39 lines
1.4 KiB
Groff
39 lines
1.4 KiB
Groff
.\" Process this file with
|
|
.\" groff -man -Tascii foo.1
|
|
.\"
|
|
.TH TLSDATE 1 "OCTOBER 2012" Linux "User Manuals"
|
|
.SH NAME
|
|
tlsdate-helper \- secure parasitic rdate replacement
|
|
.SH SYNOPSIS
|
|
.B tlsdate-helper host port protocol ca_racket verbose certdir setclock \
|
|
showtime timewarp leapaway proxy-type://proxyhost:proxyport httpmode
|
|
.SH DESCRIPTION
|
|
.B tlsdate-helper
|
|
is a tool for setting the system clock by hand or by communication
|
|
with the network. It does not set the Real Time Clock. It is designed to be as
|
|
secure as TLS (RFC 2246) but of course the security of TLS is often reduced to
|
|
whichever CA racket you believe is trustworthy. By default, tlsdate-helper
|
|
trusts your local CA root store - so any of these companies could assist in a
|
|
MITM attack against you and you'd be screwed.
|
|
|
|
The proxy argument expects HTTP, SOCKS4A or SOCKS5 formatted as followed:
|
|
|
|
http://127.0.0.1:8118
|
|
socks4a://127.0.0.1:9050
|
|
socks5://127.0.0.1:9050
|
|
|
|
This tool is designed to be run by hand or as a system daemon. It must be
|
|
run as root or otherwise have the proper caps; it will not be able to set
|
|
the system time without running as root or another privileged user.
|
|
.SH BUGS
|
|
It's likely! Let us know by contacting jacob@appelbaum.net
|
|
|
|
Note that
|
|
.B tlsdate(1)
|
|
is in Beta, and may not work as expected.
|
|
.SH AUTHOR
|
|
Jacob Appelbaum <jacob at appelbaum dot net>
|
|
.SH "SEE ALSO"
|
|
.B tlsdate(1),
|
|
.B tlsdated(8),
|
|
.B tlsdated.conf(5)
|