/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-clients.conf.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-05 21:42:56 UTC
  • Revision ID: teddy@recompile.se-20160305214256-79progf0wfkd9068
Add bug reporting information to manual pages

* bugs.xml: New file.
* intro.xml (BUGS): New section; include "bugs.xml".
* mandos-clients.conf.xml (BUGS): Include "bugs.xml".
* mandos-ctl.xml (BUGS): Uncommented; include "bugs.xml".
* mandos-keygen.xml (BUGS): - '' -
* mandos-monitor.xml (BUGS): Include "bugs.xml".
* mandos.conf.xml (BUGS): - '' -
* mandos.xml (BUGS): - '' -
* plugin-runner.xml (BUGS): - '' -
* plugins.d/askpass-fifo.xml (BUGS): New section; include
                                     "../bugs.xml".
* plugins.d/mandos-client.xml (BUGS): Uncommented; include
                                     "../bugs.xml".
* plugins.d/password-prompt.xml (BUGS): Include "../bugs.xml".
* plugins.d/plymouth.xml (BUGS): - '' -
* plugins.d/splashy.xml (BUGS): - '' -
* plugins.d/usplash.xml (BUGS): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
mandos-clients.conf.xml
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
4
<!ENTITY CONFNAME "mandos-clients.conf">
5
5
<!ENTITY CONFPATH "<filename>/etc/mandos/clients.conf</filename>">
6
 
<!ENTITY TIMESTAMP "2012-05-27">
 
6
<!ENTITY TIMESTAMP "2016-03-05">
7
7
<!ENTITY % common SYSTEM "common.ent">
8
8
%common;
9
9
]>
37
37
      <year>2010</year>
38
38
      <year>2011</year>
39
39
      <year>2012</year>
 
40
      <year>2013</year>
 
41
      <year>2014</year>
 
42
      <year>2015</year>
 
43
      <year>2016</year>
40
44
      <holder>Teddy Hogeborn</holder>
41
45
      <holder>Björn Påhlsson</holder>
42
46
    </copyright>
117
121
          <para>
118
122
            How long to wait for external approval before resorting to
119
123
            use the <option>approved_by_default</option> value.  The
120
 
            default is <quote>0s</quote>, i.e. not to wait.
 
124
            default is <quote>PT0S</quote>, i.e. not to wait.
121
125
          </para>
122
126
          <para>
123
127
            The format of <replaceable>TIME</replaceable> is the same
177
181
            <varname>PATH</varname> will be searched.  The default
178
182
            value for the checker command is <quote><literal
179
183
            ><command>fping</command> <option>-q</option> <option
180
 
            >--</option> %%(host)s</literal></quote>.
 
184
            >--</option> %%(host)s</literal></quote>.  Note that
 
185
            <command>mandos-keygen</command>, when generating output
 
186
            to be inserted into this file, normally looks for an SSH
 
187
            server on the Mandos client, and, if it find one, outputs
 
188
            a <option>checker</option> option to check for the
 
189
            client’s key fingerprint – this is more secure against
 
190
            spoofing.
181
191
          </para>
182
192
          <para>
183
193
            In addition to normal start time expansion, this option
335
345
            <option>extended_timeout</option> option.
336
346
          </para>
337
347
          <para>
338
 
            The <replaceable>TIME</replaceable> is specified as a
339
 
            space-separated number of values, each of which is a
340
 
            number and a one-character suffix.  The suffix must be one
341
 
            of <quote>d</quote>, <quote>s</quote>, <quote>m</quote>,
342
 
            <quote>h</quote>, and <quote>w</quote> for days, seconds,
343
 
            minutes, hours, and weeks, respectively.  The values are
344
 
            added together to give the total time value, so all of
345
 
            <quote><literal>330s</literal></quote>,
346
 
            <quote><literal>110s 110s 110s</literal></quote>, and
347
 
            <quote><literal>5m 30s</literal></quote> will give a value
348
 
            of five minutes and thirty seconds.
 
348
            The <replaceable>TIME</replaceable> is specified as an RFC
 
349
            3339 duration; for example
 
350
            <quote><literal>P1Y2M3DT4H5M6S</literal></quote> meaning
 
351
            one year, two months, three days, four hours, five
 
352
            minutes, and six seconds.  Some values can be omitted, see
 
353
            RFC 3339 Appendix A for details.
349
354
          </para>
350
355
        </listitem>
351
356
      </varlistentry>
458
463
      <literal>%(<replaceable>foo</replaceable>)s</literal> is
459
464
      obscure.
460
465
    </para>
 
466
    <xi:include href="bugs.xml"/>
461
467
  </refsect1>
462
468
  
463
469
  <refsect1 id="example">
465
471
    <informalexample>
466
472
      <programlisting>
467
473
[DEFAULT]
468
 
timeout = 5m
469
 
interval = 2m
 
474
timeout = PT5M
 
475
interval = PT2M
470
476
checker = fping -q -- %%(host)s
471
477
 
472
478
# Client "foo"
489
495
        4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O
490
496
        QlnHIvPzEArRQLo=
491
497
host = foo.example.org
492
 
interval = 1m
 
498
interval = PT1M
493
499
 
494
500
# Client "bar"
495
501
[bar]
496
502
fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27
497
503
secfile = /etc/mandos/bar-secret
498
 
timeout = 15m
 
504
timeout = PT15M
499
505
approved_by_default = False
500
 
approval_delay = 30s
 
506
approval_delay = PT30S
501
507
      </programlisting>
502
508
    </informalexample>
503
509
  </refsect1>
516
522
      <citerefentry><refentrytitle>fping</refentrytitle>
517
523
      <manvolnum>8</manvolnum></citerefentry>
518
524
    </para>
 
525
    <variablelist>
 
526
      <varlistentry>
 
527
        <term>
 
528
          RFC 3339: <citetitle>Date and Time on the Internet:
 
529
          Timestamps</citetitle>
 
530
        </term>
 
531
      <listitem>
 
532
        <para>
 
533
          The time intervals are in the "duration" format, as
 
534
          specified in ABNF in Appendix A of RFC 3339.
 
535
        </para>
 
536
      </listitem>
 
537
      </varlistentry>
 
538
    </variablelist>
519
539
  </refsect1>
520
540
</refentry>
521
541
<!-- Local Variables: -->