Mandos 1.0.3 (Default branch)

01-06-2009

Registered User

26,240, 27

Join Date: Sep 2000

Last Activity: 1 August 2008, 3:09 PM EDT

Posts: 26,240

Thanks Given: 0

Thanked 27 Times in 26 Posts

Mandos 1.0.3 (Default branch)

The Mandos system allows computers to have encrypted root file systems and at the same time be capable of remote or unattended reboots. The computers run a small client program in the initial RAM disk environment which will communicate with a server over a network. All network communication is encrypted using TLS. The clients are identified by the server using an OpenPGP key that is unique to each client. The server sends the clients an encrypted password. The encrypted password is decrypted by the clients using the same OpenPGP key, and the password is then used to unlock the root file system.License: GNU General Public License v3Changes:
The server now tries to change to user and group"_mandos" before falling back to trying the oldvalues "mandos", "nobody:nogroup", and "65534".Server startup no longer aborts even if no clientsare defined in clients.conf. Plugins named"*.dpkg-bak" are now ignored by the client. Acompilation failure on some architectures wherethe C compiler does not recognize the "-z" optionas a linker option was hopefully fixed.

More...

Linux Bot

View Public Profile for Linux Bot

Find all posts by Linux Bot

PASSWORD-PROMPT(8mandos) Mandos Manual PASSWORD-PROMPT(8mandos) NAME
password-prompt - Prompt for a password and output it. SYNOPSIS
password-prompt [--prefix PREFIX | -p PREFIX] [--debug] password-prompt {--help | -?} password-prompt --usage password-prompt {--version | -V} DESCRIPTION
All password-prompt does is prompt for a password and output any given password to standard output. This program is not very useful on its own. This program is really meant to run as a plugin in the Mandos client-side system, where it is used as a fallback and alternative to retrieving passwords from a Mandos server. This program is little more than a getpass(3) wrapper, although actual use of that function is not guaranteed or implied. OPTIONS
This program is commonly not invoked from the command line; it is normally started by the Mandos plugin runner, see plugin-runner(8mandos). Any command line options this program accepts are therefore normally provided by the plugin runner, and not directly. --prefix=PREFIX, -p PREFIX Prefix string shown before the password prompt. --debug Enable debug mode. This will enable a lot of output to standard error about what the program is doing. The program will still perform all other functions normally. --help, -? Gives a help message about options and their meanings. --usage Gives a short usage message. --version, -V Prints the program version. EXIT STATUS
If exit status is 0, the output from the program is the password as it was read. Otherwise, if exit status is other than 0, the program has encountered an error, and any output so far could be corrupt and/or truncated, and should therefore be ignored. ENVIRONMENT
CRYPTTAB_SOURCE, CRYPTTAB_NAME If set, these environment variables will be assumed to contain the source device name and the target device mapper name, respectively, and will be shown as part of the prompt. These variables will normally be inherited from plugin-runner(8mandos), which will normally have inherited them from /scripts/local-top/cryptroot in the initial RAM disk environment, which will have set them from parsing kernel arguments and /conf/conf.d/cryptroot (also in the initial RAM disk environment), which in turn will have been created when the initial RAM disk image was created by /usr/share/initramfs-tools/hooks/cryptroot, by extracting the information of the root file system from /etc/crypttab. This behavior is meant to exactly mirror the behavior of askpass, the default password prompter. BUGS
None are known at this time. EXAMPLE
Note that normally, command line options will not be given directly, but via options for the Mandos plugin-runner(8mandos). Normal invocation needs no options: password-prompt Show a prefix before the prompt; in this case, a host name. It might be useful to be reminded of which host needs a password, in case of KVM switches, etc. password-prompt --prefix=host.example.org: Run in debug mode. password-prompt --debug SECURITY
On its own, this program is very simple, and does not exactly present any security risks. The one thing that could be considered worthy of note is this: This program is meant to be run by plugin-runner(8mandos), and will, when run standalone, outside, in a normal environment, immediately output on its standard output any presumably secret password it just received. Therefore, when running this program standalone (which should never normally be done), take care not to type in any real secret password by force of habit, since it would then immediately be shown as output. To further alleviate any risk of being locked out of a system, the plugin-runner(8mandos) has a fallback mode which does the same thing as this program, only with less features. SEE ALSO
intro(8mandos) crypttab(5) mandos-client(8mandos) plugin-runner(8mandos), COPYRIGHT
Copyright (C) 2008-2009, 2011-2012 Teddy Hogeborn, Bjorn Pahlsson This manual page is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This manual page is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see http://www.gnu.org/licenses/. Mandos 1.5.5 2012-01-01 PASSWORD-PROMPT(8mandos)

Software Releases - RSS News

Mandos 1.0.3 (Default branch)

LEARN ABOUT DEBIAN

password-prompt