Mandos on Fedora/RHEL
Nathanael D. Noblet
nathanael at gnat.ca
Mon Nov 4 22:20:52 CET 2013
On 10/28/2013 02:46 AM, Teddy Hogeborn wrote:
> Nathanael Noblet <nathanael at gnat.ca> writes:
>
>>> I've yet to look seriously into this.
>>
>> I'll take a look at it this week. I've never dug too deeply in there
>> however I can't imagine its overly more complicated than any other
>> initramfs type system.
>
> What we need is the ability to override the "ask-for-password" part, and
> it's not obvious that the makers of initramfs system should think of
> this as a feature. But we'll see what's in there, I suppose.
Hello,
So I have a proof of concept systemd "ask password agent" that works
for a F19 machine. However it hardcodes everything for test purposes...
For example my little c program runs this very specific command
"mandos-client --pubkey=/path/to/pubkey.txt --seckey=/path/to/seckey.txt
-c 192.168.4.100:55055"
That obviously isn't ideal. I see in your sources you have a
plugin-runner. Is that part of the initrd system in debian? For example
I'm wondering about the whole plugin-runner.conf file. Does the mandos
client have a config file at all? Where is the proper place to put some
of the defaults/configuration of the mandos client?
What I would prefer is that the ask-password agent simply calls
mandos-client, and captures its output. As it stands I have to manually
tell it where everything is. I mean it probably isn't a big deal when
the initrd image is created to place the pubkey and seckey in the
correct place. However how does one configure the networking aspects?
Sincerely,
--
Nathanael d. Noblet
t 403.875.4613
More information about the Mandos-Dev
mailing list