trustman

Langue: en

Version: 2007-05-22 (mandriva - 01/05/08)

Section: 1 (Commandes utilisateur)

NAME

trustman - manage keys used as trust anchors

SYNOPSIS

trustman [options]

DESCRIPTION

trustman runs by default as a daemon to verify if keys stored locally in configuration files (named.conf or dnsval.conf) still match the same keys as fetched from the zone where they are defined. If mismatches are detected, the daemon:

sets an add holddown timer for new keys; sets a remove holddown timer for missing keys; removes revoked keys from the conf file.

On subsequent runs, the timers are checked and if the times are reached, adds keys to the conf file or removes them, as appropriate.

The same check can be run once manually (-S) and in the foreground (-f).

This script can also be used to set up configuration data in the file dnssec-tools.conf for later use by the daemon, making fewer command line arguments necessary. Configuration data is stored in dnssec-tools.conf. The current version requires you to edit dnssec-tools.conf by hand and supply values for the contact person email address (tacontact) and the SMTP server (tasmtpserver). Also edit the location of named.conf and dnsval.conf in that file if necessary.

OPTIONS

-a
A persistent data file for storing new keys waiting to be added.
-c
Create a configure file for trustman from the command line options given.
-d
The domain to check (supersedes configuration file)
-f
Run in the foreground
-h
Help
-k
A dnsval.conf file to read
-L
Log messages to syslog.
-m
Mail address for the contact person to whom reports should be sent
-n
A named.conf file to read
-N
Send report when there are no errors.
-o
Output file for configuration
-p
Log/print messages to stdout.
-r
A resolv.conf file to read (can use /dev/null to force libval to recursively answer the query rather than asking other name servers)
-s
SMTP server trustman should use to send reports
-S
Run only once
-t
The number of seconds to sleep between checks. Default is 3600 (one hour)
-v
Verbose.
-V
Version.
-w
The value of the hold down timer
Copyright 2006 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

POD ERRORS

Hey! The above document had some coding errors, which are explained below:
Around line 1313:
=over should be: '=over' or '=over positive_number'
Around line 1392:
=back doesn't take any parameters, but you said =back #unindent =head1 PRE-REQUISITES