/mandos/trunk

To get this branch, use:
bzr branch http://bzr.recompile.se/loggerhead/mandos/trunk
51 by Teddy Hogeborn
* clients.conf: Better comments. 
1
 
# Default settings for all clients.  These values are the default

2
 
# values, so uncomment and change them if you want different ones.
25 by Teddy Hogeborn
* mandos-clients.conf ([DEFAULT]): New section. 
3
 
[DEFAULT]
51 by Teddy Hogeborn
* clients.conf: Better comments. 
4
 







411
by Teddy Hogeborn


More consistent terminology: Clients are no longer "invalid" - they



5



# How long until a client is disabled and not be allowed to get the










6



# data this server holds.








1244
by Teddy Hogeborn


Add comment about duration syntax to default clients.conf.



7



# (RFC 3339 duration syntax)








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



8



;timeout = PT5M








51
by Teddy Hogeborn


* clients.conf: Better comments.



9












10



# How often to run the checker to confirm that a client is still up.










11



# Note: a new checker will not be started if an old one is still










12



# running.  The server will wait for a checker to complete until the








411
by Teddy Hogeborn


More consistent terminology: Clients are no longer "invalid" - they



13



# above "timeout" occurs, at which time the client will be disabled,










14



# and any running checker killed.








1244
by Teddy Hogeborn


Add comment about duration syntax to default clients.conf.



15



# (RFC 3339 duration syntax)








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



16



;interval = PT2M








499
by Teddy Hogeborn


* clients.conf ([DEFAULT]/timeout): Changed default value to "5m".



17












18



# Extended timeout is an added timeout that is given once after a










19



# password has been sent sucessfully to a client.  This allows for








500
by Teddy Hogeborn


* mandos-clients.conf.xml (OPTIONS): Moved up "extended_timeout" to



20



# additional delays caused by file system checks and quota checks.








1244
by Teddy Hogeborn


Add comment about duration syntax to default clients.conf.



21



# (RFC 3339 duration syntax)








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



22



;extended_timeout = PT15M








51
by Teddy Hogeborn


* clients.conf: Better comments.



23












24



# What command to run as "the checker".








257
by Teddy Hogeborn


Change the default value of the "checker" option command to make the



25



;checker = fping -q -- %%(host)s








51
by Teddy Hogeborn


* clients.conf: Better comments.



26










423
by Teddy Hogeborn


Documentation changes:



27



# Whether to approve a client by default after the approval delay.










28



;approved_by_default = True










29












30



# How long to wait for approval.








1244
by Teddy Hogeborn


Add comment about duration syntax to default clients.conf.



31



# (RFC 3339 duration syntax)








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



32



;approval_delay = PT0S








423
by Teddy Hogeborn


Documentation changes:



33












34



# How long one approval will last.








1244
by Teddy Hogeborn


Add comment about duration syntax to default clients.conf.



35



# (RFC 3339 duration syntax)








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



36



;approval_duration = PT1S








423
by Teddy Hogeborn


Documentation changes:



37










518.2.3
by Teddy Hogeborn


Make "enabled" a client config option.



38



# Whether this client is enabled by default










39



;enabled = True










40










51
by Teddy Hogeborn


* clients.conf: Better comments.



41












42



;####








63
by Teddy Hogeborn


Merge.



43



;# Example client








51
by Teddy Hogeborn


* clients.conf: Better comments.



44



;[foo]










45



;








962
by Teddy Hogeborn


Add support for using raw public keys in TLS (RFC 7250)



46



;# TLS public key ID










47



;key_id = f33fcbed11ed5e03073f6a55b86ffe92af0e24c045fb6e3b40547b3dc0c030ed










48



;








63
by Teddy Hogeborn


Merge.



49



;# OpenPGP key fingerprint








51
by Teddy Hogeborn


* clients.conf: Better comments.



50



;fingerprint =  7788 2722 5BA7 DE53 9C5A  7CFA 59CF F7CD BD9A 5920










51



;










52



;# This is base64-encoded binary data.  It will be decoded and sent to








1265
by Teddy Hogeborn


Clarify documentation and a comment about GnuTLS versions



53



;# the client matching the above key_id (for GnuTLS 3.6.6 or later) or










54



;# the above fingerprint (for GnuTLS before 3.6.0).  This should, of










55



;# course, be OpenPGP encrypted data, decryptable only by the client.








51
by Teddy Hogeborn


* clients.conf: Better comments.



56



;secret =










57



;        hQIOA6QdEjBs2L/HEAf/TCyrDe5Xnm9esa+Pb/vWF9CUqfn4srzVgSu234










58



;        REJMVv7lBSrPE2132Lmd2gqF1HeLKDJRSVxJpt6xoWOChGHg+TMyXDxK+N










59



;        Xl89vGvdU1XfhKkVm9MDLOgT5ECDPysDGHFPDhqHOSu3Kaw2DWMV/iH9vz










60



;        3Z20erVNbdcvyBnuojcoWO/6yfB5EQO0BXp7kcyy00USA3CjD5FGZdoQGI










61



;        Tb8A/ar0tVA5crSQmaSotm6KmNLhrFnZ5BxX+TiE+eTUTqSloWRY6VAvqW










62



;        QHC7OASxK5E6RXPBuFH5IohUA2Qbk5AHt99pYvsIPX88j2rWauOokoiKZo










63



;        t/9leJ8VxO5l3wf/U64IH8bkPIoWmWZfd/nqh4uwGNbCgKMyT+AnvH7kMJ










64



;        3i7DivfWl2mKLV0PyPHUNva0VQxX6yYjcOhj1R6fCr/at8/NSLe2OhLchz










65



;        dC+Ls9h+kvJXgF8Sisv+Wk/1RadPLFmraRlqvJwt6Ww21LpiXqXHV2mIgq










66



;        WnR98YgSvUi3TJHrUQiNc9YyBzuRo0AjgG2C9qiE3FM+Y28+iQ/sR3+bFs










67



;        zYuZKVTObqiIslwXu7imO0cvvFRgJF/6u3HNFQ4LUTGhiM3FQmC6NNlF3/










68



;        vJM2hwRDMcJqDd54Twx90Wh+tYz0z7QMsK4ANXWHHWHR0JchnLWmenzbtW










69



;        5MHdW9AYsNJZAQSOpirE4Xi31CSlWAi9KV+cUCmWF5zOFy1x23P6PjdaRm










70



;        4T2zw4dxS5NswXWU0sVEXxjs6PYxuIiCTL7vdpx8QjBkrPWDrAbcMyBr2O










71



;        QlnHIvPzEArRQLo=










72



;










73



;# Host name; used only by the checker, not used by the server itself.










74



;host = foo.example.org










75



;####










76












77



;####










78



;# Another example client, named "bar".










79



;[bar]








962
by Teddy Hogeborn


Add support for using raw public keys in TLS (RFC 7250)



80



;# The key ID is not space or case sensitive










81



;key_id = F33FCBED11ED5E03073F6A55B86FFE92 AF0E24C045FB6E3B40547B3DC0C030ED










82



;








51
by Teddy Hogeborn


* clients.conf: Better comments.



83



;# The fingerprint is not space or case sensitive










84



;fingerprint = 3e393aeaefb84c7e89e2f547b3a107558fca3a27










85



;










86



;# If "secret" is not specified, a file can be read for the data.








964
by Teddy Hogeborn


Doc fix: Change some "/etc/mandos" to "/etc/keys/mandos"



87



;secfile = /etc/keys/mandos/bar-secret.bin








51
by Teddy Hogeborn


* clients.conf: Better comments.



88



;










89



;# An IP address for host is also fine, if the checker accepts it.










90



;host = 192.0.2.3










91



;










92



;# Parameters from the [DEFAULT] section can be overridden per client.








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



93



;interval = PT1M








423
by Teddy Hogeborn


Documentation changes:



94



;










95



;# This client requires manual approval before it receives its secret.










96



;approved_by_default = False










97



;# Require approval within 30 seconds.








609
by Teddy Hogeborn


* clients.conf: Convert all time intervals to new RFC 3339 syntax.



98



;approval_delay = PT30S








51
by Teddy Hogeborn


* clients.conf: Better comments.



99



;####