'\" t
.\"     Title: mandos.conf
.\"    Author: Bj\(:orn P\(oahlsson <belorn@recompile.se>
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\"      Date: 2013-10-23
.\"    Manual: Mandos Manual
.\"    Source: Mandos 1.6.9
.\"  Language: English
.\"
.TH "MANDOS\&.CONF" "5" "2013\-10\-23" "Mandos 1.6.9" "Mandos Manual"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
mandos.conf \- Configuration file for the Mandos server
.SH "SYNOPSIS"
.sp
.nf
/etc/mandos/mandos\&.conf
.fi
.SH "DESCRIPTION"
.PP
The file
/etc/mandos/mandos\&.conf
is a simple configuration file for
\fBmandos\fR(8), and is read by it at startup\&. The configuration file starts with
\(lq[DEFAULT]\(rq
on a line by itself, followed by any number of
\(lq\fI\fIoption\fR\fR=\fIvalue\fR\(rq
entries, with continuations in the style of RFC 822\&.
\(lq\fI\fIoption\fR\fR: \fIvalue\fR\(rq
is also accepted\&. Note that leading whitespace is removed from values\&. Lines beginning with
\(lq#\(rq
or
\(lq;\(rq
are ignored and may be used to provide comments\&.
.SH "OPTIONS"
.PP
\fBinterface\fR\fB = \fR\fB\fINAME\fR\fR
.RS 4
If this is specified, the server will only announce the service and listen to requests on the specified network interface\&. Default is to use all available interfaces\&.
\fINote:\fR
a failure to bind to the specified interface is not considered critical, and the server will not exit, but instead continue normally\&.
.RE
.PP
\fBaddress\fR\fB = \fR\fB\fIADDRESS\fR\fR
.RS 4
If this option is used, the server will only listen to the specified IPv6 address\&. If a link\-local address is specified, an interface should be set, since a link\-local address is only valid on a single interface\&. By default, the server will listen to all available addresses\&. If set, this must normally be an IPv6 address; an IPv4 address can only be specified using IPv4\-mapped IPv6 address syntax:
\(lq::FFFF:192\&.0\&.2\&.3\(rq\&. (Only if IPv6 usage is
\fIdisabled\fR
(see below) must this be an IPv4 address\&.)
.RE
.PP
\fBport\fR\fB = \fR\fB\fINUMBER\fR\fR
.RS 4
If this option is used, the server will bind to that port\&. By default, the server will listen to an arbitrary port given by the operating system\&.
.RE
.PP
\fBdebug\fR\fB = \fR\fB{ \fR\fB1\fR\fB | \fR\fByes\fR\fB | \fR\fBtrue\fR\fB | \fR\fBon\fR\fB | \fR\fB0\fR\fB | \fR\fBno\fR\fB | \fR\fBfalse\fR\fB | \fR\fBoff\fR\fB }\fR
.RS 4
If the server is run in debug mode, it will run in the foreground and print a lot of debugging information\&. The default is to
\fInot\fR
run in debug mode\&.
.RE
.PP
\fBpriority\fR\fB = \fR\fB\fISTRING\fR\fR
.RS 4
GnuTLS priority string for the
TLS
handshake\&. The default is
\(lqSECURE256:!CTYPE\-X\&.509:+CTYPE\-OPENPGP:+SIGN\-RSA\-SHA224: +SIGN\-RSA\-RMD160\(rq\&. See
\fBgnutls_priority_init\fR(3)
for the syntax\&.
\fIWarning\fR: changing this may make the
TLS
handshake fail, making server\-client communication impossible\&.
.RE
.PP
\fBservicename\fR\fB = \fR\fB\fINAME\fR\fR
.RS 4
Zeroconf service name\&. The default is
\(lqMandos\(rq\&. This only needs to be changed if for some reason is would be necessary to run more than one server on the same
\fIhost\fR\&. This would not normally be useful\&. If there are name collisions on the same
\fInetwork\fR, the newer server will automatically rename itself to
\(lqMandos #2\(rq, and so on; therefore, this option is not needed in that case\&.
.RE
.PP
\fBuse_dbus\fR\fB = \fR\fB{ \fR\fB1\fR\fB | \fR\fByes\fR\fB | \fR\fBtrue\fR\fB | \fR\fBon\fR\fB | \fR\fB0\fR\fB | \fR\fBno\fR\fB | \fR\fBfalse\fR\fB | \fR\fBoff\fR\fB }\fR
.RS 4
This option controls whether the server will provide a D\-Bus system bus interface\&. The default is to provide such an interface\&.
.RE
.PP
\fBuse_ipv6\fR\fB = \fR\fB{ \fR\fB1\fR\fB | \fR\fByes\fR\fB | \fR\fBtrue\fR\fB | \fR\fBon\fR\fB | \fR\fB0\fR\fB | \fR\fBno\fR\fB | \fR\fBfalse\fR\fB | \fR\fBoff\fR\fB }\fR
.RS 4
This option controls whether the server will use IPv6 sockets and addresses\&. The default is to use IPv6\&. This option should
\fInever\fR
normally be turned off,
\fIeven in IPv4\-only environments\fR\&. This is because
\fBmandos-client\fR(8mandos)
will normally use IPv6 link\-local addresses, and will not be able to find or connect to the server if this option is turned off\&.
\fIOnly advanced users should consider changing this option\fR\&.
.RE
.PP
\fBrestore\fR\fB = \fR\fB{ \fR\fB1\fR\fB | \fR\fByes\fR\fB | \fR\fBtrue\fR\fB | \fR\fBon\fR\fB | \fR\fB0\fR\fB | \fR\fBno\fR\fB | \fR\fBfalse\fR\fB | \fR\fBoff\fR\fB }\fR
.RS 4
This option controls whether the server will restore its state from the last time it ran\&. Default is to restore last state\&.
.RE
.PP
\fBstatedir\fR\fB = \fR\fB\fIDIRECTORY\fR\fR
.RS 4
Directory to save (and restore) state in\&. Default is
\(lq/var/lib/mandos\(rq\&.
.RE
.PP
\fBsocket\fR\fB = \fR\fB\fINUMBER\fR\fR
.RS 4
If this option is used, the server will not create a new network socket, but will instead use the supplied file descriptor\&. By default, the server will create a new network socket\&.
.RE
.SH "FILES"
.PP
The file described here is
/etc/mandos/mandos\&.conf
.SH "BUGS"
.PP
The
[DEFAULT]
is necessary because the Python built\-in module
ConfigParser
requires it\&.
.SH "EXAMPLE"
.PP
No options are actually required:
.sp
.if n \{\
.RS 4
.\}
.nf
[DEFAULT]
      
.fi
.if n \{\
.RE
.\}
.PP
An example using all the options:
.sp
.if n \{\
.RS 4
.\}
.nf
[DEFAULT]
# A configuration example
interface = eth0
address = fe80::aede:48ff:fe71:f6f2
port = 1025
debug = true
priority = SECURE256:!CTYPE\-X\&.509:+CTYPE\-OPENPGP
servicename = Daena
use_dbus = False
use_ipv6 = True
restore = True
statedir = /var/lib/mandos
      
.fi
.if n \{\
.RE
.\}
.SH "SEE ALSO"
.PP
\fBintro\fR(8mandos),
\fBgnutls_priority_init\fR(3),
\fBmandos\fR(8),
\fBmandos-clients.conf\fR(5)
.PP
RFC 4291: IP Version 6 Addressing Architecture
.RS 4
.PP
Section 2\&.2: Text Representation of Addresses
.RS 4
.RE
.PP
Section 2\&.5\&.5\&.2: IPv4\-Mapped IPv6 Address
.RS 4
.RE
.PP
Section 2\&.5\&.6, Link\-Local IPv6 Unicast Addresses
.RS 4
The clients use IPv6 link\-local addresses, which are immediately usable since a link\-local addresses is automatically assigned to a network interface when it is brought up\&.
.RE
.RE
.PP
\m[blue]\fBZeroconf\fR\m[]\&\s-2\u[1]\d\s+2
.RS 4
Zeroconf is the network protocol standard used by clients for finding the Mandos server on the local network\&.
.RE
.SH "COPYRIGHT"
.br
Copyright \(co 2008-2009, 2011-2013 Teddy Hogeborn, Bj\(:orn P\(oahlsson
.br
.PP
This manual page is free software: you can redistribute it and/or modify it under the terms of the
GNU
General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version\&.
.PP
This manual page is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE\&. See the
GNU
General Public License for more details\&.
.PP
You should have received a copy of the
GNU
General Public License along with this program\&. If not, see
\m[blue]\fBhttp://www\&.gnu\&.org/licenses/\fR\m[]\&.
.sp
.SH "NOTES"
.IP " 1." 4
Zeroconf
.RS 4
\%http://www.zeroconf.org/
.RE