/mandos/trunk : revision 782

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2015-08-02 16:57:09 UTC
Revision ID: teddy@recompile.se-20150802165709-k0vuxe3vjph3n5ss

Deprecate the D-Bus property "se.recompile.Mandos.Client.ObjectPath".

The D-Bus property "se.recompile.Mandos.Client.ObjectPath" is
unnecessary - is not used by mandos-monitor or mandos-ctl, and I
cannot see it being useful for anyone.

* DBUS-API (se.recompile.Mandos.Client.ObjectPath): Remove;
deprecated.
* mandos (ClientDBus.ObjectPath_dbus_property): Annotate as
deprecated.

files added:
initramfs-tools-hook-conf

files removed:
bugs.xml

debian/mandos-client.templates

debian/mandos.templates

debian/po/POTFILES.in

debian/po/de.po

debian/po/en_US.po

debian/po/fr.po

debian/po/nl.po

debian/po/pt.po

debian/po/sv.po

debian/po/templates.pot

debian/source/lintian-overrides

debian/tests

debian/tests/control

debian/upstream/metadata

dracut-module

dracut-module/ask-password-mandos.path

dracut-module/ask-password-mandos.service

dracut-module/cmdline-mandos.sh

dracut-module/module-setup.sh

dracut-module/password-agent.c

dracut-module/password-agent.xml

initramfs-tools-conf

initramfs-tools-conf-hook

initramfs-tools-script-stop

mandos-to-cryptroot-unlock

sysusers.d-mandos.conf

tmpfiles.d-mandos.conf

files modified:
.bzrignore

DBUS-API

INSTALL

Makefile

NEWS

README

TODO

clients.conf

common.ent

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.dirs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/rules

debian/watch

init.d-mandos

initramfs-tools-hook

initramfs-tools-script

initramfs-unpack

intro.xml

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos.conf.xml

mandos.lsm

mandos.service

mandos.xml

network-hooks.d/bridge

network-hooks.d/openvpn

network-hooks.d/wireless

overview.xml

plugin-helpers/mandos-client-iprouteadddel.c

plugin-runner.c

plugin-runner.xml

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

intro.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY TIMESTAMP "2019-08-04">

<!ENTITY TIMESTAMP "2015-07-20">

<!ENTITY % common SYSTEM "common.ent">

%common;

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

The computers run a small client program in the initial RAM disk

environment which will communicate with a server over a network.

All network communication is encrypted using TLS. The clients

are identified by the server using a TLS public key; each client

are identified by the server using an OpenPGP key; each client

has one unique to it. The server sends the clients an encrypted

password. The encrypted password is decrypted by the clients

using a separate OpenPGP key, and the password is then used to

using the same OpenPGP key, and the password is then used to

unlock the root file system, whereupon the computers can

continue booting normally.

</para>

<title>INTRODUCTION</title>

<para>

<!-- This paragraph is a combination and paraphrase of two

quotes from the 1995 movie “The Usual Suspects”. -->

You know how it is. You’ve heard of it happening. The Man

comes and takes away your servers, your friends’ servers, the

servers of everybody in the same hosting facility. The servers

131

125

</para>

132

126

<para>

133

127

So, at boot time, the Mandos client will ask for its encrypted

134

data over the network, decrypt the data to get the password, use

135

the password to decrypt the root file system, and the client can

136

then continue booting.

128

data over the network, decrypt it to get the password, use it to

129

decrypt the root file, and continue booting.

137

130

</para>

138

131

<para>

139

132

Now, of course the initial RAM disk image is not on the

145

138

long, and will no longer give out the encrypted key. The timing

146

139

here is the only real weak point, and the method, frequency and

147

140

timeout of the server’s checking can be adjusted to any desired

148

level of paranoia.

141

level of paranoia

149

142

</para>

150

143

<para>

151

144

(The encrypted keys on the Mandos server is on its normal file

202

195

<para>

203

196

No. The server only gives out the passwords to clients which

204

197

have <emphasis>in the TLS handshake</emphasis> proven that

205

they do indeed hold the private key corresponding to that

206

client.

198

they do indeed hold the OpenPGP private key corresponding to

199

that client.

207

200

</para>

208

201

</refsect2>

209

202

384

377

plugin requirements.

385

378

</para>

386

379

</refsect1>

387

388

389

<title>SYSTEMD</title>

390

<para>

391

More advanced startup systems like <citerefentry><refentrytitle

392

>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,

393

already have their own plugin-like mechanisms for allowing

394

multiple agents to independently retrieve a password and deliver

395

it to the subsystem requesting a password to unlock the root

396

file system. On these systems, it would make no sense to run

397

<citerefentry><refentrytitle>plugin-runner</refentrytitle

398

><manvolnum>8mandos</manvolnum></citerefentry>, the plugins of

399

which would largely duplicate the work of (and conflict with)

400

the existing systems prompting for passwords.

401

</para>

402

<para>

403

As for <citerefentry><refentrytitle>systemd</refentrytitle

404

><manvolnum>1</manvolnum></citerefentry> in particular, it has

405

its own <ulink

406

url="https://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/"

407

>Password Agents</ulink> system. Mandos uses this via its

408

<citerefentry><refentrytitle>password-agent</refentrytitle

409

><manvolnum>8mandos</manvolnum></citerefentry> program, which

410

is run instead of <citerefentry><refentrytitle

411

>plugin-runner</refentrytitle><manvolnum>8mandos</manvolnum

412

></citerefentry> when <citerefentry><refentrytitle

413

>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>

414

is used during system startup.

415

</para>

416

</refsect1>

417

418

419

<xi:include href="bugs.xml"/>

420

</refsect1>

421

380

422

381

423

382

434

393

<manvolnum>8</manvolnum></citerefentry>,

435

394

<citerefentry><refentrytitle>plugin-runner</refentrytitle>

436

395

<manvolnum>8mandos</manvolnum></citerefentry>,

437

<citerefentry><refentrytitle>password-agent</refentrytitle>

438

<manvolnum>8mandos</manvolnum></citerefentry>,

439

396

<citerefentry><refentrytitle>mandos-client</refentrytitle>

440

397

<manvolnum>8mandos</manvolnum></citerefentry>,

441

398

<citerefentry><refentrytitle>password-prompt</refentrytitle>

454

411

455

412

456

413

<term>

457

<ulink url="https://www.recompile.se/mandos">Mandos</ulink>

414

<ulink url="http://www.recompile.se/mandos">Mandos</ulink>

458

415

</term>

459

416

460

417

<para>

Older »