/mandos/trunk

To get this branch, use:

bzr branch
http://bzr.recompile.se/loggerhead/mandos/trunk

« back to all changes in this revision

Viewing changes to intro.xml

Committer: Teddy Hogeborn
Date: 2018-08-19 14:06:55 UTC
Revision ID: teddy@recompile.se-20180819140655-ghsl0d4jsx8xwg44

Move UMASK setting to more proper place

* Makefile (install-client-nokey): Also install new conf files
"initramfs-tools-conf".
* debian/mandos-client.dirs: Add "usr/share/initramfs-tools/conf.d".
* initramfs-tools-conf: New file which sets UMASK.
* initramfs-tools-hook: Change comment to correctly state new location
of UMASK setting.
* initramfs-tools-hook-conf: Remove UMASK setting.

files added:
initramfs-tools-hook-conf

files removed:
debian/mandos-client.templates

debian/mandos.templates

files modified:
DBUS-API

INSTALL

Makefile

NEWS

TODO

clients.conf

common.ent

debian/changelog

debian/control

debian/copyright

debian/mandos-client.README.Debian

debian/mandos-client.dirs

debian/mandos-client.lintian-overrides

debian/mandos-client.postinst

debian/mandos-client.postrm

debian/mandos.lintian-overrides

debian/mandos.postinst

initramfs-tools-script-stop *

intro.xml

mandos

mandos-clients.conf.xml

mandos-ctl

mandos-ctl.xml

mandos-keygen

mandos-keygen.xml

mandos-monitor

mandos-monitor.xml

mandos-options.xml

mandos-to-cryptroot-unlock *

mandos.conf.xml

mandos.lsm

mandos.xml

overview.xml

plugin-runner.xml

plugins.d/askpass-fifo.xml

plugins.d/mandos-client.c

plugins.d/mandos-client.xml

plugins.d/password-prompt.xml

plugins.d/plymouth.xml

plugins.d/splashy.xml

plugins.d/usplash.xml

Show diffs side-by-side

added added

removed removed

1

1

<?xml version="1.0" encoding="UTF-8"?>

2

2

<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"

3

3

"http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [

4

<!ENTITY TIMESTAMP "2019-02-10">

4

<!ENTITY TIMESTAMP "2018-02-08">

5

5

<!ENTITY % common SYSTEM "common.ent">

6

6

%common;

7

7

]>

38

38

<year>2016</year>

39

39

<year>2017</year>

40

40

<year>2018</year>

41

<year>2019</year>

42

41

<holder>Teddy Hogeborn</holder>

43

42

<holder>Björn Påhlsson</holder>

44

43

</copyright>

68

67

The computers run a small client program in the initial RAM disk

69

68

environment which will communicate with a server over a network.

70

69

All network communication is encrypted using TLS. The clients

71

are identified by the server using a TLS public key; each client

70

are identified by the server using an OpenPGP key; each client

72

71

has one unique to it. The server sends the clients an encrypted

73

72

password. The encrypted password is decrypted by the clients

74

using a separate OpenPGP key, and the password is then used to

73

using the same OpenPGP key, and the password is then used to

75

74

unlock the root file system, whereupon the computers can

76

75

continue booting normally.

77

76

</para>

201

200

<para>

202

201

No. The server only gives out the passwords to clients which

203

202

have <emphasis>in the TLS handshake</emphasis> proven that

204

they do indeed hold the private key corresponding to that

205

client.

203

they do indeed hold the OpenPGP private key corresponding to

204

that client.

206

205

</para>

207

206

</refsect2>

208

207

Older »