf</filename> (see

172

192

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

173

193

<manvolnum>5</manvolnum></citerefentry>).

174

194

</para>

197

217

</para>

198

218

</listitem>

199

219

</varlistentry>

200

220

201

221

202

222

<term><option>--dir

203

223

<replaceable>DIRECTORY</replaceable></option></term>

206

226

207

227

<para>

208

228

Target directory for key files. Default is

209

<filename>/etc/mandos</filename>.

229

<filename class="directory">/etc/mandos</filename>.

210

230

</para>

211

231

</listitem>

212

232

</varlistentry>

213

233

214

234

215

235

<term><option>--type

216

236

218

238

219

239

220

240

<para>

221

Key type. Default is <quote>DSA</quote>.

241

Key type. Default is <quote>RSA</quote>.

222

242

</para>

223

243

</listitem>

224

244

</varlistentry>

225

245

226

246

227

247

<term><option>--length

228

248

230

250

231

251

232

252

<para>

233

Key length in bits. Default is 2048.

253

Key length in bits. Default is 4096.

234

254

</para>

235

255

</listitem>

236

256

</varlistentry>

237

257

238

258

239

259

<term><option>--subtype

240

260

<replaceable>KEYTYPE</replaceable></option></term>

242

262

<replaceable>KEYTYPE</replaceable></option></term>

243

263

244

264

<para>

245

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

265

Subkey type. Default is <quote>RSA</quote> (Elgamal

246

266

encryption-only).

247

267

</para>

248

268

</listitem>

249

269

</varlistentry>

250

270

251

271

252

272

<term><option>--sublength

253

273

255

275

256

276

257

277

<para>

258

Subkey length in bits. Default is 2048.

278

Subkey length in bits. Default is 4096.

259

279

</para>

260

280

</listitem>

261

281

</varlistentry>

262

282

263

283

264

284

<term><option>--email

265

285

<replaceable>ADDRESS</replaceable></option></term>

271

291

</para>

272

292

</listitem>

273

293

</varlistentry>

274

294

275

295

276

296

<term><option>--comment

277

297

279

299

280

300

281

301

<para>

282

Comment field for key. The default value is

283

<quote><literal>Mandos client key</literal></quote>.

302

Comment field for key. Default is empty.

284

303

</para>

285

304

</listitem>

286

305

</varlistentry>

287

306

288

307

289

308

<term><option>--expire

290

309

298

317

</para>

299

318

</listitem>

300

319

</varlistentry>

301

320

302

321

303

322

<term><option>--force</option></term>

304

323

326

345

</para>

327

346

</listitem>

328

347

</varlistentry>

348

349

<term><option>--passfile

350

351

<term><option>-F

352

353

354

<para>

355

The same as <option>--password</option>, but read from

356

<replaceable>FILE</replaceable>, not the terminal.

357

</para>

358

</listitem>

359

</varlistentry>

360

361

362

363

364

<para>

365

When <option>--password</option> or

366

<option>--passfile</option> is given, this option will

367

prevent <command>&COMMANDNAME;</command> from calling

368

<command>ssh-keyscan</command> to get an SSH fingerprint

369

for this host and, if successful, output suitable config

370

options to use this fingerprint as a

371

<option>checker</option> option in the output. This is

372

otherwise the default behavior.

373

</para>

374

</listitem>

375

</varlistentry>

329

376

</variablelist>

330

377

</refsect1>

331

378

332

379

333

380

<title>OVERVIEW</title>

334

381

<xi:include href="overview.xml"/>

338

385

<filename>clients.conf</filename> on the server.

339

386

</para>

340

387

</refsect1>

341

388

342

389

343

390

<title>EXIT STATUS</title>

344

391

<para>

364

411

</variablelist>

365

412

</refsect1>

366

413

367

414

368

415

<title>FILES</title>

369

416

<para>

370

417

Use the <option>--dir</option> option to change where

391

438

</listitem>

392

439

</varlistentry>

393

440

394

441

395

442

396

443

<para>

397

444

Temporary files will be written here if

401

448

</varlistentry>

402

449

</variablelist>

403

450

</refsect1>

404

451

405

452

406

453

407

454

408

455

409

456

410

457

411

458

412

459

<title>EXAMPLE</title>

413

460

432

479

</informalexample>

433

480

434

481

<para>

435

Prompt for a password, encrypt it with the key in

436

<filename>/etc/mandos</filename> and output a section suitable

437

for <filename>clients.conf</filename>.

482

Prompt for a password, encrypt it with the key in <filename

483

class="directory">/etc/mandos</filename> and output a section

484

suitable for <filename>clients.conf</filename>.

438

485

</para>

439

486

<para>

440

487

<userinput>&COMMANDNAME; --password</userinput>

454

501

</para>

455

502

</informalexample>

456

503

</refsect1>

457

504

458

505

459

506

<title>SECURITY</title>

460

507

<para>

469

516

<manvolnum>8</manvolnum></citerefentry>.

470

517

</para>

471

518

</refsect1>

472

519

473

520

474

521

475

522

<para>

523

<citerefentry><refentrytitle>intro</refentrytitle>

524

<manvolnum>8mandos</manvolnum></citerefentry>,

476

525

477

526

<manvolnum>1</manvolnum></citerefentry>,

478

527

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

479

528

<manvolnum>5</manvolnum></citerefentry>,

480

529

<citerefentry><refentrytitle>mandos</refentrytitle>

481

530

<manvolnum>8</manvolnum></citerefentry>,

482

<citerefentry><refentrytitle>password-request</refentrytitle>

483

<manvolnum>8mandos</manvolnum></citerefentry>

531

<citerefentry><refentrytitle>mandos-client</refentrytitle>

532

<manvolnum>8mandos</manvolnum></citerefentry>,

533

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

534

484

535

</para>

485

536

</refsect1>

486

537

Older »