X-Git-Url: https://git.adam-barratt.org.uk/?a=blobdiff_plain;f=html%2Fdoc-mail.wml;fp=html%2Fdoc-mail.wml;h=1544ad1d48e84cf4a380507de91aaa1820162fb9;hb=67b97e55d95a26cfbc551c7f87fc233fb00bb7e2;hp=0000000000000000000000000000000000000000;hpb=75ef846aa2230392b498cf9294f57d0705e59744;p=mirror%2Fuserdir-ldap-cgi.git
diff --git a/html/doc-mail.wml b/html/doc-mail.wml
new file mode 100644
index 0000000..1544ad1
--- /dev/null
+++ b/html/doc-mail.wml
@@ -0,0 +1,157 @@
+#use wml::db.d.o title="LDAP Gateway"
+
+
+The LDAP directory has a PGP secured mail gateway that
+allows users to safely and conveniently effect changes to their entries. It
+makes use of PGP signed input messages to positively identify the user and
+to confirm the validity of the request. Furthermore it implements a replay
+cache that prevents the gateway from accepting the same message more than
+once.
+
+
+There are three functions logically split into 3 separate email addresses
+that are implemented by the gateway: ping, new password and
+changes. The function to act on is the first argument to the program.
+
+
+Error handling is currently done by generating a bounce message and passing
+descriptive error text to the mailer. This can generate a somewhat hard to
+read error message, but it does have all the relevant information.
+
+
Ping
+The ping command simply returns the users public record. It is useful for
+testing the gateway and for the requester to get a basic dump of their
+record. In future this address might 'freshen' the record to indicate the
+user is alive. Any PGP signed message will produce a reply.
+
+New Password
+If a user looses their password they can request that a new one be generated
+for them. This is done by sending the phrase "Please change my Debian
+password" to chpasswd@db.debian.org. The phrase is required to prevent the
+daemon from triggering on arbitrary signed email. The best way to invoke this
+feature is with
+echo "Please change my Debian password" | gpg --clearsign | mail chpasswd@db.debian.org
+After validating the request the daemon will generate a new random password,
+set it in the directory and respond with an encrypted message containing the
+new password. The password can be changed using one of the other interface
+methods.
+
+Changes
+An address (changes@db.debian.org) is provided for making almost arbitrary
+changes to the contents of the record. The daemon parses its input line by
+line and acts on each line in a command oriented manner. Anything, except for
+passwords, can be changed using this mechanism. Note however that because
+this is a mail gateway it does stringent checking on its input. The other
+tools allow fields to be set to virtually anything, the gateway requires
+specific field formats to be met.
+
+
+- A line of the form 'field: value' will change the contents of
+the field to value. Some simple checks are performed on value to make sure
+that it is not set to nonsense. You can't set an empty string as
+value, use del instead (see below). The values that can
+be changed are:
+c, l, facsimileTelephoneNumber, telephoneNumber,
+postalAddress, postalCode,
+loginShell, emailForward,
+jabberJID, ircNick, icqUin,
+onVacation,
+labledURI,
+birthDate (YYYYMMDD),
+mailDisableMessage,
+mailGreylisting (TRUE|FALSE),
+mailCallout (TRUE|FALSE),
+mailContentInspectionAction (markup|blackhole|reject)
+mailDefaultOptions (TRUE|FALSE),
+bATVToken,
+VoIP,
+and gender (1|2|9|male|female|unspecified).
+
+
- A line of the form 'del field' will completly remove all
+occurrences of a field. Useful e.g. to unset your vacation status.
+The fields that can be deleted are:
+c, l, facsimileTelephoneNumber, telephoneNumber,
+postalAddress, postalCode, emailForward,
+onVacation, labeledURI, latitude, longitude, dnsZoneEntry,
+ircNick, jabberJID, icquin,
+sshRSAAuthKey,
+mailGreylisting,
+mailCallout,
+mailRBL,
+mailRHSBL,
+mailDisableMessage,
+mailWhitelist,
+mailContentInspectionAction,
+mailDefaultOptions,
+bATVToken,
+birthDate,
+jpegPhoto, VoIP
+
+
- The daemon has a special parser to help changing latitude and longitude
+values. It accepts several common formats for position information and
+converts them to one of the standard forms. The permitted types are
+
D = Degrees, M = Minutes, S = Seconds, x = n,s,e,w
++-DDD.DDDDD, +- DDDMM.MMMM, +-DDDMMSS.SSSS [standard forms]
+DDxMM.MMMM, DD:MM.MMMM x, DD:MM:SS.SSS X)
+and the request format is 'Lat: xxx Long: xxx' where xxx
+is one of the permitted types. The resulting response will include how the
+input was parsed and the value in decimal degrees.
+
+ -
+Part of the replicated dataset is a virtual .ssh/authorized_keys file for
+each user. The change address is the simplest way to set the RSA key(s) you
+intend to use. Simply place a key on a line by itself, the full SSH key
+format specification is supported, see sshd(8). Probably the most common way
+to use this function will be
+
cat .ssh/id_rsa.pub | gpg --clearsign | mail changes@db.debian.org
+which will set the authentication key to the identity you are using.
+
+Multiple keys per user are supported, but they must all be sent at once.
+
+ - RBL, RHSBL, and whitelists can only be updated via the mail gateway. Like
+DNS and ssh keys, any list specified must be specified in its enterity. The format is:
+listtype dns.domain.of.rbl/IP to whitelist where listtype is one of mailRBL,
+mailRHSBL, and mailWhitelist
+
+
- Debian.net DNS Zone Entry. The only way to get a debian.net address is
+to use the mail gateway. It
+will verify the request and prevent name collisions automatically. Requests
+can take three forms: 'foo in a 1.2.3.4', 'foo in cname
+foo.bar.', or 'foo in mx 10 foo.bar.' (note the trailing dot).
+Note that you
+cannot combine CNAME with any other record types. The precise form
+is critical and must not be deviated from.
+Like the SSH function above, multiple hosts are supported, but they must all
+be sent at once. The debian.net zone is reloaded hourly.
+
+
- If the single word show appears on a line then a PGP encrypted version
+of the entire record will be attached to the resulting email.
+
+
+After processing the requests the daemon will generate a report which contains
+each input command and the action taken. If there are any parsing errors
+processing stops immediately, but valid changes up to that point are
+processed.
+
+Notes
+
+In this document PGP refers to any message or key that GnuPG is
+able to generate or parse, specifically it includes both PGP2.x and OpenPGP
+(aka GnuPG) keys.
+
+Due to the replay cache the clock on the computer that generates the
+signatures has to be accurate to at least one day. If it is off by several
+months or more then the daemon will outright reject all messages.
+
+Examples are given using GnuPG, but PGP 2.x can also be used. The correct
+options to generate a clear signed ascii armored message in 'filter' mode
+are pgp -fast which does the same as gpg --clearsign
+
+Debian.org machines rely on secured replication to transfer login data out
+of the database. Replication is performed at 15 min intervals so it can take
+a short while before any changes made take effect.
+
+If the mail you're sending to the mail robot is too long for your MTA
+and gets split please use a different mail origin or pass the mail to
+the MTA on a debian.org machine, e.g. gluck:
+
cat .ssh/id_rsa.pub | gpg --clearsign | ssh gluck mail changes@db.debian.org