2bb0ee1cd7
works and add a readme on how to set this up properly.
43 lines
1.4 KiB
Plaintext
43 lines
1.4 KiB
Plaintext
$OpenBSD: README-client,v 1.1 2012/05/18 10:28:05 robert Exp $
|
|
|
|
+-----------------------------------------------------------------------
|
|
| Running ${FULLPKGNAME} on OpenBSD
|
|
+-----------------------------------------------------------------------
|
|
|
|
A manual is available at:
|
|
http://la-samhna.de/samhain/manual/
|
|
|
|
By default, samhain uses the SRP (Secure Remote Password) protocol, with
|
|
a password that is embedded in the client binary, and a corresponding
|
|
verifier that is in the server configuration file.
|
|
|
|
To embed the password in the binary, there is a dummy password compiled in
|
|
as placeholder, and a utility called samhain_setpwd is provided which can
|
|
be used to change the embedded password.
|
|
|
|
For convenience, the server has functions to generate a random password
|
|
in the correct format.
|
|
|
|
Server side
|
|
===========
|
|
|
|
generate a random password in the correct format:
|
|
$ yule -G
|
|
|
|
and generate a corresponding entry for the server configuration file:
|
|
$ yule -P GENERATED_PASSWORD
|
|
|
|
The generated entry has a string 'HOSTNAME' that you should replace with
|
|
the fully qualified name of the client.
|
|
This entry must then be placed in the [Clients] section of the yule
|
|
configuration file.
|
|
|
|
Client side
|
|
===========
|
|
|
|
change the password in the samhain binary:
|
|
$ samhain_setpwd ${TRUEPREFIX}/sbin/samhain signed GENERATED_PASSWORD
|
|
|
|
This command will create the ${TRUEPREFIX}/sbin/samhain.signed binary
|
|
which has to be used when you are connecting to the server.
|