Date: Thu, 3 Sep 2020 22:20:28 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r365314 - projects/nfs-over-tls Message-ID: <202009032220.083MKSS2051286@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Thu Sep 3 22:20:27 2020 New Revision: 365314 URL: https://svnweb.freebsd.org/changeset/base/365314 Log: Update the setup doc for startup of the daemons. Modified: projects/nfs-over-tls/nfs-over-tls-setup.txt Modified: projects/nfs-over-tls/nfs-over-tls-setup.txt ============================================================================== --- projects/nfs-over-tls/nfs-over-tls-setup.txt Thu Sep 3 22:11:01 2020 (r365313) +++ projects/nfs-over-tls/nfs-over-tls-setup.txt Thu Sep 3 22:20:27 2020 (r365314) @@ -284,6 +284,12 @@ The man pages for rpc.tlsclntd(8) and rpc.tlsservd(8) options, but here are a few examples. For an NFS server: +(Although these examples show the daemons started via a command line, the + options should normally be specified via the tls[clnt|serv]d_flags line + in /etc/rc.conf and then they are started upon boot. + To start them without use of the /etc/rc.d scripts, you will need to + add "/usr/ktls/lib" to your ldconfig_paths via rc.conf or similar. + Otherwise it will complain it cannot find the correct ssl library.) - An NFS server where no clients have certificates. # rpc.tlsservd @@ -344,9 +350,11 @@ Once you have set things up, you can add line(s) to yo for the daemon(s): For the client: tlsclntd_enable="YES" +tlsclntd_env="LD_LIBRARY_PATH=/usr/ktls/lib" For the server: tlsservd_enable="YES" +tlsservd_env="LD_LIBRARY_PATH=/usr/ktls/lib" - plus tlsclntd_flags and/or tlsservd_flags if you are using command line options for these (see below).
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202009032220.083MKSS2051286>