From owner-freebsd-current@FreeBSD.ORG Sun Nov 16 02:10:28 2003 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7B83B16A4CE; Sun, 16 Nov 2003 02:10:28 -0800 (PST) Received: from shop.digma.com.ua (shop.digma.com.ua [217.12.194.3]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5238843F3F; Sun, 16 Nov 2003 02:10:26 -0800 (PST) (envelope-from cub@cub.org.ua) Received: from cub.org.ua (demani.digma [172.22.5.7]) by shop.digma.com.ua (8.12.6p2/8.12.6) with ESMTP id hAGAAIba004397; Sun, 16 Nov 2003 12:10:18 +0200 (EET) (envelope-from cub@cub.org.ua) Received: from demani.digma ([172.22.5.7] helo=cub.org.ua) by cub.org.ua with esmtp (Exim 4.22) id 1ALJrB-000E2q-1M; Sun, 16 Nov 2003 12:10:13 +0200 Message-ID: <3FB74D04.1000602@cub.org.ua> Date: Sun, 16 Nov 2003 12:10:12 +0200 From: Kostyuk Oleg User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.5) Gecko/20031022 X-Accept-Language: ru, uk, en-us, en MIME-Version: 1.0 To: Hajimu UMEMOTO References: <3FB6B4FE.4C1AF03C@mindspring.com> In-Reply-To: Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-spamscan: scanned by cub.org.ua X-spamscan: Total score 0 cc: FreeBSD-gnats-submit@freebsd.org cc: ume@mahoroba.org cc: freebsd-current@freebsd.org Subject: Re: /etc/rc.d/ipsec starts not in time X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Nov 2003 10:10:28 -0000 Hi >>It is not sufficient. There is setkey(8) in /usr/sbin. It means that >>we cannot protect NFS exported /usr by IPsec. If there is no >>objection, I wish to move setkey(8) into /sbin like NetBSD did. > > tlambert2> This type of order inversion is common. > tlambert2> Can we simply delay exportation until later in the boot process? > tlambert2> Wouldn't this have the same effect? > > Oops, I should explain the situation clearly. The client which mounts > /usr by NFS cannot use IPsec due to lack of setkey(8). I think, you not exactly understand my problem. I not export anything, not protect NFS exported /usr and have ordinary workstation with 40G HD and /usr on it. Using IPSec - hostorical behavior :), and i live without problems on 4.x . But I use NFS exports from others. And, in case if IPSec used between my mashine and NFS server, I can't boot smoothly - booting hold up on mounting NFS until I press Ctrl+C . Patch, which I send, resolve my problem. But I not sure - applicable this patch for diskless ?.... I can't recall when problem appear. All life server runs on 4.8. My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT. Now - kern.osreldate: 501113. -- With best wishes, DIGMA sysadmin Oleg Kostyuk aka Cub (OK5-UANIC) [BSD registered user #BSD050664]