/mandos/trunk : revision 951

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to mandos-keygen.xml

Committer: Teddy Hogeborn
Date: 2018-08-15 09:26:02 UTC
Revision ID: teddy@recompile.se-20180815092602-xoyb5s6gf8376i7u

http://bugs.debian.org/894495

mandos-client: Set system clock if necessary

* plugins.d/mandos-client.c (init_gpgme/import_key): If the system
  clock is not set, or set to january 1970, set the system clock to
  the more plausible value that is the mtime of the key file.  This is
  required by GnuPG to be able to import the keys.  (We can't pass the
  --ignore-time-conflict or the --ignore-valid-from options though
  GPGME.)

files added:
DBUS-API

NEWS

bugs.xml

common.ent

dbus-mandos.conf

debian/mandos-client.examples

debian/source

debian/source/format

debian/source/local-options

debian/upstream

debian/upstream/signing-key.asc

debian/watch

initramfs-unpack

intro.xml

mandos-ctl

mandos-ctl.xml

mandos-monitor

mandos-monitor.xml

mandos.lsm

mandos.service

network-hooks.d

network-hooks.d/bridge

network-hooks.d/bridge.conf

network-hooks.d/openvpn

network-hooks.d/openvpn.conf

network-hooks.d/wireless

network-hooks.d/wireless.conf

plugin-helpers

plugin-helpers/mandos-client-iprouteadddel.c

plugins.d/askpass-fifo.c

plugins.d/askpass-fifo.xml

plugins.d/plymouth.c

plugins.d/plymouth.xml

plugins.d/splashy.c

plugins.d/splashy.xml

plugins.d/usplash.c

plugins.d/usplash.xml

tmpfiles.d-mandos.conf

files removed:
debian/mandos-client.config

debian/mandos-client.templates

debian/mandos.config

debian/mandos.templates

debian/po/POTFILES.in

debian/po/sv.po

plugins.d/usplash

files modified:
.bzrignore

INSTALL

Makefile

README

TODO

clients.conf

debian/changelog

debian/compat

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.docs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.README.Debian

debian/mandos.dirs

debian/mandos.docs

debian/mandos.lintian-overrides

debian/mandos.postinst

debian/mandos.prerm

debian/rules

init.d-mandos

initramfs-tools-hook

initramfs-tools-hook-conf

initramfs-tools-script

legalnotice.xml

mandos

mandos-clients.conf.xml

mandos-keygen

mandos-keygen.xml

mandos-options.xml

mandos.conf

mandos.conf.xml

mandos.xml

plugin-runner.c

plugin-runner.conf

plugin-runner.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.c

plugins.d/password-prompt.xml

Show diffs side-by-side

added added

removed removed

mandos-keygen.xml

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

<!ENTITY VERSION "1.0">

<!ENTITY COMMANDNAME "mandos-keygen">

<!ENTITY TIMESTAMP "2008-09-20">

<!ENTITY TIMESTAMP "2018-02-08">

<!ENTITY % common SYSTEM "common.ent">

%common;

<title>Mandos Manual</title>

<productname>Mandos</productname>

<productnumber>&VERSION;</productnumber>

<productnumber>&version;</productnumber>

<date>&TIMESTAMP;</date>

<firstname>Björn</firstname>

<surname>Påhlsson</surname>

<email>belorn@fukt.bsnet.se</email>

<email>belorn@recompile.se</email>

</address>

</author>

<firstname>Teddy</firstname>

<surname>Hogeborn</surname>

<email>teddy@fukt.bsnet.se</email>

<email>teddy@recompile.se</email>

</address>

</author>

</authorgroup>

<holder>Teddy Hogeborn</holder>

<holder>Björn Påhlsson</holder>

</copyright>

115

126

116

127

</group>

117

128

<sbr/>

118

<arg><option>--force</option></arg>

129

<group>

130

<arg choice="plain"><option>--force</option></arg>

131

132

</group>

119

133

</cmdsynopsis>

120

134

121

135

<command>&COMMANDNAME;</command>

141

155

<arg choice="plain"><option>-n

142

156

143

157

</group>

158

<group>

159

160

161

</group>

144

162

</cmdsynopsis>

145

163

146

164

<command>&COMMANDNAME;</command>

211

229

212

230

<para>

213

231

Target directory for key files. Default is

214

<filename>/etc/mandos</filename>.

232

<filename class="directory">/etc/mandos</filename>.

215

233

</para>

216

234

</listitem>

217

235

</varlistentry>

223

241

224

242

225

243

<para>

226

Key type. Default is <quote>DSA</quote>.

244

Key type. Default is <quote>RSA</quote>.

227

245

</para>

228

246

</listitem>

229

247

</varlistentry>

235

253

236

254

237

255

<para>

238

Key length in bits. Default is 2048.

256

Key length in bits. Default is 4096.

239

257

</para>

240

258

</listitem>

241

259

</varlistentry>

247

265

<replaceable>KEYTYPE</replaceable></option></term>

248

266

249

267

<para>

250

Subkey type. Default is <quote>ELG-E</quote> (Elgamal

268

Subkey type. Default is <quote>RSA</quote> (Elgamal

251

269

encryption-only).

252

270

</para>

253

271

</listitem>

260

278

261

279

262

280

<para>

263

Subkey length in bits. Default is 2048.

281

Subkey length in bits. Default is 4096.

264

282

</para>

265

283

</listitem>

266

284

</varlistentry>

284

302

285

303

286

304

<para>

287

Comment field for key. The default value is

288

<quote><literal>Mandos client key</literal></quote>.

305

Comment field for key. Default is empty.

289

306

</para>

290

307

</listitem>

291

308

</varlistentry>

343

360

</para>

344

361

</listitem>

345

362

</varlistentry>

363

364

365

366

367

<para>

368

When <option>--password</option> or

369

<option>--passfile</option> is given, this option will

370

prevent <command>&COMMANDNAME;</command> from calling

371

<command>ssh-keyscan</command> to get an SSH fingerprint

372

for this host and, if successful, output suitable config

373

options to use this fingerprint as a

374

<option>checker</option> option in the output. This is

375

otherwise the default behavior.

376

</para>

377

</listitem>

378

</varlistentry>

346

379

</variablelist>

347

380

</refsect1>

348

381

414

</variablelist>

382

415

</refsect1>

383

416

384

417

385

418

<title>FILES</title>

386

419

<para>

387

420

Use the <option>--dir</option> option to change where

408

441

</listitem>

409

442

</varlistentry>

410

443

411

444

412

445

413

446

<para>

414

447

Temporary files will be written here if

419

452

</variablelist>

420

453

</refsect1>

421

454

422

423

424

425

426

455

456

457

<xi:include href="bugs.xml"/>

458

</refsect1>

427

459

428

460

429

461

<title>EXAMPLE</title>

449

481

</informalexample>

450

482

451

483

<para>

452

Prompt for a password, encrypt it with the key in

453

<filename>/etc/mandos</filename> and output a section suitable

454

for <filename>clients.conf</filename>.

484

Prompt for a password, encrypt it with the key in <filename

485

class="directory">/etc/mandos</filename> and output a section

486

suitable for <filename>clients.conf</filename>.

455

487

</para>

456

488

<para>

457

489

<userinput>&COMMANDNAME; --password</userinput>

490

522

491

523

492

524

<para>

525

<citerefentry><refentrytitle>intro</refentrytitle>

526

<manvolnum>8mandos</manvolnum></citerefentry>,

493

527

494

528

<manvolnum>1</manvolnum></citerefentry>,

495

529

<citerefentry><refentrytitle>mandos-clients.conf</refentrytitle>

497

531

<citerefentry><refentrytitle>mandos</refentrytitle>

498

532

<manvolnum>8</manvolnum></citerefentry>,

499

533

<citerefentry><refentrytitle>mandos-client</refentrytitle>

500

<manvolnum>8mandos</manvolnum></citerefentry>

534

<manvolnum>8mandos</manvolnum></citerefentry>,

535

<citerefentry><refentrytitle>ssh-keyscan</refentrytitle>

536

501

537

</para>

502

538

</refsect1>

503

539

Older »