mirror of https://github.com/tLDP/LDP
736 lines
20 KiB
Plaintext
736 lines
20 KiB
Plaintext
<!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook V3.1//EN">
|
|
|
|
<article>
|
|
|
|
<!-- Header -->
|
|
|
|
<artheader>
|
|
|
|
<title>Authentication Gateway HOWTO</title>
|
|
|
|
<author>
|
|
<firstname>Nathan</firstname>
|
|
<surname>Zorn</surname>
|
|
<affiliation>
|
|
<address>
|
|
<email>zornnh@musc.edu</email>
|
|
</address>
|
|
</affiliation>
|
|
</author>
|
|
|
|
<revhistory>
|
|
|
|
<revision>
|
|
<revnumber>0.04</revnumber>
|
|
<date>2002-02-28</date>
|
|
<authorinitials>nhz</authorinitials>
|
|
</revision>
|
|
|
|
<revision>
|
|
<revnumber>0.03</revnumber>
|
|
<date>2001-09-28</date>
|
|
<authorinitials>nhz</authorinitials>
|
|
</revision>
|
|
|
|
<revision>
|
|
<revnumber>0.02</revnumber>
|
|
<date>2001-09-28</date>
|
|
<authorinitials>KET</authorinitials>
|
|
</revision>
|
|
|
|
<revision>
|
|
<revnumber>0.01</revnumber>
|
|
<date>2001-09-06</date>
|
|
<authorinitials>nhz</authorinitials>
|
|
</revision>
|
|
|
|
|
|
<!-- Additional (*earlier*) revision histories go here -->
|
|
</revhistory>
|
|
|
|
<abstract>
|
|
<indexterm>
|
|
<primary></primary>
|
|
</indexterm>
|
|
|
|
<para>
|
|
There are many concerns with the security of wireless networks and
|
|
public access areas such as libraries or dormitories. These
|
|
concerns are not met with current security implementations. A work around
|
|
has been proposed by using an authentication gateway. This gateway
|
|
addresses the security concerns by forcing the user to authenticate
|
|
in order to use the network.
|
|
</para>
|
|
</abstract>
|
|
|
|
</artheader>
|
|
|
|
|
|
<!-- Section1: intro -->
|
|
|
|
<sect1 id="intro">
|
|
<title>Introduction</title>
|
|
|
|
<indexterm>
|
|
<primary>security!introduction</primary>
|
|
</indexterm>
|
|
|
|
|
|
<para>
|
|
With wireless networks and public acces areas it is very easy for
|
|
an unauthorized user to gain access. Unauthorized users can look
|
|
for a signal and grab connection information from the signal.
|
|
Unauthorized users can plug their machine into a public terminal and
|
|
gain access to the network. Security has been put in place such as
|
|
WEP, but this security can be subverted with tools like AirSnort.
|
|
One approach to solving these problems is to not rely on the wireless
|
|
security features , and instead to place an authentication gateway in
|
|
front of the wireless network or public access area and force users
|
|
to authenticate against it before using the network. This HOWTO describes
|
|
how to set up this gateway with Linux.
|
|
</para>
|
|
|
|
<!-- Section2: copyright -->
|
|
|
|
<sect2 id="copyright">
|
|
<title>Copyright Information</title>
|
|
|
|
<para>
|
|
This document is copyrighted (c) 2001 Nathan Zorn. Permission is granted
|
|
to copy, distribute and/or modify this document under the terms of the
|
|
GNU Free Documentation License, Version 1.1 or any later version published
|
|
by the Free Software Foundation; with no Invariant Sections, with no
|
|
Front-Cover Texts, and with no Back-Cover Texts. A copy of the license
|
|
is available at http://www.gnu.org/copyleft/fdl.html
|
|
|
|
</para>
|
|
|
|
<para>
|
|
If you have any questions, please contact
|
|
<email>zornnh@musc.edu</email>
|
|
</para>
|
|
</sect2>
|
|
|
|
<!-- Section2: disclaimer -->
|
|
|
|
<sect2 id="disclaimer">
|
|
<title>Disclaimer</title>
|
|
|
|
<para>
|
|
No liability for the contents of this documents can be accepted.
|
|
Use the concepts, examples and other content at your own risk.
|
|
As this is a new edition of this document, there may be errors
|
|
and inaccuracies, that may of course be damaging to your system.
|
|
Proceed with caution, and although this is highly unlikely,
|
|
the author(s) do not take any responsibility for that.
|
|
</para>
|
|
|
|
<para>
|
|
All copyrights are held by their by their respective owners, unless
|
|
specifically noted otherwise. Use of a term in this document
|
|
should not be regarded as affecting the validity of any trademark
|
|
or service mark.
|
|
</para>
|
|
|
|
<para>
|
|
Naming of particular products or brands should not be seen
|
|
as endorsements.
|
|
</para>
|
|
|
|
<para>
|
|
You are strongly recommended to take a backup of your system
|
|
before major installation and backups at regular intervals.
|
|
</para>
|
|
</sect2>
|
|
|
|
<!-- Section2: newversions-->
|
|
|
|
<sect2 id="newversions">
|
|
<title>New Versions</title>
|
|
|
|
<indexterm>
|
|
<primary>(your index root)!news on</primary>
|
|
</indexterm>
|
|
|
|
<para>
|
|
This is the initial release.
|
|
</para>
|
|
|
|
<para>
|
|
The newest release of this document can be found at <ulink url="http://www.itlab.musc.edu/~nathan/authentication_gateway/">http://www.itlab.musc.edu/~nathan/authentication_gateway/</ulink>.
|
|
Related HOWTOs can be found at the
|
|
<ulink url="http://www.linuxdoc.org/">Linux Documentation
|
|
Project</ulink> homepage.
|
|
</para>
|
|
</sect2>
|
|
|
|
<!-- Section2: credits -->
|
|
|
|
<sect2 id="credits">
|
|
<title>Credits</title>
|
|
<para>Jamin W. Collins</para>
|
|
<para>Kristin E Thomas</para>
|
|
</sect2>
|
|
|
|
|
|
<!-- Section2: feedback -->
|
|
|
|
<sect2 id="feedback">
|
|
<title>Feedback</title>
|
|
|
|
<para>
|
|
Feedback is most certainly welcome for this document. Without
|
|
your submissions and input, this document wouldn't exist. Please
|
|
send your additions, comments and criticisms to the following
|
|
email address : <email>zornnh@musc.edu</email>.
|
|
</para>
|
|
</sect2>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: intro: END -->
|
|
|
|
|
|
<!-- Section1: services -->
|
|
|
|
<sect1 id="services">
|
|
<title>What is needed</title>
|
|
|
|
<para>
|
|
This section describes what is needed for the authentication gateway.
|
|
</para>
|
|
|
|
|
|
|
|
<sect2 id="netfilter">
|
|
<title>Netfilter</title>
|
|
|
|
|
|
<para>
|
|
The authentication gateway uses Netfilter and iptables to manage the
|
|
firewall. Please see the
|
|
<ulink url="http://netfilter.samba.org/unreliable-guides/packet-filtering-HOWTO/index.html">Netfilter HOWTO</ulink>.
|
|
</para>
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
|
|
<sect2 id="pamiptables">
|
|
<title>PAM for Netfilter rules.</title>
|
|
|
|
<para>
|
|
This is a pluggable authentication module (PAM) written by Nathan Zorn that can be found
|
|
at <ulink url="http://www.itlab.musc.edu/~nathan/pam_iptables/">http://www.itlab.musc.edu/~nathan/pam_iptables</ulink>.
|
|
</para>
|
|
|
|
|
|
</sect2>
|
|
|
|
|
|
<sect2 id="dhcpd">
|
|
<title>DHCP Server</title>
|
|
|
|
<para>
|
|
The authentication gateway will act as the dynamic host
|
|
configuration protocol (DHCP) server for the public network. It
|
|
only serves those requesting DHCP services on the public
|
|
network. I used the <ulink url="http://www.isc.org/products/DHCP/">ISC DHCP Server
|
|
</ulink>.
|
|
</para>
|
|
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="authentication">
|
|
<title>Authentication mechanism</title>
|
|
|
|
<para>The gateway can use any means of PAM authentication.
|
|
The authentication mechanism the Medical University of South
|
|
Carolina uses is LDAP. Since LDAP was used for authentication,
|
|
the pam modules on the gateway box were set up to use
|
|
LDAP. More information can be found at <ulink
|
|
url="http://www.padl.com/pam_ldap.html">http://www.padl.com/pam_ldap.html</ulink>.
|
|
PAM allows you to use many means of authentication. Please see
|
|
the documentation for the PAM module you would like to use. For
|
|
more information on other methods, see <ulink url="http://www.kernel.org/pub/linux/libs/pam/modules.html">pam modules</ulink>.
|
|
</para>
|
|
</sect2>
|
|
|
|
<sect2 id="dnsserver">
|
|
<title>DNS Server</title>
|
|
|
|
<para>
|
|
The gateway box also serves as a DNS server for the public
|
|
network. I installed <ulink
|
|
url="http://www.isc.org/products/BIND/">Bind</ulink>, and set it
|
|
up as a caching nameserver. The rpm package
|
|
caching-namserver was also used. This package came with Red Hat.
|
|
</para>
|
|
</sect2>
|
|
</sect1>
|
|
|
|
|
|
|
|
|
|
<sect1 id="setup">
|
|
<title>Setting up the Gateway Services</title>
|
|
|
|
<para>
|
|
This section describes how to setup each piece of
|
|
the authentication gateway. The examples used are for a public
|
|
network in the 10.0.1.0 subnet. eth0 is the interface on
|
|
the box that is connected to the internal network. eth1 is the
|
|
interface connected to the public network. The IP address used
|
|
for this interface is 10.0.1.1. These settings can be
|
|
changed to fit the network you are using. Red Hat 7.1 was used for
|
|
the gateway box, so a lot of the examples are specific to Red Hat.
|
|
</para>
|
|
|
|
|
|
|
|
<sect2 id="netfiltersetup">
|
|
<title>Netfilter Setup</title>
|
|
|
|
|
|
<para>
|
|
To setup netfilter the kernel must be recompiled to include netfilter
|
|
support. Please see the <ulink url="http://www.linuxdoc.org/HOWTO/Kernel-HOWTO.html">Kernel-HOWTO</ulink>
|
|
for more information on configuring and compiling your kernel.
|
|
</para>
|
|
<para>
|
|
This is what my kernel configuration looked like.
|
|
<screen>
|
|
#
|
|
# Networking options
|
|
#
|
|
CONFIG_PACKET=y
|
|
# CONFIG_PACKET_MMAP is not set
|
|
# CONFIG_NETLINK is not set
|
|
CONFIG_NETFILTER=y
|
|
CONFIG_NETFILTER_DEBUG=y
|
|
CONFIG_FILTER=y
|
|
CONFIG_UNIX=y
|
|
CONFIG_INET=y
|
|
CONFIG_IP_MULTICAST=y
|
|
# CONFIG_IP_ADVANCED_ROUTER is not set
|
|
# CONFIG_IP_PNP is not set
|
|
# CONFIG_NET_IPIP is not set
|
|
# CONFIG_NET_IPGRE is not set
|
|
# CONFIG_IP_MROUTE is not set
|
|
# CONFIG_INET_ECN is not set
|
|
# CONFIG_SYN_COOKIES is not set
|
|
|
|
|
|
# IP: Netfilter Configuration
|
|
#
|
|
CONFIG_IP_NF_CONNTRACK=y
|
|
CONFIG_IP_NF_FTP=y
|
|
CONFIG_IP_NF_IPTABLES=y
|
|
CONFIG_IP_NF_MATCH_LIMIT=y
|
|
CONFIG_IP_NF_MATCH_MAC=y
|
|
CONFIG_IP_NF_MATCH_MARK=y
|
|
CONFIG_IP_NF_MATCH_MULTIPORT=y
|
|
CONFIG_IP_NF_MATCH_TOS=y
|
|
CONFIG_IP_NF_MATCH_TCPMSS=y
|
|
CONFIG_IP_NF_MATCH_STATE=y
|
|
CONFIG_IP_NF_MATCH_UNCLEAN=y
|
|
CONFIG_IP_NF_MATCH_OWNER=y
|
|
CONFIG_IP_NF_FILTER=y
|
|
CONFIG_IP_NF_TARGET_REJECT=y
|
|
CONFIG_IP_NF_TARGET_MIRROR=y
|
|
CONFIG_IP_NF_NAT=y
|
|
CONFIG_IP_NF_NAT_NEEDED=y
|
|
CONFIG_IP_NF_TARGET_MASQUERADE=y
|
|
CONFIG_IP_NF_TARGET_REDIRECT=y
|
|
CONFIG_IP_NF_NAT_FTP=y
|
|
CONFIG_IP_NF_MANGLE=y
|
|
CONFIG_IP_NF_TARGET_TOS=y
|
|
CONFIG_IP_NF_TARGET_MARK=y
|
|
CONFIG_IP_NF_TARGET_LOG=y
|
|
CONFIG_IP_NF_TARGET_TCPMSS=y
|
|
</screen>
|
|
</para>
|
|
<para>
|
|
iptables needs to be installed. To install iptables either use
|
|
a package from your distribution or install from source.
|
|
Once the above options were compiled in the new kernel and iptables
|
|
was installed, I set the following default firewall rules.
|
|
</para>
|
|
|
|
<screen>
|
|
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
|
|
iptables -A INPUT -i eth0 -m state --state NEW, INVALID -j DROP
|
|
iptables -A FORWARD -i eth0 -m state --state NEW, INVALID -j DROP
|
|
iptables -I FORWARD -o eth0 -j DROP
|
|
iptables -I FORWARD -s 10.0.1.0/24 -d 10.0.1.1 -j ACCEPT
|
|
</screen>
|
|
|
|
<para>
|
|
The above commands can also be put in an initscript to start up when
|
|
the server restarts.
|
|
To make sure the rules have been added issue the following
|
|
commands:
|
|
</para>
|
|
|
|
<screen>
|
|
iptables -v -t nat -L
|
|
iptables -v -t filter -L
|
|
</screen>
|
|
|
|
<para>
|
|
To save these rules I used Red Hat's init scripts.
|
|
</para>
|
|
|
|
<screen>
|
|
/etc/init.d/iptables save
|
|
/etc/init.d/iptables restart
|
|
</screen>
|
|
|
|
<para>
|
|
Once the rules are in place turn on IP forwarding by
|
|
executing this command.
|
|
</para>
|
|
|
|
<screen>
|
|
echo 1 > /proc/sys/net/ipv4/ip_forward
|
|
</screen>
|
|
|
|
<para>
|
|
To make sure ip forwarding is enabled when the machine restarts
|
|
add the following line to <filename>/etc/sysctl.conf</filename>.
|
|
</para>
|
|
|
|
<screen>
|
|
net.ipv4.ip_forward = 1
|
|
</screen>
|
|
|
|
<para>
|
|
Now the gateway box will be able to do network address translation
|
|
(NAT), but it will drop all forwarding packets except those
|
|
coming from within the public network and bound for the gateway.
|
|
</para>
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="pamiptablessetup">
|
|
<title>PAM iptables Module</title>
|
|
|
|
<para>
|
|
This module is a PAM session module that inserts the firewall rule
|
|
needed to allow forwarding for the authenticated client. To set it
|
|
up simply get the <ulink
|
|
url="ftp://ftp.itlab.musc.edu/pub/pam_iptables.tar.gz">source</ulink>
|
|
and compile it by running the following commands.
|
|
</para>
|
|
|
|
<screen>
|
|
gcc -fPIC -c pam_iptables.c
|
|
ld -x --shared -o pam_iptables.so pam_iptables.o
|
|
</screen>
|
|
|
|
<para>
|
|
You should now have two binaries called
|
|
<filename>pam_iptables.so</filename> and <filename>pam_iptables.o</filename>.
|
|
Copy <filename>pam_iptables.so</filename> to
|
|
<filename>/lib/security/pam_iptables.so</filename>.
|
|
</para>
|
|
|
|
<screen>
|
|
cp pam_iptables.so /lib/security/pam_iptables.so
|
|
</screen>
|
|
|
|
<para>
|
|
The chosen authentication client for the gateway was ssh so we added the
|
|
following line to <filename>/etc/pam.d/sshd</filename>.
|
|
</para>
|
|
|
|
<screen>
|
|
session required /lib/security/pam_iptables.so
|
|
</screen>
|
|
|
|
<para>
|
|
Now, when a user logs in with ssh, the firewall rule will be added.
|
|
</para>
|
|
|
|
<para>
|
|
The default interface for pam_iptables is eth0. This default can be
|
|
changed by adding the interface parameter.
|
|
</para>
|
|
|
|
<screen>
|
|
session required /lib/security/pam_iptables.so interface=eth1
|
|
</screen>
|
|
|
|
<para>
|
|
This is only needed if the interface name that connects to the external
|
|
network is not eth0.
|
|
</para>
|
|
|
|
<para>
|
|
To test if the pam_iptables module is working perform the following
|
|
steps:
|
|
</para>
|
|
|
|
<orderedlist>
|
|
<listitem>
|
|
<para>Log into the box with ssh.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Check to see if the rule was added with the command
|
|
<command>iptables -L</command>.</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>Log out of the box to make sure the rule is removed.</para>
|
|
</listitem>
|
|
</orderedlist>
|
|
|
|
</sect2>
|
|
|
|
|
|
<sect2 id="dhcpdsetup">
|
|
<title>DHCP Server Setup</title>
|
|
|
|
<para>I installed DHCP using the following
|
|
<filename>dhcpd.conf</filename> file.
|
|
</para>
|
|
|
|
<screen>
|
|
subnet 10.0.1.0 netmask 255.255.255.0 {
|
|
# --- default gateway
|
|
option routers 10.0.1.1;
|
|
option subnet-mask 255.255.255.0;
|
|
option broadcast-address 10.0.1.255;
|
|
|
|
option domain-name-servers 10.0.1.1;
|
|
range 10.0.1.3 10.0.1.254;
|
|
option time-offset -5; # Eastern Standard Time
|
|
|
|
default-lease-time 21600;
|
|
max-lease-time 43200;
|
|
|
|
}
|
|
</screen>
|
|
|
|
<para>The server was then run using eth1 , the interface to the
|
|
public net.
|
|
</para>
|
|
|
|
<screen>
|
|
/usr/sbin/dhcpd eth1
|
|
</screen>
|
|
|
|
</sect2>
|
|
|
|
<sect2 id="authenticationsetup">
|
|
<title>Authentication Method Setup</title>
|
|
|
|
<para>
|
|
As indicated in previous sections, I've set this gateway up to use
|
|
LDAP for authenticating. However, you can use any
|
|
means that PAM allows for authentication. See <xref linkend="authentication"> for
|
|
more information.
|
|
</para>
|
|
|
|
<para>
|
|
In order to get PAM LDAP to authenticate, I installed <ulink
|
|
url="http://www.openldap.org">OpenLDAP</ulink> and configured it
|
|
with the following in <filename>/etc/ldap.conf</filename>.
|
|
</para>
|
|
|
|
<screen>
|
|
# Your LDAP server. Must be resolvable without using LDAP.
|
|
host itc.musc.edu
|
|
|
|
# The distinguished name of the search base.
|
|
base dc=musc,dc=edu
|
|
ssl no
|
|
</screen>
|
|
|
|
<para>
|
|
The following files were used to configure PAM to do the LDAP authentication.
|
|
These files were generated by Red Hat's configuration utility.
|
|
</para>
|
|
|
|
<variablelist>
|
|
<varlistentry><term><filename>/etc/pam.d/system-auth</filename> was created and looked
|
|
like this.</term>
|
|
<listitem>
|
|
<para><screen>
|
|
#%PAM-1.0
|
|
# This file is auto-generated.
|
|
# User changes will be destroyed the next time authconfig is run.
|
|
auth required /lib/security/pam_env.so
|
|
auth sufficient /lib/security/pam_unix.so likeauth nullok
|
|
auth sufficient /lib/security/pam_ldap.so use_first_pass
|
|
auth required /lib/security/pam_deny.so
|
|
|
|
account required /lib/security/pam_unix.so
|
|
account [default=ok user_unknown=ignore service_err=ignore system_err=ignore] /lib/security/pam_ldap.so
|
|
|
|
password required /lib/security/pam_cracklib.so retry=3
|
|
password sufficient /lib/security/pam_unix.so nullok use_authtok
|
|
password sufficient /lib/security/pam_ldap.so use_authtok
|
|
password required /lib/security/pam_deny.so
|
|
|
|
session required /lib/security/pam_limits.so
|
|
session required /lib/security/pam_unix.so
|
|
session optional /lib/security/pam_ldap.so
|
|
</screen>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
<varlistentry><term>Then the following
|
|
<filename>/etc/pam.d/sshd</filename> file was created.</term>
|
|
<listitem><para>
|
|
<screen>
|
|
#%PAM-1.0
|
|
auth required /lib/security/pam_stack.so service=system-auth
|
|
auth required /lib/security/pam_nologin.so
|
|
account required /lib/security/pam_stack.so service=system-auth
|
|
password required /lib/security/pam_stack.so service=system-auth
|
|
session required /lib/security/pam_stack.so service=system-auth
|
|
#this line is added for firewall rule insertion upon login
|
|
session required /lib/security/pam_iptables.so debug
|
|
session optional /lib/security/pam_console.so
|
|
</screen>
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
</sect2>
|
|
|
|
<sect2 id="dnssetup">
|
|
<title>DNS Setup</title>
|
|
|
|
<para>
|
|
I installed the default version of Bind that comes with Red Hat
|
|
7.1, and the caching-nameserver RPM. The DHCP server tells
|
|
the machines on the public net to use the gateway box as their nameserver.
|
|
</para>
|
|
|
|
</sect2>
|
|
</sect1>
|
|
|
|
<sect1 id="usage">
|
|
<title>Using the authentication gateway</title>
|
|
<para>
|
|
To use the authentication gateway, configure your client machine to use
|
|
DHCP. Install a ssh client on the box and ssh into the gateway.
|
|
Once you are logged in, you will have access to the internal network.
|
|
The following is an example session from a unix based client:
|
|
</para>
|
|
|
|
<screen>
|
|
bash>ssh zornnh@10.0.1.1
|
|
zornnh's Password:
|
|
|
|
gateway>
|
|
</screen>
|
|
|
|
<para>
|
|
As long as you stayed logged in, you will have access. Once you log out,
|
|
access will be taken away.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: resources: END -->
|
|
|
|
<sect1 id="remarks">
|
|
<title>Concluding Remarks</title>
|
|
|
|
<indexterm>
|
|
<primary>(your index root)!conclusion</primary>
|
|
</indexterm>
|
|
|
|
<itemizedlist>
|
|
<listitem><para>
|
|
This method of security does not rely on the security provided by the
|
|
wireless network community. It assumes that the entire wireless network
|
|
is insecure and outside of your network.
|
|
</para>
|
|
</listitem>
|
|
<listitem><para>
|
|
The gateway does not encrypt traffic. It only allows you access
|
|
to the network behind it. If encryption and authentication are desired,
|
|
a VPN should be used.
|
|
</para>
|
|
</listitem>
|
|
</itemizedlist>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: remarks: END -->
|
|
|
|
|
|
<!-- Section1: resources -->
|
|
|
|
<sect1 id="resource">
|
|
<title>Additional Resources</title>
|
|
<itemizedlist>
|
|
<listitem>
|
|
<para>A <ulink
|
|
url="http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html">document</ulink>
|
|
describing the NASA implementation of the authentication gateway.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
A <ulink url="http://www.ualberta.ca/~beck/authgw.html">white
|
|
paper</ulink> describing how the University of Alberta created an authentication gateway.
|
|
</para>
|
|
</listitem>
|
|
<listitem>
|
|
<para>
|
|
<ulink url="http://nocat.net">Nocat.net</ulink> has an authentication gateway for wireless networks. This software
|
|
has a web based client.
|
|
</itemizedlist>
|
|
</sect1>
|
|
|
|
<!-- Section1: faq -->
|
|
|
|
<sect1 id="faq">
|
|
<title>Questions and Answers</title>
|
|
|
|
<indexterm>
|
|
<primary>(your index root)!FAQ</primary>
|
|
</indexterm>
|
|
<indexterm>
|
|
<primary>(your index root)!frequently asked questions</primary>
|
|
</indexterm>
|
|
|
|
<para>
|
|
This is just a collection of what I believe are the most common
|
|
questions people might have. Give me more feedback and I will turn
|
|
this section into a proper FAQ.
|
|
</para>
|
|
|
|
</sect1>
|
|
|
|
<!-- Section1: faq: END -->
|
|
|
|
</article>
|
|
|
|
<!-- Keep this comment at the end of the file
|
|
Local variables:
|
|
mode: sgml
|
|
sgml-omittag:t
|
|
sgml-shorttag:t
|
|
sgml-namecase-general:t
|
|
sgml-general-insert-case:lower
|
|
sgml-minimize-attributes:nil
|
|
sgml-always-quote-attributes:t
|
|
sgml-indent-step:1
|
|
sgml-indent-data:nil
|
|
sgml-parent-document:nil
|
|
sgml-exposed-tags:nil
|
|
sgml-local-catalogs:nil
|
|
sgml-local-ecat-files:nil
|
|
End:
|
|
-->
|
|
|
|
|
|
|