/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

  • Committer: Teddy Hogeborn
  • Date: 2016-03-13 00:37:02 UTC
  • Revision ID: teddy@recompile.se-20160313003702-dulwtwt8ilpojra9
Server: Fix bug where it did not exit timely on signals

Use GLib.unix_signal_add() instead of signal.signal() to catch
signals; this will allow GLib to do its internal magic with signal
file descriptors.  (GLib does not handle signals properly otherwise.)
The function unix_signal_add() requires GLib 2.30 or later, which was
not required by PyGobject until version 3.7.1, so depend on this.

* INSTALL (Mandos Server): Document dependency on PyGObject 3.7.1
* mandos (main): Use GLib.unix_signal_add instead of signal.signal.
* init.d-mandos (do_stop): Remove workaround.
* mandos.service ([Service]): - '' -

Show diffs side-by-side

added added

removed removed

Lines of Context:
1
 
<?xml version='1.0' encoding='UTF-8'?>
 
1
<?xml version="1.0" encoding="UTF-8"?>
2
2
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3
3
        "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
4
 
<!ENTITY VERSION "1.0">
5
4
<!ENTITY COMMANDNAME "mandos-keygen">
6
 
<!ENTITY OVERVIEW SYSTEM "overview.xml">
 
5
<!ENTITY TIMESTAMP "2016-03-05">
 
6
<!ENTITY % common SYSTEM "common.ent">
 
7
%common;
7
8
]>
8
9
 
9
 
<refentry>
 
10
<refentry xmlns:xi="http://www.w3.org/2001/XInclude">
10
11
  <refentryinfo>
11
 
    <title>&COMMANDNAME;</title>
12
 
    <!-- NWalsh's docbook scripts use this to generate the footer: -->
13
 
    <productname>&COMMANDNAME;</productname>
14
 
    <productnumber>&VERSION;</productnumber>
 
12
    <title>Mandos Manual</title>
 
13
    <!-- NWalsh’s docbook scripts use this to generate the footer: -->
 
14
    <productname>Mandos</productname>
 
15
    <productnumber>&version;</productnumber>
 
16
    <date>&TIMESTAMP;</date>
15
17
    <authorgroup>
16
18
      <author>
17
19
        <firstname>Björn</firstname>
18
20
        <surname>Påhlsson</surname>
19
21
        <address>
20
 
          <email>belorn@fukt.bsnet.se</email>
 
22
          <email>belorn@recompile.se</email>
21
23
        </address>
22
24
      </author>
23
25
      <author>
24
26
        <firstname>Teddy</firstname>
25
27
        <surname>Hogeborn</surname>
26
28
        <address>
27
 
          <email>teddy@fukt.bsnet.se</email>
 
29
          <email>teddy@recompile.se</email>
28
30
        </address>
29
31
      </author>
30
32
    </authorgroup>
31
33
    <copyright>
32
34
      <year>2008</year>
33
 
      <holder>Teddy Hogeborn &amp; Björn Påhlsson</holder>
 
35
      <year>2009</year>
 
36
      <year>2010</year>
 
37
      <year>2011</year>
 
38
      <year>2012</year>
 
39
      <year>2013</year>
 
40
      <year>2014</year>
 
41
      <year>2015</year>
 
42
      <year>2016</year>
 
43
      <holder>Teddy Hogeborn</holder>
 
44
      <holder>Björn Påhlsson</holder>
34
45
    </copyright>
35
 
    <legalnotice>
36
 
      <para>
37
 
        This manual page is free software: you can redistribute it
38
 
        and/or modify it under the terms of the GNU General Public
39
 
        License as published by the Free Software Foundation,
40
 
        either version 3 of the License, or (at your option) any
41
 
        later version.
42
 
      </para>
43
 
 
44
 
      <para>
45
 
        This manual page is distributed in the hope that it will
46
 
        be useful, but WITHOUT ANY WARRANTY; without even the
47
 
        implied warranty of MERCHANTABILITY or FITNESS FOR A
48
 
        PARTICULAR PURPOSE.  See the GNU General Public License
49
 
        for more details.
50
 
      </para>
51
 
 
52
 
      <para>
53
 
        You should have received a copy of the GNU General Public
54
 
        License along with this program; If not, see
55
 
        <ulink url="http://www.gnu.org/licenses/"/>.
56
 
      </para>
57
 
    </legalnotice>
 
46
    <xi:include href="legalnotice.xml"/>
58
47
  </refentryinfo>
59
 
 
 
48
  
60
49
  <refmeta>
61
50
    <refentrytitle>&COMMANDNAME;</refentrytitle>
62
51
    <manvolnum>8</manvolnum>
65
54
  <refnamediv>
66
55
    <refname><command>&COMMANDNAME;</command></refname>
67
56
    <refpurpose>
68
 
      Generate keys for <citerefentry><refentrytitle>password-request
69
 
      </refentrytitle><manvolnum>8mandos</manvolnum></citerefentry>
 
57
      Generate key and password for Mandos client and server.
70
58
    </refpurpose>
71
59
  </refnamediv>
72
 
 
 
60
  
73
61
  <refsynopsisdiv>
74
62
    <cmdsynopsis>
75
63
      <command>&COMMANDNAME;</command>
76
 
      <group choice="opt">
77
 
        <arg choice="plain"><option>--dir</option>
78
 
        <replaceable>directory</replaceable></arg>
79
 
      </group>
80
 
      <group choice="opt">
81
 
        <arg choice="plain"><option>--type</option>
82
 
        <replaceable>type</replaceable></arg>
83
 
      </group>
84
 
      <group choice="opt">
85
 
        <arg choice="plain"><option>--length</option>
86
 
        <replaceable>bits</replaceable></arg>
87
 
      </group>
88
 
      <group choice="opt">
89
 
        <arg choice="plain"><option>--name</option>
90
 
        <replaceable>NAME</replaceable></arg>
91
 
      </group>
92
 
      <group choice="opt">
93
 
        <arg choice="plain"><option>--email</option>
94
 
        <replaceable>EMAIL</replaceable></arg>
95
 
      </group>
96
 
      <group choice="opt">
97
 
        <arg choice="plain"><option>--comment</option>
98
 
        <replaceable>COMMENT</replaceable></arg>
99
 
      </group>
100
 
      <group choice="opt">
101
 
        <arg choice="plain"><option>--expire</option>
102
 
        <replaceable>TIME</replaceable></arg>
103
 
      </group>
104
 
      <group choice="opt">
 
64
      <group>
 
65
        <arg choice="plain"><option>--dir
 
66
        <replaceable>DIRECTORY</replaceable></option></arg>
 
67
        <arg choice="plain"><option>-d
 
68
        <replaceable>DIRECTORY</replaceable></option></arg>
 
69
      </group>
 
70
      <sbr/>
 
71
      <group>
 
72
        <arg choice="plain"><option>--type
 
73
        <replaceable>KEYTYPE</replaceable></option></arg>
 
74
        <arg choice="plain"><option>-t
 
75
        <replaceable>KEYTYPE</replaceable></option></arg>
 
76
      </group>
 
77
      <sbr/>
 
78
      <group>
 
79
        <arg choice="plain"><option>--length
 
80
        <replaceable>BITS</replaceable></option></arg>
 
81
        <arg choice="plain"><option>-l
 
82
        <replaceable>BITS</replaceable></option></arg>
 
83
      </group>
 
84
      <sbr/>
 
85
      <group>
 
86
        <arg choice="plain"><option>--subtype
 
87
        <replaceable>KEYTYPE</replaceable></option></arg>
 
88
        <arg choice="plain"><option>-s
 
89
        <replaceable>KEYTYPE</replaceable></option></arg>
 
90
      </group>
 
91
      <sbr/>
 
92
      <group>
 
93
        <arg choice="plain"><option>--sublength
 
94
        <replaceable>BITS</replaceable></option></arg>
 
95
        <arg choice="plain"><option>-L
 
96
        <replaceable>BITS</replaceable></option></arg>
 
97
      </group>
 
98
      <sbr/>
 
99
      <group>
 
100
        <arg choice="plain"><option>--name
 
101
        <replaceable>NAME</replaceable></option></arg>
 
102
        <arg choice="plain"><option>-n
 
103
        <replaceable>NAME</replaceable></option></arg>
 
104
      </group>
 
105
      <sbr/>
 
106
      <group>
 
107
        <arg choice="plain"><option>--email
 
108
        <replaceable>ADDRESS</replaceable></option></arg>
 
109
        <arg choice="plain"><option>-e
 
110
        <replaceable>ADDRESS</replaceable></option></arg>
 
111
      </group>
 
112
      <sbr/>
 
113
      <group>
 
114
        <arg choice="plain"><option>--comment
 
115
        <replaceable>TEXT</replaceable></option></arg>
 
116
        <arg choice="plain"><option>-c
 
117
        <replaceable>TEXT</replaceable></option></arg>
 
118
      </group>
 
119
      <sbr/>
 
120
      <group>
 
121
        <arg choice="plain"><option>--expire
 
122
        <replaceable>TIME</replaceable></option></arg>
 
123
        <arg choice="plain"><option>-x
 
124
        <replaceable>TIME</replaceable></option></arg>
 
125
      </group>
 
126
      <sbr/>
 
127
      <group>
105
128
        <arg choice="plain"><option>--force</option></arg>
106
 
      </group>
107
 
    </cmdsynopsis>
108
 
    <cmdsynopsis>
109
 
      <command>&COMMANDNAME;</command>
110
 
      <group choice="opt">
111
 
        <arg choice="plain"><option>-d</option>
112
 
        <replaceable>directory</replaceable></arg>
113
 
      </group>
114
 
      <group choice="opt">
115
 
        <arg choice="plain"><option>-t</option>
116
 
        <replaceable>type</replaceable></arg>
117
 
      </group>
118
 
      <group choice="opt">
119
 
        <arg choice="plain"><option>-l</option>
120
 
        <replaceable>bits</replaceable></arg>
121
 
      </group>
122
 
      <group choice="opt">
123
 
        <arg choice="plain"><option>-n</option>
124
 
        <replaceable>NAME</replaceable></arg>
125
 
      </group>
126
 
      <group choice="opt">
127
 
        <arg choice="plain"><option>-e</option>
128
 
        <replaceable>EMAIL</replaceable></arg>
129
 
      </group>
130
 
      <group choice="opt">
131
 
        <arg choice="plain"><option>-c</option>
132
 
        <replaceable>COMMENT</replaceable></arg>
133
 
      </group>
134
 
      <group choice="opt">
135
 
        <arg choice="plain"><option>-x</option>
136
 
        <replaceable>TIME</replaceable></arg>
137
 
      </group>
138
 
      <group choice="opt">
139
129
        <arg choice="plain"><option>-f</option></arg>
140
130
      </group>
141
131
    </cmdsynopsis>
142
132
    <cmdsynopsis>
143
133
      <command>&COMMANDNAME;</command>
144
134
      <group choice="req">
145
 
        <arg choice='plain'><option>-h</option></arg>
146
 
        <arg choice='plain'><option>--help</option></arg>
147
 
      </group>
148
 
    </cmdsynopsis>
149
 
    <cmdsynopsis>
150
 
      <command>&COMMANDNAME;</command>
151
 
      <group choice="req">
152
 
        <arg choice='plain'><option>-v</option></arg>
153
 
        <arg choice='plain'><option>--version</option></arg>
 
135
        <arg choice="plain"><option>--password</option></arg>
 
136
        <arg choice="plain"><option>-p</option></arg>
 
137
        <arg choice="plain"><option>--passfile
 
138
        <replaceable>FILE</replaceable></option></arg>
 
139
        <arg choice="plain"><option>-F</option>
 
140
        <replaceable>FILE</replaceable></arg>
 
141
      </group>
 
142
      <sbr/>
 
143
      <group>
 
144
        <arg choice="plain"><option>--dir
 
145
        <replaceable>DIRECTORY</replaceable></option></arg>
 
146
        <arg choice="plain"><option>-d
 
147
        <replaceable>DIRECTORY</replaceable></option></arg>
 
148
      </group>
 
149
      <sbr/>
 
150
      <group>
 
151
        <arg choice="plain"><option>--name
 
152
        <replaceable>NAME</replaceable></option></arg>
 
153
        <arg choice="plain"><option>-n
 
154
        <replaceable>NAME</replaceable></option></arg>
 
155
      </group>
 
156
      <group>
 
157
        <arg choice="plain"><option>--no-ssh</option></arg>
 
158
        <arg choice="plain"><option>-S</option></arg>
 
159
      </group>
 
160
    </cmdsynopsis>
 
161
    <cmdsynopsis>
 
162
      <command>&COMMANDNAME;</command>
 
163
      <group choice="req">
 
164
        <arg choice="plain"><option>--help</option></arg>
 
165
        <arg choice="plain"><option>-h</option></arg>
 
166
      </group>
 
167
    </cmdsynopsis>
 
168
    <cmdsynopsis>
 
169
      <command>&COMMANDNAME;</command>
 
170
      <group choice="req">
 
171
        <arg choice="plain"><option>--version</option></arg>
 
172
        <arg choice="plain"><option>-v</option></arg>
154
173
      </group>
155
174
    </cmdsynopsis>
156
175
  </refsynopsisdiv>
157
 
 
 
176
  
158
177
  <refsect1 id="description">
159
178
    <title>DESCRIPTION</title>
160
179
    <para>
161
180
      <command>&COMMANDNAME;</command> is a program to generate the
162
 
      OpenPGP keys used by
163
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
164
 
      <manvolnum>8mandos</manvolnum></citerefentry>.  The keys are
 
181
      OpenPGP key used by
 
182
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
183
      <manvolnum>8mandos</manvolnum></citerefentry>.  The key is
165
184
      normally written to /etc/mandos for later installation into the
166
 
      initrd image, but this, like most things, can be changed with
167
 
      command line options.
 
185
      initrd image, but this, and most other things, can be changed
 
186
      with command line options.
 
187
    </para>
 
188
    <para>
 
189
      This program can also be used with the
 
190
      <option>--password</option> or <option>--passfile</option>
 
191
      options to generate a ready-made section for
 
192
      <filename>clients.conf</filename> (see
 
193
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
194
      <manvolnum>5</manvolnum></citerefentry>).
168
195
    </para>
169
196
  </refsect1>
170
197
  
171
198
  <refsect1 id="purpose">
172
199
    <title>PURPOSE</title>
173
 
 
174
200
    <para>
175
201
      The purpose of this is to enable <emphasis>remote and unattended
176
202
      rebooting</emphasis> of client host computer with an
177
203
      <emphasis>encrypted root file system</emphasis>.  See <xref
178
204
      linkend="overview"/> for details.
179
205
    </para>
180
 
 
181
206
  </refsect1>
182
207
  
183
208
  <refsect1 id="options">
184
209
    <title>OPTIONS</title>
185
 
 
 
210
    
186
211
    <variablelist>
187
212
      <varlistentry>
188
 
        <term><literal>-h</literal>, <literal>--help</literal></term>
 
213
        <term><option>--help</option></term>
 
214
        <term><option>-h</option></term>
189
215
        <listitem>
190
216
          <para>
191
217
            Show a help message and exit
192
218
          </para>
193
219
        </listitem>
194
220
      </varlistentry>
195
 
 
196
 
      <varlistentry>
197
 
        <term><literal>-d</literal>, <literal>--dir
198
 
        <replaceable>directory</replaceable></literal></term>
199
 
        <listitem>
200
 
          <para>
201
 
            Target directory for key files.
202
 
          </para>
203
 
        </listitem>
204
 
      </varlistentry>
205
 
 
206
 
      <varlistentry>
207
 
        <term><literal>-t</literal>, <literal>--type
208
 
        <replaceable>type</replaceable></literal></term>
209
 
        <listitem>
210
 
          <para>
211
 
            Key type.  Default is DSA.
212
 
          </para>
213
 
        </listitem>
214
 
      </varlistentry>
215
 
 
216
 
      <varlistentry>
217
 
        <term><literal>-l</literal>, <literal>--length
218
 
        <replaceable>bits</replaceable></literal></term>
219
 
        <listitem>
220
 
          <para>
221
 
            Key length in bits.  Default is 1024.
222
 
          </para>
223
 
        </listitem>
224
 
      </varlistentry>
225
 
 
226
 
      <varlistentry>
227
 
        <term><literal>-e</literal>, <literal>--email</literal>
228
 
        <replaceable>address</replaceable></term>
 
221
      
 
222
      <varlistentry>
 
223
        <term><option>--dir
 
224
        <replaceable>DIRECTORY</replaceable></option></term>
 
225
        <term><option>-d
 
226
        <replaceable>DIRECTORY</replaceable></option></term>
 
227
        <listitem>
 
228
          <para>
 
229
            Target directory for key files.  Default is
 
230
            <filename class="directory">/etc/mandos</filename>.
 
231
          </para>
 
232
        </listitem>
 
233
      </varlistentry>
 
234
      
 
235
      <varlistentry>
 
236
        <term><option>--type
 
237
        <replaceable>TYPE</replaceable></option></term>
 
238
        <term><option>-t
 
239
        <replaceable>TYPE</replaceable></option></term>
 
240
        <listitem>
 
241
          <para>
 
242
            Key type.  Default is <quote>RSA</quote>.
 
243
          </para>
 
244
        </listitem>
 
245
      </varlistentry>
 
246
      
 
247
      <varlistentry>
 
248
        <term><option>--length
 
249
        <replaceable>BITS</replaceable></option></term>
 
250
        <term><option>-l
 
251
        <replaceable>BITS</replaceable></option></term>
 
252
        <listitem>
 
253
          <para>
 
254
            Key length in bits.  Default is 4096.
 
255
          </para>
 
256
        </listitem>
 
257
      </varlistentry>
 
258
      
 
259
      <varlistentry>
 
260
        <term><option>--subtype
 
261
        <replaceable>KEYTYPE</replaceable></option></term>
 
262
        <term><option>-s
 
263
        <replaceable>KEYTYPE</replaceable></option></term>
 
264
        <listitem>
 
265
          <para>
 
266
            Subkey type.  Default is <quote>RSA</quote> (Elgamal
 
267
            encryption-only).
 
268
          </para>
 
269
        </listitem>
 
270
      </varlistentry>
 
271
      
 
272
      <varlistentry>
 
273
        <term><option>--sublength
 
274
        <replaceable>BITS</replaceable></option></term>
 
275
        <term><option>-L
 
276
        <replaceable>BITS</replaceable></option></term>
 
277
        <listitem>
 
278
          <para>
 
279
            Subkey length in bits.  Default is 4096.
 
280
          </para>
 
281
        </listitem>
 
282
      </varlistentry>
 
283
      
 
284
      <varlistentry>
 
285
        <term><option>--email
 
286
        <replaceable>ADDRESS</replaceable></option></term>
 
287
        <term><option>-e
 
288
        <replaceable>ADDRESS</replaceable></option></term>
229
289
        <listitem>
230
290
          <para>
231
291
            Email address of key.  Default is empty.
232
292
          </para>
233
293
        </listitem>
234
294
      </varlistentry>
235
 
 
 
295
      
236
296
      <varlistentry>
237
 
        <term><literal>-c</literal>, <literal>--comment</literal>
238
 
        <replaceable>comment</replaceable></term>
 
297
        <term><option>--comment
 
298
        <replaceable>TEXT</replaceable></option></term>
 
299
        <term><option>-c
 
300
        <replaceable>TEXT</replaceable></option></term>
239
301
        <listitem>
240
302
          <para>
241
 
            Comment field for key.  The default value is
242
 
            "<literal>Mandos client key</literal>".
 
303
            Comment field for key.  Default is empty.
243
304
          </para>
244
305
        </listitem>
245
306
      </varlistentry>
246
 
 
 
307
      
247
308
      <varlistentry>
248
 
        <term><literal>-x</literal>, <literal>--expire</literal>
249
 
        <replaceable>time</replaceable></term>
 
309
        <term><option>--expire
 
310
        <replaceable>TIME</replaceable></option></term>
 
311
        <term><option>-x
 
312
        <replaceable>TIME</replaceable></option></term>
250
313
        <listitem>
251
314
          <para>
252
315
            Key expire time.  Default is no expiration.  See
255
318
          </para>
256
319
        </listitem>
257
320
      </varlistentry>
258
 
 
259
 
      <varlistentry>
260
 
        <term><literal>-f</literal>, <literal>--force</literal></term>
261
 
        <listitem>
262
 
          <para>
263
 
            Force overwriting old keys.
 
321
      
 
322
      <varlistentry>
 
323
        <term><option>--force</option></term>
 
324
        <term><option>-f</option></term>
 
325
        <listitem>
 
326
          <para>
 
327
            Force overwriting old key.
 
328
          </para>
 
329
        </listitem>
 
330
      </varlistentry>
 
331
      <varlistentry>
 
332
        <term><option>--password</option></term>
 
333
        <term><option>-p</option></term>
 
334
        <listitem>
 
335
          <para>
 
336
            Prompt for a password and encrypt it with the key already
 
337
            present in either <filename>/etc/mandos</filename> or the
 
338
            directory specified with the <option>--dir</option>
 
339
            option.  Outputs, on standard output, a section suitable
 
340
            for inclusion in <citerefentry><refentrytitle
 
341
            >mandos-clients.conf</refentrytitle><manvolnum
 
342
            >8</manvolnum></citerefentry>.  The host name or the name
 
343
            specified with the <option>--name</option> option is used
 
344
            for the section header.  All other options are ignored,
 
345
            and no key is created.
 
346
          </para>
 
347
        </listitem>
 
348
      </varlistentry>
 
349
      <varlistentry>
 
350
        <term><option>--passfile
 
351
        <replaceable>FILE</replaceable></option></term>
 
352
        <term><option>-F
 
353
        <replaceable>FILE</replaceable></option></term>
 
354
        <listitem>
 
355
          <para>
 
356
            The same as <option>--password</option>, but read from
 
357
            <replaceable>FILE</replaceable>, not the terminal.
 
358
          </para>
 
359
        </listitem>
 
360
      </varlistentry>
 
361
      <varlistentry>
 
362
        <term><option>--no-ssh</option></term>
 
363
        <term><option>-S</option></term>
 
364
        <listitem>
 
365
          <para>
 
366
            When <option>--password</option> or
 
367
            <option>--passfile</option> is given, this option will
 
368
            prevent <command>&COMMANDNAME;</command> from calling
 
369
            <command>ssh-keyscan</command> to get an SSH fingerprint
 
370
            for this host and, if successful, output suitable config
 
371
            options to use this fingerprint as a
 
372
            <option>checker</option> option in the output.  This is
 
373
            otherwise the default behavior.
264
374
          </para>
265
375
        </listitem>
266
376
      </varlistentry>
267
377
    </variablelist>
268
378
  </refsect1>
269
 
 
 
379
  
270
380
  <refsect1 id="overview">
271
381
    <title>OVERVIEW</title>
272
 
    &OVERVIEW;
 
382
    <xi:include href="overview.xml"/>
273
383
    <para>
274
 
      This program is a small program to generate new OpenPGP keys for
275
 
      new Mandos clients.
 
384
      This program is a small utility to generate new OpenPGP keys for
 
385
      new Mandos clients, and to generate sections for inclusion in
 
386
      <filename>clients.conf</filename> on the server.
276
387
    </para>
277
388
  </refsect1>
278
 
 
 
389
  
279
390
  <refsect1 id="exit_status">
280
391
    <title>EXIT STATUS</title>
281
392
    <para>
 
393
      The exit status will be 0 if a new key (or password, if the
 
394
      <option>--password</option> option was used) was successfully
 
395
      created, otherwise not.
282
396
    </para>
283
397
  </refsect1>
284
398
  
285
 
  <refsect1 id="file">
 
399
  <refsect1 id="environment">
 
400
    <title>ENVIRONMENT</title>
 
401
    <variablelist>
 
402
      <varlistentry>
 
403
        <term><envar>TMPDIR</envar></term>
 
404
        <listitem>
 
405
          <para>
 
406
            If set, temporary files will be created here. See
 
407
            <citerefentry><refentrytitle>mktemp</refentrytitle>
 
408
            <manvolnum>1</manvolnum></citerefentry>.
 
409
          </para>
 
410
        </listitem>
 
411
      </varlistentry>
 
412
    </variablelist>
 
413
  </refsect1>
 
414
  
 
415
  <refsect1 id="files">
286
416
    <title>FILES</title>
287
417
    <para>
 
418
      Use the <option>--dir</option> option to change where
 
419
      <command>&COMMANDNAME;</command> will write the key files.  The
 
420
      default file names are shown here.
288
421
    </para>
 
422
    <variablelist>
 
423
      <varlistentry>
 
424
        <term><filename>/etc/mandos/seckey.txt</filename></term>
 
425
        <listitem>
 
426
          <para>
 
427
            OpenPGP secret key file which will be created or
 
428
            overwritten.
 
429
          </para>
 
430
        </listitem>
 
431
      </varlistentry>
 
432
      <varlistentry>
 
433
        <term><filename>/etc/mandos/pubkey.txt</filename></term>
 
434
        <listitem>
 
435
          <para>
 
436
            OpenPGP public key file which will be created or
 
437
            overwritten.
 
438
          </para>
 
439
        </listitem>
 
440
      </varlistentry>
 
441
      <varlistentry>
 
442
        <term><filename class="directory">/tmp</filename></term>
 
443
        <listitem>
 
444
          <para>
 
445
            Temporary files will be written here if
 
446
            <varname>TMPDIR</varname> is not set.
 
447
          </para>
 
448
        </listitem>
 
449
      </varlistentry>
 
450
    </variablelist>
289
451
  </refsect1>
290
 
 
 
452
  
291
453
  <refsect1 id="bugs">
292
454
    <title>BUGS</title>
293
 
    <para>
294
 
    </para>
 
455
    <xi:include href="bugs.xml"/>
295
456
  </refsect1>
296
 
 
 
457
  
297
458
  <refsect1 id="example">
298
459
    <title>EXAMPLE</title>
299
 
    <para>
300
 
    </para>
 
460
    <informalexample>
 
461
      <para>
 
462
        Normal invocation needs no options:
 
463
      </para>
 
464
      <para>
 
465
        <userinput>&COMMANDNAME;</userinput>
 
466
      </para>
 
467
    </informalexample>
 
468
    <informalexample>
 
469
      <para>
 
470
        Create key in another directory and of another type.  Force
 
471
        overwriting old key files:
 
472
      </para>
 
473
      <para>
 
474
 
 
475
<!-- do not wrap this line -->
 
476
<userinput>&COMMANDNAME; --dir ~/keydir --type RSA --force</userinput>
 
477
 
 
478
      </para>
 
479
    </informalexample>
 
480
    <informalexample>
 
481
      <para>
 
482
        Prompt for a password, encrypt it with the key in <filename
 
483
        class="directory">/etc/mandos</filename> and output a section
 
484
        suitable for <filename>clients.conf</filename>.
 
485
      </para>
 
486
      <para>
 
487
        <userinput>&COMMANDNAME; --password</userinput>
 
488
      </para>
 
489
    </informalexample>
 
490
    <informalexample>
 
491
      <para>
 
492
        Prompt for a password, encrypt it with the key in the
 
493
        <filename>client-key</filename> directory and output a section
 
494
        suitable for <filename>clients.conf</filename>.
 
495
      </para>
 
496
      <para>
 
497
 
 
498
<!-- do not wrap this line -->
 
499
<userinput>&COMMANDNAME; --password --dir client-key</userinput>
 
500
 
 
501
      </para>
 
502
    </informalexample>
301
503
  </refsect1>
302
 
 
 
504
  
303
505
  <refsect1 id="security">
304
506
    <title>SECURITY</title>
305
507
    <para>
 
508
      The <option>--type</option>, <option>--length</option>,
 
509
      <option>--subtype</option>, and <option>--sublength</option>
 
510
      options can be used to create keys of low security.  If in
 
511
      doubt, leave them to the default values.
 
512
    </para>
 
513
    <para>
 
514
      The key expire time is <emphasis>not</emphasis> guaranteed to be
 
515
      honored by <citerefentry><refentrytitle>mandos</refentrytitle>
 
516
      <manvolnum>8</manvolnum></citerefentry>.
306
517
    </para>
307
518
  </refsect1>
308
 
 
 
519
  
309
520
  <refsect1 id="see_also">
310
521
    <title>SEE ALSO</title>
311
522
    <para>
312
 
      <citerefentry><refentrytitle>password-request</refentrytitle>
 
523
      <citerefentry><refentrytitle>intro</refentrytitle>
313
524
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
525
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
526
      <manvolnum>1</manvolnum></citerefentry>,
 
527
      <citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>
 
528
      <manvolnum>5</manvolnum></citerefentry>,
314
529
      <citerefentry><refentrytitle>mandos</refentrytitle>
315
 
      <manvolnum>8</manvolnum></citerefentry>, and
316
 
      <citerefentry><refentrytitle>gpg</refentrytitle>
 
530
      <manvolnum>8</manvolnum></citerefentry>,
 
531
      <citerefentry><refentrytitle>mandos-client</refentrytitle>
 
532
      <manvolnum>8mandos</manvolnum></citerefentry>,
 
533
      <citerefentry><refentrytitle>ssh-keyscan</refentrytitle>
317
534
      <manvolnum>1</manvolnum></citerefentry>
318
535
    </para>
319
536
  </refsect1>
320
537
  
321
538
</refentry>
 
539
<!-- Local Variables: -->
 
540
<!-- time-stamp-start: "<!ENTITY TIMESTAMP [\"']" -->
 
541
<!-- time-stamp-end: "[\"']>" -->
 
542
<!-- time-stamp-format: "%:y-%02m-%02d" -->
 
543
<!-- End: -->