Subversion Repositories svn LFS-FR

Compare Revisions

Ignore whitespace Rev 548 → Rev 549

/trunk/blfs/preface/organization.xml
File deleted
/trunk/blfs/preface/preface.xml
File deleted
/trunk/blfs/preface/foreword.xml
File deleted
/trunk/blfs/preface/whoread.xml
File deleted
/trunk/blfs/preface/preface.ent
File deleted
/trunk/blfs/server/server.ent
File deleted
/trunk/blfs/server/other/xinetd/xinetd-config.xml
File deleted
/trunk/blfs/server/other/xinetd/xinetd.ent
File deleted
/trunk/blfs/server/other/xinetd/xinetd-intro.xml
File deleted
/trunk/blfs/server/other/xinetd/xinetd-inst.xml
File deleted
/trunk/blfs/server/other/xinetd/xinetd-desc.xml
File deleted
/trunk/blfs/server/other/cvsserver/cvsserver.ent
File deleted
/trunk/blfs/server/other/cvsserver/cvsserver-intro.xml
File deleted
/trunk/blfs/server/other/cvsserver/cvsserver-exp.xml
File deleted
/trunk/blfs/server/other/cvsserver/cvsserver-inst.xml
File deleted
/trunk/blfs/server/other/openssh/openssh-config.xml
File deleted
/trunk/blfs/server/other/openssh/openssh.ent
File deleted
/trunk/blfs/server/other/openssh/openssh-intro.xml
File deleted
/trunk/blfs/server/other/openssh/openssh-exp.xml
File deleted
/trunk/blfs/server/other/openssh/openssh-inst.xml
File deleted
/trunk/blfs/server/other/openssh/openssh-desc.xml
File deleted
/trunk/blfs/server/other/rsync/rsync-config.xml
File deleted
/trunk/blfs/server/other/rsync/rsync.ent
File deleted
/trunk/blfs/server/other/rsync/rsync-intro.xml
File deleted
/trunk/blfs/server/other/rsync/rsync-inst.xml
File deleted
/trunk/blfs/server/other/rsync/rsync-desc.xml
File deleted
/trunk/blfs/server/other/dhcp/dhcp.ent
File deleted
/trunk/blfs/server/other/dhcp/dhcp-intro.xml
File deleted
/trunk/blfs/server/other/dhcp/dhcp-exp.xml
File deleted
/trunk/blfs/server/other/dhcp/dhcp-inst.xml
File deleted
/trunk/blfs/server/other/dhcp/dhcp-desc.xml
File deleted
/trunk/blfs/server/other/dhcp/dhcp-config.xml
File deleted
/trunk/blfs/server/other/bind/bind-inst.xml
File deleted
/trunk/blfs/server/other/bind/bind-desc.xml
File deleted
/trunk/blfs/server/other/bind/bind-config.xml
File deleted
/trunk/blfs/server/other/bind/bind.ent
File deleted
/trunk/blfs/server/other/bind/bind-intro.xml
File deleted
/trunk/blfs/server/other/leafnode/leafnode-config.xml
File deleted
/trunk/blfs/server/other/leafnode/leafnode.ent
File deleted
/trunk/blfs/server/other/leafnode/leafnode-intro.xml
File deleted
/trunk/blfs/server/other/leafnode/leafnode-exp.xml
File deleted
/trunk/blfs/server/other/leafnode/leafnode-inst.xml
File deleted
/trunk/blfs/server/other/leafnode/leafnode-desc.xml
File deleted
/trunk/blfs/server/other/samba3/samba3-exp.xml
File deleted
/trunk/blfs/server/other/samba3/samba3-inst.xml
File deleted
/trunk/blfs/server/other/samba3/samba3-desc.xml
File deleted
/trunk/blfs/server/other/samba3/samba3-config.xml
File deleted
/trunk/blfs/server/other/samba3/samba3.ent
File deleted
/trunk/blfs/server/other/samba3/samba3-intro.xml
File deleted
/trunk/blfs/server/other/openldap/openldap-config.xml
File deleted
/trunk/blfs/server/other/openldap/openldap.ent
File deleted
/trunk/blfs/server/other/openldap/openldap-intro.xml
File deleted
/trunk/blfs/server/other/openldap/openldap-exp.xml
File deleted
/trunk/blfs/server/other/openldap/openldap-inst.xml
File deleted
/trunk/blfs/server/other/openldap/openldap-desc.xml
File deleted
/trunk/blfs/server/other/other.xml
1,4 → 1,10
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
 
<chapter id="server-other">
<?dbhtml filename="other.html"?>
<title>Autres logiciels serveurs</title>
10,14 → 16,15
apprendre les conséquences d'une configuration incorrecte de façon à analyser
les risques.</para>
 
&bind;
&cvsserver;
&dhcp;
&leafnode;
&openssh;
&rsync;
&openldap;
&samba3;
&xinetd;
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="bind.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="cvsserver.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="svnserver.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="dhcp.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="leafnode.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openssh.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="rsync.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="openldap.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="samba3.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="xinetd.xml"/>
 
</chapter>
/trunk/blfs/server/other/cvsserver.xml
1,11 → 1,176
<?xml version="1.0" encoding="ISO-8859-1"?>
<sect1 id="cvsserver" xreflabel="cvsserver">
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
]>
 
<sect1 id="cvsserver" xreflabel="Running a CVS Server">
<sect1info>
<othername>$LastChangedBy: igor $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="cvsserver.html"?>
<title>Exécuter un serveur CVS</title>
<title>Administrer un serveur CVS</title>
 
&cvsserver-intro;
&cvsserver-inst;
&cvsserver-exp;
<sect2>
<title>Administrer un serveur <acronym>CVS</acronym></title>
 
<para>Cette section décrira comment configurer, administrer et sécuriser un
serveur <acronym>CVS</acronym>.</para>
 
<sect3><title>Dépendances du <application>serveur CVS</application></title>
<sect4><title>Requis</title>
<para><xref linkend="cvs"/> et <xref linkend="openssh"/></para></sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Configurer un serveur <acronym>CVS</acronym>.</title>
 
<para>Un serveur <acronym>CVS</acronym> sera configuré en utilisant OpenSSH comme
méthode d'accès distant. Les autres méthodes d'accès, incluant :pserver: et
:server: ne seront pas utilisées pour les accès en écriture sur le dépôt
<acronym>CVS</acronym>. La méthode :pserver: envoit les mots de passe en texte
clair sur le réseau et la méthode :server: n'est pas acceptée dans tous les ports
<acronym>CVS</acronym>. Des instructions pour un accès anonyme, en lecture seule,
du <acronym>CVS</acronym> utilisant :pserver: est disponible à la fin de cette
section.</para>
 
<para>La configuration du serveur <acronym>CVS</acronym> se fait en quatre
étapes&nbsp;:</para>
 
<sect3><title>1. Créez un dépôt.</title>
<para>Créez un nouveau dépôt <acronym>CVS</acronym> avec les commandes
suivantes&nbsp;:</para>
<screen><userinput><command>mkdir /srv/cvsroot &amp;&amp;
chmod 1777 /srv/cvsroot &amp;&amp;
export CVSROOT=/srv/cvsroot &amp;&amp;
cvs init</command></userinput></screen></sect3>
 
<sect3><title>2. Importez le code source dans le dépôt.</title>
<para>Importez un module source dans le dépôt en suivant les commandes suivantes,
lancées à partir d'un compte utilisateur sur la même machine que le dépôt
<acronym>CVS</acronym>&nbsp;:</para>
 
<screen><userinput><command>cd <replaceable>[sourcedir]</replaceable> &amp;&amp;
cvs import -m "<replaceable>[repository test]</replaceable>" <replaceable>[cvstest]</replaceable> <replaceable>[vendortag]</replaceable> <replaceable>[releasetag]</replaceable></command></userinput></screen></sect3>
 
<sect3><title>3. Vérifiez l'accès local au dépôt.</title>
<para>Testez l'accès au dépôt <acronym>CVS</acronym> à partir du même compte
utilisateur avec la commande suivante&nbsp;:</para>
 
<screen><userinput><command>cvs co cvstest</command></userinput></screen></sect3>
 
<sect3><title>4. Vérifiez l'accès distant au dépôt.</title>
<para>Testez l'accès au dépôt <acronym>CVS</acronym> à partir d'une machine
distante en utilisant un compte utilisateur qui a un accès
<command>ssh</command> au serveur <acronym>CVS</acronym> avec les commandes
suivantes&nbsp;:</para>
<note><para>Remplacez <replaceable>[nomserveur]</replaceable> avec l'adresse
<acronym>IP</acronym> ou le nom de l'hôte de la machine contenant le dépôt
<acronym>CVS</acronym>. Le mot de passe shell de l'utilisateur vous sera démandé
avant que la récupération du <acronym>CVS</acronym> ne se poursuive.</para></note>
 
 
<screen><userinput><command>export CVS_RSH=/usr/bin/ssh &amp;&amp;
cvs -d:ext:<replaceable>[nomserveur]</replaceable>:/srv/cvsroot co cvstest</command></userinput></screen></sect3>
</sect2>
<sect2>
<title>Configurer <acronym>CVS</acronym> pour un accès anonyme en lecture seule.</title>
 
<para><acronym>CVS</acronym> peut être configuré pour accepter un accès anonyme
en lecture seule en utilisant la méthode :pserver: et en se connectant en tant
que root après avoir exécuté les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>(grep anonymous /etc/passwd || useradd anonymous -s /bin/false) &amp;&amp;
echo anonymous: &gt; /srv/cvsroot/CVSROOT/passwd &amp;&amp;
echo anonymous &gt; /srv/cvsroot/CVSROOT/readers</command></userinput></screen>
 
<para>Si vous utilisez <command>inetd</command>, la commande suivante ajoutera
l'entrée dans <filename>/etc/inetd.conf</filename>&nbsp;:</para>
 
<screen><userinput><command>echo "2401 stream tcp nowait root /usr/bin/cvs cvs -f \
--allow-root=/srv/cvsroot pserver" &gt;&gt; /etc/inetd.conf</command></userinput></screen>
 
<para>Lancez un <command>killall -HUP inetd</command> pour relire le fichier
<filename>inetd.conf</filename> modifié.</para>
 
<para>Si vous utilisez <command>xinetd</command>, la commande suivante ajoutera
l'entrée pserver dans <filename>/etc/xinetd.conf</filename>&nbsp;:</para>
 
<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
service cvspserver
{
port = 2401
socket_type = stream
protocol = tcp
wait = no
user = root
passenv = PATH
server = /usr/bin/cvs
server_args = -f --allow-root=/srv/cvsroot pserver
}
<command>EOF</command></userinput></screen>
<para>Lancez un <command>/etc/rc.d/init.d/xinetd reload</command> pour relire
le fichier <filename>xinetd.conf</filename> modifié.</para>
 
<para>Tester l'accès anonyme vers le nouveau dépôt requiert un compte sur une
autre machine pouvant atteindre le serveur <acronym>CVS</acronym> via le réseau.
Aucun compte sur le dépôt <acronym>CVS</acronym> n'est nécessaire. Pour tester
l'accès anonyme au dépôt <acronym>CVS</acronym>, connectez-vous sur une autre
machine en tant qu'utilisateur non privilégié et exécutez la commande
suivante&nbsp;:
</para>
 
<screen><userinput><command>cvs -d:pserver:anonymous@<replaceable>[nomserveur]</replaceable>:/srv/cvsroot co cvstest</command></userinput></screen>
<note><para>Replace <replaceable>[nomserveur]</replaceable> with the
<acronym>IP</acronym> address or hostname of the
<acronym>CVS</acronym> server.</para></note>
 
</sect2>
 
<sect2>
<title>Explications des commandes</title>
 
<para><command>mkdir /srv/cvsroot</command>&nbsp;: crée le répertoire du dépôt
<acronym>CVS</acronym>.</para>
 
<para><command>chmod 1777 /srv/cvsroot</command>&nbsp;: configure les droits
stiky bit pour <envar>CVSROOT</envar>.</para>
 
<para><command>export CVSROOT=/srv/cvsroot</command>&nbsp;: spécifie le nouveau
<envar>CVSROOT</envar> pour toutes les commandes <command>cvs</command>.</para>
 
<para><command>cvs init</command>&nbsp;: initialise le nouveau dépôt
<acronym>CVS</acronym>.</para>
 
<para><command>cvs import -m "repository test" cvstest vendortag
releasetag</command>&nbsp;: tous les modules de code source doivent être importés
dans le dépôt <acronym>CVS</acronym> avant utilisation, avec la commande
<command>cvs import</command>. Le commutateur <userinput>-m</userinput>
spécifie une description pour le nouveau module. Le paramètre "cvstest" est le
nom utilisé pour le module dans toutes les commandes <command>cvs</command> qui
suivent. Les paramètres "vendortag" et "releasetag" sont utilisés pour mieux
identifier chaque module <acronym>CVS</acronym> et sont nécessaires qu'ils soient
utilisés ou non.</para>
 
<para><command>(grep anonymous /etc/passwd || useradd anonymous -s
/bin/false)</command>&nbsp;: vérifie l'existence d'un utilisateur anonymous et
le crée s'il n'en trouve pas.</para>
 
<para><command>echo anonymous: &gt; /srv/cvsroot/CVSROOT/passwd
</command>&nbsp;: ajoute l'utilisateur anonymous au fichier des mots de passe
de <acronym>CVS</acronym>, qui est plus utilisé dans tout le reste de cette
configuration.</para>
 
<para><command>echo anonymous &gt; /srv/cvsroot/CVSROOT/readers</command>&nbsp;:
ajoute l'utilisateur anonymous dans le fichier des lecteurs
<acronym>CVS</acronym>, qui est une liste des utilisateurs ayant un accès au
dépôt en lecture seule.</para>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/openldap.xml
1,13 → 1,331
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY openldap-download-http "http://gd.tuwien.ac.at/infosys/network/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
<!ENTITY openldap-download-ftp "ftp://ftp.openldap.org/pub/OpenLDAP/openldap-release/openldap-&openldap-version;.tgz">
<!ENTITY openldap-md5sum "bd45020a47061ea1c1e14e2f6204a0f9">
<!ENTITY openldap-size "2,5&nbsp;Mo">
<!ENTITY openldap-buildsize "67&nbsp;Mo">
<!ENTITY openldap-time "6,42&nbsp;SBU">
]>
 
<sect1 id="openldap" xreflabel="OpenLDAP-&openldap-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="openldap.html"?>
<title>Open<acronym>LDAP</acronym>-&openldap-version;</title>
<title><application>Open<acronym>LDAP</acronym></application>-&openldap-version;
</title>
 
&openldap-intro;
&openldap-inst;
&openldap-exp;
&openldap-config;
&openldap-desc;
<sect2>
<title>Introduction à <application>Open<acronym>LDAP</acronym></application>
</title>
 
<para>Le paquetage <application>Open<acronym>LDAP</acronym></application>
fournit une implémentation libre de <acronym>LDAP</acronym> (acronyme de
<foreignphrase>Lightweight Directory Access Protocol</foreignphrase>.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&openldap-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&openldap-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &openldap-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&openldap-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&openldap-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&openldap-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances de <application>Open<acronym>LDAP</acronym></application></title>
<sect4><title>Requis</title>
<para><xref linkend="db"/></para>
</sect4>
 
<sect4><title>Recommandé</title>
<para><xref linkend="cyrus-sasl"/> et <xref linkend="openssl"/></para>
</sect4>
 
<sect4><title>Optionnel</title>
<para><xref linkend="tcpwrappers"/>,
<xref linkend="gdbm"/>,
<ulink url="http://www.gnu.org/software/pth/">GNU Pth</ulink>, et
<xref linkend="heimdal"/> ou
<xref linkend="mitkrb"/></para>
</sect4>
 
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de <application>Open<acronym>LDAP</acronym></application>
</title>
 
<para>Installez <application>Open<acronym>LDAP</acronym></application> en
lançant les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/sbin \
--sysconfdir=/etc --localstatedir=/srv/ldap \
--enable-ldbm --disable-debug &amp;&amp;
make depend &amp;&amp;
make &amp;&amp;
make test &amp;&amp;
make install &amp;&amp;
chmod 755 /usr/lib/libl*-2.2.so.7.0.13</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Explications des commandes</title>
 
<para><parameter>--libexecdir=/usr/sbin</parameter>&nbsp;: installe les
exécutables du serveur dans <filename class="directory">/usr/sbin</filename>
au lieu de <filename class="directory">/usr/libexec</filename>.</para>
 
<para><parameter>--sysconfdir=/etc</parameter>&nbsp;: configure le répertoire
du fichier de configuration pour éviter sa valeur par défaut,
<filename class="directory">/usr/etc</filename>.</para>
 
<para><parameter>--localstatedir=/srv/ldap</parameter>&nbsp;: configure le
répertoire de la base de donnée <acronym>LDAP</acronym>, des traces de réplication
et des données variables en exécution.</para>
 
<para><parameter>--enable-ldbm</parameter>&nbsp;: construit <command>slapd</command>
en utilisant comme base de données principale soit
<application>Berkeley DB</application> soit
<application><acronym>GNU</acronym> Database Manager</application>.</para>
 
<para><parameter>--disable-debug</parameter>&nbsp;: désactive le code de
débogage.</para>
 
<para><command>make test</command>&nbsp;: valide la construction du paquetage.
Si vous avez activé <application>tcp_wrappers</application>, assurez-vous
d'ajouter 127.0.0.1 sur la ligne <parameter>slapd</parameter> dans le fichier
<filename>/etc/hosts.allow</filename> si vous avez un fichier
<filename>/etc/hosts.deny</filename> restrictif.</para>
 
<para><command>chmod 755 /usr/lib/libl*-2.2.so.7.0.10</command>&nbsp;: cette
commande ajoute le bit d'exécution aux bibliothèques partagées.</para>
 
</sect2>
 
<sect2>
<title>Configurer <application>Open<acronym>LDAP</acronym></application>
</title>
 
<sect3><title>Fichiers de configuration</title>
<para><filename>/etc/openldap/*</filename></para>
</sect3>
 
<sect3><title>Informations de configuration</title>
<para>Configurer les serveurs <command>slapd</command> et <command>slurpd</command>
peut être complexe. Sécuriser le répertoire <acronym>LDAP</acronym>, spécialement
si vous stockez des données non publiques comme des bases de données de mots de
passe, peut aussi être un défi. Vous aurez besoin de modifier les fichiers
<filename>/etc/openldap/slapd.conf</filename> et
<filename>/etc/openldap/ldap.conf</filename> pour configurer
<application>Open<acronym>LDAP</acronym></application> selon vos besoins
particuliers.</para>
 
<para>Les ressources pour vous aider avec des thèmes comme le choix d'un
répertoire, la configuration, les définitions du serveur et de la base de
données, les paramètrages de contrôle d'accès, exécuter avec un utilisateur
autre que root et configurer un environnement <command>chroot</command>
incluent&nbsp;:
</para>
 
<itemizedlist spacing='compact'>
<listitem><para>la page man de <command>slapd</command></para></listitem>
<listitem><para>la page man de <filename>slapd.conf</filename></para></listitem>
<listitem><para>le <ulink
url="http://www.openldap.org/doc/admin22/">Guide de l'administrateur
d'OpenLDAP 2.2</ulink></para></listitem>
<listitem><para>les documents situés sur
<ulink url="http://www.openldap.org/pub/"/></para></listitem>
</itemizedlist></sect3>
 
<sect3><title>Utiliser <application>GDBM</application></title>
<para>Pour utiliser <application>GDBM</application> comme moteur de bases de
données, l'entrée <quote>database</quote> dans
<filename>/etc/openldap/slapd.conf</filename> doit être changée de
<quote>bdb</quote> à <quote>ldbm</quote>. Vous pouvez utiliser les deux en
créant une section base de données supplémentaire dans
<filename>/etc/openldap/slapd.conf</filename>.
</para></sect3>
 
<sect3><title>Répertoire d'adresses <application>Mozilla</application></title>
<para>Par défaut, le support de acronym>LDAP</acronym>v2 est désactivé dans le
fichier <filename>slapd.conf</filename>. Une fois que la base de données est
correctement configurée et que <application>Mozilla</application> est configuré
pour utiliser le répertoire, vous devez ajouter <option>allow bind_v2</option>
au fichier <filename>slapd.conf</filename>.</para></sect3>
 
<sect3><title>Script de démarrage</title>
<para>Pour automatiser le lancement du serveur <acronym>LDAP</acronym> lors du
démarrage du système, installez le script de démarrage
<filename>/etc/rc.d/init.d/openldap</filename> inclus dans le paquetage
<xref linkend="intro-important-bootscripts"/> en utilisant la commande
suivante&nbsp;:</para>
 
<screen><userinput><command>make install-openldap1</command></userinput></screen>
 
<para><emphasis>Note&nbsp;:</emphasis> le script de démarrage que vous venez
d'installer lance seulement le démon <command>slapd</command>. Si vous souhaitez
aussi lancer le démon <command>slurpd</command> au démarrage, installez une
version modifiée du script en utilisant cette commande&nbsp;:</para>
 
<screen><userinput><command>make install-openldap2</command></userinput></screen>
 
<note><para>Le script de démarrage lance les démons sans paramètres. Vous aurez
besoin de modifier le script pour inclure les paramètres nécessaires à votre
configuration spécifique. Voir les pages man de <command>slapd</command> et
<command>slurpd</command> pour des informations sur les paramètres.</para></note>
</sect3>
 
<sect3><title>Tester la configuration</title>
<para>Exécutez le serveur <acronym>LDAP</acronym> en utilisant le script de
démarrage&nbsp;:</para>
 
<screen><userinput><command>/etc/rc.d/init.d/openldap start</command></userinput></screen>
 
<para>Vérifiez l'accès au serveur <acronym>LDAP</acronym> avec la commande
suivante&nbsp;:</para>
 
<screen><userinput><command>ldapsearch -x -b '' -s base '(objectclass=*)' namingContexts</command></userinput></screen>
 
<para>Le résultat attendu est&nbsp;:</para>
<screen><computeroutput># extended LDIF
#
# LDAPv3
# base &lt;&gt; with scope base
# filter: (objectclass=*)
# requesting: namingContexts
#
 
#
dn:
namingContexts: dc=my-domain,dc=com
 
# search result
search: 2
result: 0 Success
 
# numResponses: 2
# numEntries: 1</computeroutput></screen>
 
</sect3>
</sect2>
 
<sect2>
<title>Contenu</title>
 
<para>Le paquetage Open<acronym>LDAP</acronym> contient
<command>ldapadd</command>,
<command>ldapcompare</command>,
<command>ldapdelete</command>,
<command>ldapmodify</command>,
<command>ldapmodrdn</command>,
<command>ldappasswd</command>,
<command>ldapsearch</command>,
<command>ldapwhoami</command>,
<command>slapadd</command>,
<command>slapcat</command>,
<command>slapd</command>,
<command>slapdn</command>,
<command>slapindex</command>,
<command>slappasswd</command>,
<command>slaptest</command>,
<command>slurpd</command>,
<filename class="libraryfile">liblber</filename> et les bibliothèques
<filename class="libraryfile">libldap</filename>.</para>
 
</sect2>
 
<sect2><title>Description</title>
 
<sect3><title>ldapadd</title>
<para><command>ldapadd</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et ajoute des entrées.</para></sect3>
 
<sect3><title>ldapcompare</title>
<para><command>ldapcompare</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et réalise une comparaison en utilisant
les paramètres spécifiés.</para></sect3>
 
<sect3><title>ldapdelete</title>
<para><command>ldapdelete</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et supprime une ou plusieurs entrées.</para>
</sect3>
 
<sect3><title>ldapmodify</title>
<para><command>ldapmodify</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et modifie des entrées.</para></sect3>
 
<sect3><title>ldapmodrdn</title>
<para><command>ldapmodrdn</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et modifie le
<acronym>RDN</acronym> d'entrées.</para></sect3>
 
<sect3><title>ldappasswd</title>
<para><command>ldappasswd</command> est un outil pour configurer le mot de passe
d'un utilisateur <acronym>LDAP</acronym>.</para></sect3>
 
<sect3><title>ldapsearch</title>
<para><command>ldapsearch</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et réalise une recherche en utilisant
les paramètres spécifiés.</para></sect3>
 
<sect3><title>ldapwhoami</title>
<para><command>ldapwhoami</command> ouvre une connexion avec un serveur
<acronym>LDAP</acronym>, établie un lien et affiche les informations whoami.</para>
</sect3>
 
<sect3><title>slapadd</title>
<para><command>slapadd</command> est utilisé pour ajouter des entrées spécifiées
dans le format d'échange <acronym>LDAP</acronym> (<acronym>LDIF</acronym>)
dans la base de données <acronym>LDAP</acronym>.</para></sect3>
 
<sect3><title>slapcat</title>
<para><command>slapcat</command> est utilisé pour générer une sortie
<acronym>LDIF</acronym> du <acronym>LDAP</acronym>, basée sur le contenu
d'une base de données slapd.</para></sect3>
 
<sect3><title>slapd</title>
<para><command>slapd</command> est le serveur autonome <acronym>LDAP</acronym>.
</para></sect3>
 
<sect3><title>slapdn</title>
<para><command>slapdn</command> vérifie une liste de <acronym>DN</acronym>
représentés par des chaîne basées sur la syntaxe du schéma.</para></sect3>
 
<sect3><title>slapindex</title>
<para><command>slapindex</command> est utilisé pour regénérer les indices slapd
suivant le contenu actuel d'une base de données.</para></sect3>
 
<sect3><title>slappasswd</title>
<para><command>slappasswd</command> est un outil pour mot de passe avec
Open<acronym>LDAP</acronym>.</para></sect3>
 
<sect3><title>slaptest</title>
<para><command>slaptest</command> vérifie la cohérence du fichier
<filename>slapd.conf</filename>.</para></sect3>
 
<sect3><title>slurpd</title>
<para><command>slurpd</command> est le serveur de réplication autonome
<acronym>LDAP</acronym>.</para></sect3>
 
<sect3><title>liblber et libldap</title>
<para>Ces bibliothèques supportent les programmes <acronym>LDAP</acronym> et
fournissent des fonctionnalités aux autres programmes interagissant avec
<acronym>LDAP</acronym>.</para></sect3>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/samba3.xml
1,13 → 1,648
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY samba3-download-http "http://us1.samba.org/samba/ftp/samba-&samba3-version;.tar.gz">
<!ENTITY samba3-download-ftp "ftp://ftp.samba.org/pub/samba/samba-&samba3-version;.tar.gz">
<!ENTITY samba3-md5sum "217e489646a474b4fb69d5802c14bc6e">
<!ENTITY samba3-size "15.3 MB">
<!ENTITY samba3-buildsize "143 MB">
<!ENTITY samba3-time "2.12 SBU">
]>
 
<sect1 id="samba3" xreflabel="Samba-&samba3-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="samba3.html"?>
<title>Samba-&samba3-version;</title>
<indexterm zone="samba3">
<primary sortas="a-Samba">Samba</primary></indexterm>
 
&samba3-intro;
&samba3-inst;
&samba3-exp;
&samba3-config;
&samba3-desc;
<sect2>
<title>Introduction to <application>Samba</application></title>
 
<para>The <application>Samba</application> package provides file and print
services to <acronym>SMB</acronym>/<acronym>CIFS</acronym> clients and
Windows networking to Linux clients. <application>Samba</application> can also
be configured as a Windows NT 4.0 Domain Controller replacement
(with caveats working with NT <acronym>PDC</acronym>'s and
<acronym>BDC</acronym>'s), a file/print server acting as a member of a
Windows NT 4.0 or Active Directory domain and a NetBIOS (rfc1001/1002)
nameserver (which amongst other things provides
<acronym>LAN</acronym> browsing support).</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&samba3-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&samba3-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum:
&samba3-md5sum;</para></listitem>
<listitem><para>Download size:
&samba3-size;</para></listitem>
<listitem><para>Estimated disk space required:
&samba3-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&samba3-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3>
<title><application>Samba</application> dependencies</title>
<sect4>
<title>Optional</title>
<para><xref linkend="popt"/>,
<xref linkend="Linux_PAM"/>,
<xref linkend="openldap"/>,
<xref linkend="cups"/>,
<xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
<xref linkend="libxml2"/>,
<xref linkend="mysql"/> or <xref linkend="postgresql"/>,
<xref linkend="python"/>,
<xref linkend="xinetd"/>,
<ulink url="http://valgrind.kde.org/">Valgrind</ulink> and
<xref linkend="stunnel"/> (used to encrypt access to SWAT)</para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Samba</application></title>
 
<para>Install <application>Samba</application> by running the following
commands:</para>
 
<screen><userinput><command>cd source &amp;&amp;
install -d /var/cache/samba &amp;&amp;
./configure \
--prefix=/usr \
--sysconfdir=/etc \
--localstatedir=/var \
--with-piddir=/var/run \
--with-fhs \
--with-smbmount &amp;&amp;
make</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make install &amp;&amp;
mv /usr/lib/samba/libsmbclient.so /usr/lib &amp;&amp;
ln -sf ../libsmbclient.so /usr/lib/samba &amp;&amp;
chmod 644 /usr/include/libsmbclient.h \
/usr/lib/samba/libsmbclient.a &amp;&amp;
install -m755 nsswitch/libnss_win{s,bind}.so /lib &amp;&amp;
ln -sf libnss_winbind.so /lib/libnss_winbind.so.2 &amp;&amp;
ln -sf libnss_wins.so /lib/libnss_wins.so.2 &amp;&amp;
cp ../examples/smb.conf.default /etc/samba &amp;&amp;
install -m644 ../docs/*.pdf /usr/share/samba &amp;&amp;
if [ -f nsswitch/pam_winbind.so ]; then
install -m755 nsswitch/pam_winbind.so /lib/security
fi</command></userinput></screen>
 
<note><para>You may want to run <command>configure</command> with the
<parameter>--help</parameter> parameter. There may be other parameters
needed to take advantage of the optional dependencies.</para></note>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><command>install -d /var/cache/samba</command>: This directory is
needed for proper operation of the <command>smbd</command> and
<command>nmbd</command> daemons.</para>
 
<para><parameter>--sysconfdir=/etc</parameter>: Sets the configuration
file directory to avoid the default of
<filename class="directory">/usr/etc</filename>.</para>
 
<para><parameter>--localstatedir=/var</parameter>: Sets the variable
data directory to avoid the default of
<filename class="directory">/usr/var</filename>.</para>
 
<para><option>--with-fhs</option>: Assigns all other file paths in a manner
compliant with the Filesystem Hierarchy Standard
(<acronym>FHS</acronym>).</para>
 
<para><option>--with-smbmount</option>: Orders the creation of an extra
binary for use by the <command>mount</command> command so that mounting remote
<acronym>SMB</acronym> (Windows) shares becomes no more complex than mounting
remote <acronym>NFS</acronym> shares.</para>
 
<para><option>--with-pam</option>: Use this parameter to link
<application>Linux-<acronym>PAM</acronym></application> into the build. This
also builds the <filename class='libraryfile'>pam_winbind.so</filename>
<application><acronym>PAM</acronym></application> module. You can find
instructions on how to configure and use the module by running
<command>man winbindd</command>.</para>
 
<para><command>mv /usr/lib/samba/libsmbclient.so ...; ln -sf
../libsmbclient.so ...</command>: The
<filename class='libraryfile'>libsmbclient.so</filename> library is needed
by other packages. This command moves it to a location where other packages
can find it.</para>
 
<para><command>install -m755 nsswitch/libnss_win{s,bind}.so /lib</command>:
The nss libraries are not installed by default. If you intend to use
winbindd for domain auth, and/or <acronym>WINS</acronym> name resolution,
you need these libraries.</para>
 
<para><command>ln -sf libnss_winbind.so /lib/libnss_winbind.so.2</command>
and <command>ln -sf libnss_wins.so /lib/libnss_wins.so.2</command>:
These symlinks are required by glibc to use the nss libraries.</para>
 
<para><command>cp ../examples/smb.conf.default /etc/samba</command>:
This copies a default <filename>smb.conf </filename>into
<filename>/etc/samba</filename>. This sample configuration will not
work unless edited for your site, and renamed
<filename>smb.conf</filename>.</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>Samba</application></title>
 
<sect3 id="samba3-config"><title>Config files</title>
<para>/etc/samba/smb.conf</para>
<indexterm zone="samba3 samba3-config">
<primary sortas="e-etc-samba-smb.conf">/etc/samba/smb.conf</primary>
</indexterm>
</sect3>
 
<sect3><title>Configuration overview and available documentation</title>
 
<para>Due to the complexity and the many various uses for
<application>Samba</application>, complete configuration is well beyond the
scope of the <acronym>BLFS</acronym> book. Advanced configurations including
setting up Primary and Backup Domain Controllers are advanced topics and
cannot be adequately covered in <acronym>BLFS</acronym> (it should be noted,
however, that a <application>Samba</application> <acronym>BDC</acronym> cannot
be used as a fallback for a
<application>Windows</application> <acronym>PDC</acronym>, and conversely, a
<application>Windows</application> <acronym>BDC</acronym> cannot be used as a
fallback for a <application>Samba</application> <acronym>PDC</acronym>). Many
complete books have been written on these topics alone.</para>
 
<para>There is quite a bit of documentation available which covers many of
these advanced configurations. Point your web browser to the links below to
view some of the documentation included with the
<application>Samba</application> package:</para>
 
<itemizedlist spacing='compact'>
<listitem><para>Using Samba, 2nd Edition; a popular book published by O'Reilly
<ulink url="file:///usr/share/samba/swat/using_samba/toc.html"/></para>
</listitem>
 
<listitem><para>The Official Samba HOWTO and Reference Guide <ulink
url="file:///usr/share/samba/swat/help/Samba-HOWTO-Collection/index.html"/>
</para>
</listitem>
 
<listitem><para>Samba-3 by Example
<ulink url="file:///usr/share/samba/swat/help/Samba-Guide/index.html"/></para>
</listitem>
 
<listitem><para>The Samba-3 man Pages
<ulink url="file:///usr/share/samba/swat/help/samba.7.html"/></para>
</listitem>
</itemizedlist>
</sect3>
 
<sect3 id="samba3-swat-config"><title>Configuring SWAT</title>
 
<para>The built in <acronym>SWAT</acronym>
(<application>Samba</application> Web Administration Tool) utility can be used
for basic configuration of the <application>Samba</application> installation,
but because it may be inconvenient, undesireable or perhaps even impossible
to gain access to the console, BLFS recommends setting up access to
<acronym>SWAT</acronym> using <application>Stunnel</application>.</para>
<indexterm zone="samba3 samba3-swat-config">
<primary sortas="g-SWAT">SWAT</primary></indexterm>
 
<para>First you must add entries to <filename>/etc/services</filename> and
modify the <command>inetd</command>/<command>xinetd</command>
configuration.</para>
<indexterm zone="samba3 samba3-swat-config">
<primary sortas="e-etc-services">/etc/services</primary></indexterm>
<indexterm zone="samba3 samba3-swat-config">
<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary></indexterm>
<indexterm zone="samba3 samba3-swat-config">
<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary></indexterm>
 
<para>Add swat and swat_tunnel entries to
<filename>/etc/services</filename> with the following commands issued as the
root user:</para>
 
<screen><userinput role='root'><command>echo "swat 901/tcp" &gt;&gt; /etc/services &amp;&amp;
echo "swat_tunnel 902/tcp" &gt;&gt; /etc/services</command></userinput></screen>
 
<para>If <command>inetd</command> is used, the following command will add the
swat_tunnel entry to <filename>/etc/inetd.conf</filename> (as user root):</para>
 
<screen><userinput role='root'><command>echo "swat_tunnel stream tcp nowait.400 root /usr/sbin/swat swat" \
&gt;&gt; /etc/inetd.conf</command></userinput></screen>
<para>Issue a <command>killall -HUP inetd</command> to reread the
changed <filename>inetd.conf</filename> file.</para>
 
<para>If <command>xinetd</command> is used, the following command issued as
the root user will add the swat_tunnel entry to
<filename>/etc/xinetd.conf</filename> (you may need to modify or remove the
<quote>only_from</quote> line to include the desired host[s]):</para>
 
<screen><userinput role='root'><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
service swat_tunnel
{
port = 902
socket_type = stream
wait = no
only_from = 127.0.0.1
user = root
server = /usr/sbin/swat
log_on_failure += USERID
}
<command>EOF</command></userinput></screen>
 
<para>Issue a <command>killall -HUP xinetd</command> to reread the
changed <filename>xinetd.conf</filename> file.</para>
 
<para>Next, you must add an entry for the swat service to the
<filename>/etc/stunnel/stunnel.conf</filename> file (as user root):</para>
<indexterm zone="samba3 samba3-swat-config"><primary
sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
</indexterm>
 
<screen><userinput role='root'><command>cat &gt;&gt; /etc/stunnel/stunnel.conf &lt;&lt; "EOF"</command>
[swat]
accept = 901
connect = 902
 
<command>EOF</command></userinput></screen>
 
<para>Restart the <command>stunnel</command> daemon using the following
command as the root user:</para>
 
<screen><userinput role='root'><command>/etc/rc.d/init.d/stunnel restart</command></userinput></screen>
 
<para><acronym>SWAT</acronym> can be launched by pointing your web browser to
<userinput>https://<replaceable>[CA_DN_field]</replaceable>:901</userinput>.
Substitute the hostname listed in the <acronym>DN</acronym> field of the
<acronym>CA</acronym> certificate used with
<application>Stunnel</application> for
<replaceable>[CA_DN_field]</replaceable>.</para>
 
<note><para>If you linked
<application>Linux-<acronym>PAM</acronym></application> into the
<application>Samba</application> build, you'll need to create an
<filename>/etc/pam.d/samba</filename> file.</para></note>
<indexterm zone="samba3 samba3-swat-config"><primary
sortas="e-etc-pam.d-samba">/etc/pam.d/samba</primary>
</indexterm>
</sect3>
 
<sect3><title>Printing to <acronym>SMB</acronym> clients</title>
 
<para>If you use <application><acronym>CUPS</acronym></application> for print
services, and you wish to print to a printer attached to an
<acronym>SMB</acronym> client, you need to create an <acronym>SMB</acronym>
backend device. To create the device, issue the following command as the
root user:</para>
 
<screen><userinput><command>ln -sf /usr/bin/smbspool /usr/lib/cups/backend/smb</command></userinput></screen>
</sect3>
 
<sect3 id="samba3-init"><title>Installing bootscripts</title>
 
<para>For your convenience, boot scripts have been provided for
<application>Samba</application>. There are two included in the
<xref linkend="intro-important-bootscripts"/> package. The first,
<filename>samba</filename>, will start the <command>smbd</command> and
<command>nmbd</command> daemons needed to provide
<acronym>SMB</acronym>/<acronym>CIFS</acronym> services. The second
script, <filename>winbind</filename>, starts the <command>winbindd</command>
daemon, used for providing Windows domain services to Linux clients.</para>
<indexterm zone="samba3 samba3-init">
<primary sortas="f-samba">samba</primary></indexterm>
<indexterm zone="samba3 samba3-init">
<primary sortas="f-winbind">winbind</primary></indexterm>
 
<para>Install the <filename>samba</filename> script with the following
command issued as the root user:</para>
 
<screen><userinput role='root'><command>make install-samba</command></userinput></screen>
 
<para>If you also need the <filename>winbind</filename> script:</para>
 
<screen><userinput role='root'><command>make install-winbind</command></userinput></screen>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
 
<seglistitem>
<seg>findsmb, mount.smbfs, net, nmbd, nmblookup, ntlm_auth, pdbedit, profiles,
rpcclient, smbcacls, smbclient, smbcontrol, smbcquotas, smbd, smbmnt,
smbmount, smbpasswd, smbspool, smbstatus, smbtar, smbtree, smbumount, swat,
tdbbackup, tdbdump, tdbtool, testparm, testprns, wbinfo and winbindd</seg>
<seg>libnss_winbind.so, libnss_wins.so, libsmbclient.[so,a], the
pam_winbind.so <acronym>PAM</acronym> library and assorted character set,
filesystem and support modules.</seg>
<seg>/etc/samba, /usr/lib/samba, /usr/share/samba, /var/cache/samba and
/var/lib/samba</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="findsmb">
<term><command>findsmb</command></term>
<listitem><para>lists information about machines that respond to
<acronym>SMB</acronym> name queries on a subnet.</para>
<indexterm zone="samba3 findsmb">
<primary sortas="b-findsmb">findsmb</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="mount.smbfs">
<term><command>mount.smbfs</command></term>
<listitem><para>is a symlink to <command>mountsmb</command> which provides
<command>/bin/mount</command> with a way to mount remote Windows (or
<application>Samba</application>) fileshares.</para>
<indexterm zone="samba3 mount.smbfs">
<primary sortas="b-mount.smbfs">mount.smbfs</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="net">
<term><command>net</command></term>
<listitem><para>is a tool for administration of
<application>Samba</application> and remote <acronym>CIFS</acronym> servers,
similar to the <command>net</command> utility for
<acronym>DOS</acronym>/Windows.</para>
<indexterm zone="samba3 net">
<primary sortas="b-net">net</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="nmbd">
<term><command>nmbd</command></term>
<listitem><para>is the <application>Samba</application>
Net<acronym>BIOS</acronym> name server.</para>
<indexterm zone="samba3 nmbd">
<primary sortas="b-nmbd">nmbd</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="nmblookup">
<term><command>nmblookup</command></term>
<listitem><para>is used to query Net<acronym>BIOS</acronym> names and map
them to <acronym>IP</acronym> addresses.</para>
<indexterm zone="samba3 nmblookup">
<primary sortas="b-nmblookup">nmblookup</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="ntlm_auth">
<term><command>ntlm_auth</command></term>
<listitem><para>is a tool to allow external access to Winbind's
<acronym>NTLM</acronym> authentication function.</para>
<indexterm zone="samba3 ntlm_auth">
<primary sortas="b-ntlm_auth">ntlm_auth</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="pdbedit">
<term><command>pdbedit</command></term>
<listitem><para>is a tool used to manage the <acronym>SAM</acronym>
database.</para>
<indexterm zone="samba3 pdbedit">
<primary sortas="b-pdbedit">pdbedit</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="profiles">
<term><command>profiles</command></term>
<listitem><para>is a utility that reports and changes <acronym>SID</acronym>s
in Windows registry files. It currently only supports Windows NT.</para>
<indexterm zone="samba3 profiles">
<primary sortas="b-profiles">profiles</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="rpcclient">
<term><command>rpcclient</command></term>
<listitem><para>is used to execute MS-<acronym>RPC</acronym> client side
functions.</para>
<indexterm zone="samba3 rpcclient">
<primary sortas="b-rpcclient">rpcclient</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbcacls">
<term><command>smbcacls</command></term>
<listitem><para>is used to manipulate Windows NT access control lists.</para>
<indexterm zone="samba3 smbcacls">
<primary sortas="b-smbcacls">smbcacls</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbclient">
<term><command>smbclient</command></term>
<listitem><para>is a <acronym>SMB</acronym>/<acronym>CIFS</acronym> access
utility, similar to <acronym>FTP</acronym>.</para>
<indexterm zone="samba3 smbclient">
<primary sortas="b-smbclient">smbclient</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbcontrol">
<term><command>smbcontrol</command></term>
<listitem><para>is used to control running <command>smbd</command>,
<command>nmbd</command> and <command>winbindd</command> daemons.</para>
<indexterm zone="samba3 smbcontrol">
<primary sortas="b-smbcontrol">smbcontrol</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbcquotas">
<term><command>smbcquotas</command></term>
<listitem><para>is used to manipulate Windows NT quotas on
<acronym>SMB</acronym> file shares.</para>
<indexterm zone="samba3 smbcquotas">
<primary sortas="b-smbcquotas">smbcquotas</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbd">
<term><command>smbd</command></term>
<listitem><para>is the main <application>Samba</application> daemon which
provides <acronym>SMB</acronym>/<acronym>CIFS</acronym> services to
clients.</para>
<indexterm zone="samba3 smbd">
<primary sortas="b-smbd">smbd</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbmnt">
<term><command>smbmnt</command></term>
<listitem><para>is a helper application used by the
<command>smbmount</command> program to do the actual mounting of
<acronym>SMB</acronym> shares. It can be installed setuid root if you want
normal users to be able to mount their <acronym>SMB</acronym> shares.</para>
<indexterm zone="samba3 smbmnt">
<primary sortas="b-smbmnt">smbmnt</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbmount">
<term><command>smbmount</command></term>
<listitem><para>is usually invoked as <command>mount.smbfs</command> by the
<command>mount</command> command when using the
<parameter>-t smbfs</parameter> option, mounts a Linux <acronym>SMB</acronym>
filesystem.</para>
<indexterm zone="samba3 smbmount">
<primary sortas="b-smbmount">smbmount</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbpasswd">
<term><command>smbpasswd</command></term>
<listitem><para>changes a user's <application>Samba</application>
password.</para>
<indexterm zone="samba3 smbpasswd">
<primary sortas="b-smbpasswd">smbpasswd</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbspool">
<term><command>smbspool</command></term>
<listitem><para>sends a print job to an <acronym>SMB</acronym> printer.</para>
<indexterm zone="samba3 smbspool">
<primary sortas="b-smbspool">smbspool</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbstatus">
<term><command>smbstatus</command></term>
<listitem><para>reports current <application>Samba</application>
connections.</para>
<indexterm zone="samba3 smbstatus">
<primary sortas="b-smbstatus">smbstatus</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbtar">
<term><command>smbtar</command></term>
<listitem><para>is a shell script used for backing up
<acronym>SMB</acronym>/<acronym>CIFS</acronym> shares directly to Linux tape
drives or a file.</para>
<indexterm zone="samba3 smbtar">
<primary sortas="b-smbtar">smbtar</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbtree">
<term><command>smbtree</command></term>
<listitem><para>is a text-based <acronym>SMB</acronym> network browser.</para>
<indexterm zone="samba3 smbtree">
<primary sortas="b-smbtree">smbtree</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="smbumount">
<term><command>smbumount</command></term>
<listitem><para>is used by normal users to unmount <acronym>SMB</acronym>
filesystems, provided that it is setuid root.</para>
<indexterm zone="samba3 smbumount">
<primary sortas="b-smbumount">smbumount</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="swat">
<term><command>swat</command></term>
<listitem><para>is the <application>Samba</application> Web Administration
Tool.</para>
<indexterm zone="samba3 swat">
<primary sortas="b-swat">swat</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="tdbbackup">
<term><command>tdbbackup</command></term>
<listitem><para>is a tool for backing up or validating the integrity of
<application>Samba</application> <filename>.tdb</filename> files.</para>
<indexterm zone="samba3 tdbbackup">
<primary sortas="b-tdbbackup">tdbbackup</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="tdbdump">
<term><command>tdbdump</command></term>
<listitem><para> is a tool used to print the contents of a
<application>Samba</application> <filename>.tdb</filename> file.</para>
<indexterm zone="samba3 tdbdump">
<primary sortas="b-tdbdump">tdbdump</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="tdbtool">
<term><command>tdbtool</command></term>
<listitem><para>is a tool which allows simple database manipulation from the
command line.</para>
<indexterm zone="samba3 tdbtool">
<primary sortas="b-tdbtool">tdbtool</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="testparm">
<term><command>testparm</command></term>
<listitem><para>checks an <filename>smb.conf</filename> file for proper
syntax.</para>
<indexterm zone="samba3 testparm">
<primary sortas="b-testparm">testparm</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="testprns">
<term><command>testprns</command></term>
<listitem><para>tests printer names.</para>
<indexterm zone="samba3 testprns">
<primary sortas="b-testprns">testprns</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="wbinfo">
<term><command>wbinfo</command></term>
<listitem><para>queries a running <command>winbindd</command> daemon.</para>
<indexterm zone="samba3 wbinfo">
<primary sortas="b-wbinfo">wbinfo</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="winbindd">
<term><command>winbindd</command></term>
<listitem><para>resolves names from Windows NT servers.</para>
<indexterm zone="samba3 winbindd">
<primary sortas="b-winbindd">winbindd</primary>
</indexterm></listitem>
</varlistentry>
 
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/xinetd.xml
1,12 → 1,142
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY xinetd-download-http "http://www.xinetd.org/xinetd-&xinetd-version;.tar.gz">
<!ENTITY xinetd-download-ftp " ">
<!ENTITY xinetd-md5sum "4295b5fe12350f09b5892b363348ac8b">
<!ENTITY xinetd-size "291 KB">
<!ENTITY xinetd-buildsize "3.91 MB">
<!ENTITY xinetd-time "0.09 SBU">
]>
 
<sect1 id="xinetd" xreflabel="xinetd-&xinetd-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="xinetd.html"?>
<title>xinetd-&xinetd-version;</title>
 
&xinetd-intro;
&xinetd-inst;
&xinetd-config;
&xinetd-desc;
<sect2>
<title>Introduction à <application>xinetd</application></title>
 
<para><application>xinetd</application> est le démon étendu de services Internet
(<foreignphrase>eXtended InterNET services Daemon</foreignphrase>), un remplacement
sécurisé de <command>inetd</command>.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&xinetd-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&xinetd-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &xinetd-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&xinetd-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&xinetd-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&xinetd-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances de <application>xinetd</application></title>
<sect4><title>Optionnel</title>
<para><xref linkend="tcpwrappers"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de <application>xinetd</application></title>
 
<para>Installez <application>xinetd</application> en lançant les commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>./configure --prefix=/usr &amp;&amp;
make &amp;&amp;
make install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Configurer <application>xinetd</application></title>
 
<sect3><title>Fichiers de configuration</title>
<para><filename>/etc/xinetd.conf</filename></para>
</sect3>
 
<sect3><title>Informations de configuration</title>
 
<para>Assurez-vous que le chemin de tous les démons est <filename
class="directory">/usr/sbin</filename>, plutôt que le chemin par défaut
<filename class="directory">/usr/etc</filename>, et installez le fichier de
configuration de <application>xinetd</application> en lançant la commande
suivante&nbsp;:</para>
 
<screen><userinput><command>sed -e 's/etc/sbin/g' xinetd/sample.conf &gt; /etc/xinetd.conf</command>
</userinput></screen>
 
<para>Le format de <filename>/etc/xinetd.conf</filename> est documenté dans la
page man de xinetd.conf. Plus d'informations sont disponibles sur
<ulink url="http://www.xinetd.org"/>.</para>
 
<para>Installez le script de démarrage de <filename>/etc/rc.d/init.d/xinetd</filename>
inclus dans le paquetage <xref linkend="intro-important-bootscripts"/>.</para>
 
<screen><userinput><command>make install-xinetd</command></userinput></screen>
 
<para>Maintenant, utilisez le nouveau script de démarrage
<command>xinetd</command>&nbsp;:</para>
 
<screen><userinput><command>/etc/rc.d/init.d/xinetd start</command></userinput></screen>
 
<para>Vérifier le fichier <filename>/var/log/daemon.log</filename> devrait se
révéler assez amusant. Ce fichier pourrait contenir des entrées similaires à ce
qui suit&nbsp;:</para>
 
<screen><userinput>Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rlogind is not
executable [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Error parsing attribute server -
DISABLING SERVICE [line=29]
Aug 22 21:40:21 dps10 xinetd[2696]: Server /usr/sbin/in.rshd is not
executable [line=42]</userinput></screen>
 
<para>Ces erreurs sont dûes au fait que la plupart des serveurs que
<command>xinetd</command> essaie de contrôler ne sont pas encore
installés.</para>
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<para>Le paquetage <application>xinetd</application> contient
<command>xinetd</command>,
<command>itox</command> et
<command>xconv.pl</command>.</para>
 
</sect2>
 
<sect2><title>Description</title>
 
<sect3><title>xinetd</title>
<para><command>xinetd</command> est le démon de services Internet.</para></sect3>
 
<sect3><title>itox</title>
<para><command>itox</command> est un outil utilisé pour convertir des fichiers
<filename>inetd.conf</filename> au format
<filename>xinetd.conf</filename>.</para></sect3>
 
<sect3><title>xconv.pl</title>
<para><command>xconv.pl</command> est un script <application>Perl</application>
utilisé pour convertir les fichiers <filename>inetd.conf</filename> au format
<filename>xinetd.conf</filename>, de façon similaire à
<command>itox</command>.</para></sect3>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/bind.xml
1,12 → 1,538
<?xml version="1.0" encoding="ISO-8859-1"?>
<sect1 id="bind" xreflabel="BIND-&bind-version;">
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY bind-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
<!ENTITY bind-download-ftp "ftp://ftp.isc.org/isc/bind9/&bind-version;/bind-&bind-version;.tar.gz">
<!ENTITY bind-md5sum "fdb42fff7e345372ac52a4493b77b694">
<!ENTITY bind-size "4.6 MB">
<!ENTITY bind-buildsize "87 MB">
<!ENTITY bind-time "1.87 SBU (additional 4.14 SBU to run the complete test suite)">
]>
 
<sect1 id="bind" xreflabel="BIND-&bind-version;p1">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="bind.html"?>
<title><acronym>BIND</acronym>-&bind-version;</title>
<title><acronym>BIND</acronym>-&bind-version;p1</title>
<indexterm zone="bind">
<primary sortas="a-BIND">BIND</primary>
</indexterm>
 
&bind-intro;
&bind-inst;
&bind-config;
&bind-desc;
<sect2>
<title>Introduction to
<application><acronym>BIND</acronym></application></title>
 
<para>The <application><acronym>BIND</acronym></application> package
provides a <acronym>DNS</acronym> server and client utilities. If you
are only interested in the utilities, refer to the
<xref linkend="bind-utils"/>.</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&bind-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&bind-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum:
&bind-md5sum;</para></listitem>
<listitem><para>Download size:
&bind-size;</para></listitem>
<listitem><para>Estimated disk space required:
&bind-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&bind-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Additional downloads</title>
<itemizedlist spacing='compact'>
<listitem><para><ulink
url="ftp://ftp.isc.org/isc/bind9/9.3.0/&bind-version;-patch1"/></para>
</listitem>
</itemizedlist>
</sect3>
 
<sect3><title><application><acronym>BIND</acronym></application>
dependencies</title>
<sect4><title>Optional</title>
<para><xref linkend="openssl"/></para>
</sect4>
 
<sect4><title>Optional (to run the full test suite)</title>
<para><xref linkend="net-tools"/> (for <command>ifconfig</command>) and
<xref linkend="perl-modules"/>: Net-DNS</para>
</sect4>
 
<sect4><title>Optional (to [re]build documentation)</title>
<para><xref linkend="openjade"/>,
<xref linkend="jadetex"/>,
<xref linkend="docbook-dsssl"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of
<application><acronym>BIND</acronym></application></title>
 
<para>Install <application><acronym>BIND</acronym></application> by
running the following commands:</para>
 
<screen><userinput><command>patch -Np1 -i ../&bind-version;-patch1 &amp;&amp;
sed -i -e "s/dsssl-stylesheets/&amp;-1.78/g" configure &amp;&amp;
./configure --prefix=/usr --sysconfdir=/etc \
--enable-threads --with-libtool &amp;&amp;
make</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make install &amp;&amp;
chmod 755 \
/usr/lib/{lib{bind9,isc{,cc,cfg},lwres}.so.?.?.?,libdns.so.20.0.0} &amp;&amp;
mv /usr/share/man/man8/named.conf.5 /usr/share/man/man5 &amp;&amp;
cd doc &amp;&amp;
install -d -m755 /usr/share/doc/bind-9.3.0/{arm,draft,misc,rfc} &amp;&amp;
install -m644 arm/*.html \
/usr/share/doc/bind-9.3.0/arm &amp;&amp;
install -m644 draft/*.txt \
/usr/share/doc/bind-9.3.0/draft &amp;&amp;
install -m644 rfc/* \
/usr/share/doc/bind-9.3.0/rfc &amp;&amp;
install -m644 \
misc/{dnssec,ipv6,migrat*,options,rfc-compliance,roadmap,sdb} \
/usr/share/doc/bind-9.3.0/misc</command></userinput></screen>
 
<para>In order to run the complete test suite before installing the
package, you need to set up some dummy interfaces (requires
<command>ifconfig</command>). Issue the following commands to run the
complete suite of tests (you will have to be the root user to issue the
<command>ifconfig</command> commands):</para>
 
<screen><userinput role='root'><command>bin/tests/system/ifconfig.sh up &amp;&amp;
make check &gt;check.log 2&gt;&amp;1 &amp;&amp;
bin/tests/system/ifconfig.sh down</command></userinput></screen>
 
<para>If desired, issue the following command to ensure all 145 tests ran
successfully:</para>
 
<screen><userinput><command>grep "R:PASS" check.log | wc -l</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><command>patch -Np1 -i ../&bind-version;-patch1</command>: There's a
vulnerability in the <acronym>DNS</acronym><acronym>SEC</acronym> code. See
<ulink url="http://www.kb.cert.org/vuls/id/938617"/>. The patch fixes the
bug.</para>
 
<para><command>sed -i -e ... configure</command>: This command forces
<command>configure</command> to look for the <acronym>DSSSL</acronym>
stylesheets in the standard <acronym>BLFS</acronym> location.</para>
 
<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces
<application><acronym>BIND</acronym></application> to look for configuration
files in <filename class='directory'>/etc</filename> instead of
<filename class='directory'>/usr/etc</filename>.</para>
 
<para><parameter>--enable-threads</parameter>: This parameter enables
multi-threading capability.</para>
 
<para><parameter>--with-libtool</parameter>: This parameter forces the
building of dynamic libraries and links the installed binaries to these
libraries.</para>
 
<para><command>cd doc; install ...</command>: These commands install the
additional package documentation. Optionally, omit any or all of these
commands.</para>
 
</sect2>
 
<sect2>
<title>Configuring
<application><acronym>BIND</acronym></application></title>
 
<sect3 id="bind-config"><title>Config files</title>
<para><filename>named.conf</filename>,
<filename>root.hints</filename>,
<filename>127.0.0</filename>,
<filename>rndc.conf</filename> and
<filename>resolv.conf</filename></para>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-named.conf">/etc/named.conf</primary></indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-rndc.conf">/etc/rndc.conf</primary></indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-resolv.conf">/etc/resolv.conf</primary></indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-namedb-root.hints">/etc/namedb/root.hints</primary>
</indexterm>
<indexterm zone="bind bind-config">
<primary sortas="e-etc-namedb-pz-127.0.0.0">/etc/namedb/pz/127.0.0.0</primary>
</indexterm>
</sect3>
 
<sect3><title>Configuration Information</title>
 
<para><application><acronym>BIND</acronym></application> will be configured
to run in a <command>chroot</command> jail as an unprivileged user (named).
This configuration is more secure in that a <acronym>DNS</acronym> compromise
can only affect a few files in the named user's <envar>HOME</envar>
directory.</para>
 
<para>Create the unprivileged user and group named:</para>
 
<screen><userinput role='root'><command>groupadd named &amp;&amp;
useradd -m -c "BIND Owner" -g named -s /bin/false named</command></userinput></screen>
 
<para>Set up some files, directories and devices needed by
<application><acronym>BIND</acronym></application>:</para>
 
<screen><userinput role='root'><command>cd /home/named &amp;&amp;
mkdir -p dev etc/namedb/slave var/run &amp;&amp;
mknod /home/named/dev/null c 1 3 &amp;&amp;
mknod /home/named/dev/random c 1 8 &amp;&amp;
chmod 666 /home/named/dev/{null,random} &amp;&amp;
mkdir /home/named/etc/namedb/pz &amp;&amp;
cp /etc/localtime /home/named/etc</command></userinput></screen>
 
<para>Then, generate a key for use in the <filename>named.conf</filename>
and <filename>rdnc.conf</filename> files using the
<command>rndc-confgen</command> command:</para>
 
<screen><userinput role='root'><command>rndc-confgen -b 512 | grep -m 1 "secret" | cut -d '"' -f 2</command></userinput></screen>
 
<para>Create the <filename>named.conf</filename> file from which named
will read the location of zone files, root name servers and secure
<acronym>DNS</acronym> keys:</para>
 
<screen><userinput role='root'><command>cat &gt; /home/named/etc/named.conf &lt;&lt; "EOF"</command>
options {
directory "/etc/namedb";
pid-file "/var/run/named.pid";
statistics-file "/var/run/named.stats";
};
controls {
inet 127.0.0.1 allow { localhost; } keys { rndc_key; };
};
key "rndc_key" {
algorithm hmac-md5;
secret "<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
};
zone "." {
type hint;
file "root.hints";
};
zone "0.0.127.in-addr.arpa" {
type master;
file "pz/127.0.0";
};
 
// Bind 9 now logs by default through syslog (except debug).
// These are the default logging rules.
 
logging {
category default { default_syslog; default_debug; };
category unmatched { null; };
 
channel default_syslog {
syslog daemon; // send to syslog's daemon
// facility
severity info; // only send priority info
// and higher
};
 
channel default_debug {
file "named.run"; // write to named.run in
// the working directory
// Note: stderr is used instead
// of "named.run"
// if the server is started
// with the '-f' option.
severity dynamic; // log at the server's
// current debug level
};
 
channel default_stderr {
stderr; // writes to stderr
severity info; // only send priority info
// and higher
};
 
channel null {
null; // toss anything sent to
// this channel
};
};
 
 
 
<command>EOF</command></userinput></screen>
 
<para>Create the <filename>rndc.conf</filename> file with the following
commands:</para>
 
<screen><userinput role='root'><command>cat &gt; /etc/rndc.conf &lt;&lt; "EOF"</command>
key rndc_key {
algorithm "hmac-md5";
secret
"<replaceable>[Insert secret from rndc-confgen's output here]</replaceable>";
};
options {
default-server localhost;
default-key rndc_key;
};
<command>EOF</command></userinput></screen>
 
<para>The <filename>rndc.conf</filename> file contains information for
controlling named operations with the <command>rndc</command>
utility.</para>
 
<para>Create a zone file with the following contents:</para>
 
<screen><userinput role='root'><command>cat &gt; /home/named/etc/namedb/pz/127.0.0 &lt;&lt; "EOF"</command>
$TTL 3D
@ IN SOA ns.local.domain. hostmaster.local.domain. (
1 ; Serial
8H ; Refresh
2H ; Retry
4W ; Expire
1D) ; Minimum TTL
NS ns.local.domain.
1 PTR localhost.
<command>EOF</command></userinput></screen>
 
<para>Create the <filename>root.hints</filename> file with the following
commands:</para>
 
<note><para>Caution must be used to ensure there are no leading spaces in this
file.</para></note>
 
<screen><userinput><command>cat &gt; /home/named/etc/namedb/root.hints &lt;&lt; "EOF"</command>
. 6D IN NS A.ROOT-SERVERS.NET.
. 6D IN NS B.ROOT-SERVERS.NET.
. 6D IN NS C.ROOT-SERVERS.NET.
. 6D IN NS D.ROOT-SERVERS.NET.
. 6D IN NS E.ROOT-SERVERS.NET.
. 6D IN NS F.ROOT-SERVERS.NET.
. 6D IN NS G.ROOT-SERVERS.NET.
. 6D IN NS H.ROOT-SERVERS.NET.
. 6D IN NS I.ROOT-SERVERS.NET.
. 6D IN NS J.ROOT-SERVERS.NET.
. 6D IN NS K.ROOT-SERVERS.NET.
. 6D IN NS L.ROOT-SERVERS.NET.
. 6D IN NS M.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET. 6D IN A 198.41.0.4
B.ROOT-SERVERS.NET. 6D IN A 192.228.79.201
C.ROOT-SERVERS.NET. 6D IN A 192.33.4.12
D.ROOT-SERVERS.NET. 6D IN A 128.8.10.90
E.ROOT-SERVERS.NET. 6D IN A 192.203.230.10
F.ROOT-SERVERS.NET. 6D IN A 192.5.5.241
G.ROOT-SERVERS.NET. 6D IN A 192.112.36.4
H.ROOT-SERVERS.NET. 6D IN A 128.63.2.53
I.ROOT-SERVERS.NET. 6D IN A 192.36.148.17
J.ROOT-SERVERS.NET. 6D IN A 192.58.128.30
K.ROOT-SERVERS.NET. 6D IN A 193.0.14.129
L.ROOT-SERVERS.NET. 6D IN A 198.32.64.12
M.ROOT-SERVERS.NET. 6D IN A 202.12.27.33
<command>EOF</command></userinput></screen>
 
<para>The <filename>root.hints</filename> file is a list of root name servers.
This file must be updated periodically with the <command>dig</command>
utility. A current copy of root.hints can be obtained from
<ulink url="ftp://rs.internic.net/domain/named.root" />. Consult the
<ulink url="http://www.bind9.net/Bv9ARM.html"><application>
<acronym>BIND</acronym></application> 9 Administrator Reference Manual</ulink>
for details.</para>
 
<para>Create or modify <filename>resolv.conf</filename> to use the new
name server with the following commands:</para>
 
<note><para>Replace <replaceable>[yourdomain.com]</replaceable> with your own
valid domain name.</para></note>
 
<screen><userinput role='root'><command>cp /etc/resolv.conf /etc/resolv.conf.bak &amp;&amp;
cat &gt; /etc/resolv.conf &lt;&lt; "EOF"</command>
search <replaceable>[yourdomain.com]</replaceable>
nameserver 127.0.0.1
<command>EOF</command></userinput></screen>
 
<para>Set permissions on the <command>chroot</command> jail with the
following command:</para>
 
<screen><userinput role='root'><command>chown -R named.named /home/named</command></userinput></screen>
 
<para id="bind-init">To start the <acronym>DNS</acronym> server at boot, install the
<filename>/etc/rc.d/init.d/bind</filename> init script included in the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="bind bind-init">
<primary sortas="f-bind">bind</primary></indexterm>
 
<screen><userinput role='root'><command>make install-bind</command></userinput></screen>
 
<para>Now start <application><acronym>BIND</acronym></application> with
the new boot script:</para>
 
<screen><userinput role='root'><command>/etc/rc.d/init.d/bind start</command></userinput></screen>
 
</sect3>
 
<sect3><title>Testing <application><acronym>BIND</acronym></application></title>
 
<para>Test out the new
<application><acronym>BIND</acronym></application> 9 installation. First
query the local host address with <command>dig</command>:</para>
 
<screen><userinput><command>dig -x 127.0.0.1</command></userinput></screen>
 
<para>Now try an external name lookup, taking note of the speed
difference in repeated lookups due to the caching. Run the
<command>dig</command> command twice on the same address:</para>
 
<screen><userinput><command>dig www.linuxfromscratch.org &amp;&amp;
dig www.linuxfromscratch.org</command></userinput></screen>
 
<para>You can see almost instantaneous results with the named caching lookups.
Consult the <application><acronym>BIND</acronym></application> Administrator
Reference Manual located at
<filename>doc/arm/Bv9ARM.html</filename> in the package source tree, for
further configuration options.</para>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
 
<seglistitem>
<seg>dig, dnssec-keygen, dnssec-signzone, host, isc-config.sh, lwresd,
named, named-checkconf, named-checkzone, nslookup, nsupdate, rndc and
rndc-confgen</seg>
<seg>libbind9.[so,a], libdns.[so,a], libisc.[so,a], libisccc.[so,a],
libisccfg.[so,a] and liblwres.[so,a]</seg>
<seg>/home/named, /usr/include/bind9, /usr/include/dns, /usr/include/dst,
/usr/include/isc, /usr/include/isccc, /usr/include/isccfg, /usr/include/lwres
and /usr/share/doc/bind-&bind-version;</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="dig">
<term><command>dig</command></term>
<listitem><para>interrogates <acronym>DNS</acronym> servers.</para>
<indexterm zone="bind dig">
<primary sortas="b-dig">dig</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="dnssec-keygen">
<term><command>dnssec-keygen</command></term>
<listitem><para>is a key generator for secure <acronym>DNS</acronym>.</para>
<indexterm zone="bind dnssec-keygen">
<primary sortas="b-dnssec-keygen">dnssec-keygen</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="dnssec-signzone">
<term><command>dnssec-signzone</command></term>
<listitem><para>generates signed versions of zone files.</para>
<indexterm zone="bind dnssec-signzone">
<primary sortas="b-dnssec-signzone">dnssec-signzone</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="host">
<term><command>host</command></term>
<listitem><para>is a utility for <acronym>DNS</acronym> lookups.</para>
<indexterm zone="bind host">
<primary sortas="b-host">host</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="lwresd">
<term><command>lwresd</command></term>
<listitem><para>is a caching-only name server for local process use.</para>
<indexterm zone="bind lwresd">
<primary sortas="b-lwresd">lwresd</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="named">
<term><command>named</command></term>
<listitem><para>is the name server daemon.</para>
<indexterm zone="bind named">
<primary sortas="b-named">named</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="named-checkconf">
<term><command>named-checkconf</command></term>
<listitem><para>checks the syntax of <filename>named.conf</filename>
files.</para>
<indexterm zone="bind named-checkconf">
<primary sortas="b-named-checkconf">named-checkconf</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="named-checkzone">
<term><command>named-checkzone</command></term>
<listitem><para>checks zone file validity.</para>
<indexterm zone="bind named-checkzone">
<primary sortas="b-named-checkzone">named-checkzone</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="nslookup">
<term><command>nslookup</command></term>
<listitem><para>is a program used to query Internet domain nameservers.</para>
<indexterm zone="bind nslookup">
<primary sortas="b-nslookup">nslookup</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="nsupdate">
<term><command>nsupdate</command></term>
<listitem><para>is used to submit <acronym>DNS</acronym> update
requests.</para>
<indexterm zone="bind nsupdate">
<primary sortas="b-nsupdate">nsupdate</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="rndc">
<term><command>rndc</command></term>
<listitem><para>controls the operation of
<application><acronym>BIND</acronym></application>.</para>
<indexterm zone="bind rndc">
<primary sortas="b-rndc">rndc</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="rndc-confgen">
<term><command>rndc-confgen</command></term>
<listitem><para>generates <filename>rndc.conf</filename> files.</para>
<indexterm zone="bind rndc-confgen">
<primary sortas="b-rndc-confgen">rndc-confgen</primary>
</indexterm></listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/svnserver.xml
0,0 → 1,242
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
 
<sect1 id="svnserver" xreflabel="Running a Subversion Server">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="svnserver.html"?>
<title>Administrer un serveur Subversion</title>
 
<sect2>
<title>Administrer un serveur Subversion</title>
<para>Cette section décrira comment configurer, administrer et sécuriser un
serveur <application>Subversion</application>.</para>
 
<sect3><title>Dépendances de <application>Subversion server</application></title>
<sect4><title>Requis</title>
<para><xref linkend="subversion"/> et <xref linkend="openssh"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Configurer un serveur <application>Subversion</application>.</title>
 
<para>Les instructions suivantes installeront un serveur
<application>Subversion</application>, qui sera configuré pour utiliser
<application>OpenSSH</application> comme moyen d'accès distant sécurisé, avec
<command>svnserve</command> pour un accès anonyme.</para>
 
<para>La configuration du serveur <application>Subversion</application> consiste
aux étapes suiavntes&nbsp;:</para>
 
<sect3><title>1. Configuration des utilisateurs, groupes et droits</title>
<para>Vous aurez besoin d'être l'utilisateur root pour la première partie de la
configuration. Créez l'utilisateur et le groupe svn avec les commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>groupadd svn &amp;&amp;
useradd -c "SVN Owner" -d /home/svn -m -g svn -s /bin/false svn</command></userinput></screen>
 
<para>Si vous planifiez d'avoir plusieurs dépôts, vous devriez avoir un groupe
dédié pour chaque dépôt pour faciliter l'administration. Créez le groupe svntest
pour le dépôt test et ajoutez l'utilisateur svn à ce groupe avec les commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>groupadd svntest &amp;&amp;
usermod -G svntest svn</command></userinput></screen>
 
<para>De plus, vous pourriez configurer un <command>umask 002</command> en
travaillant sur un dépôt pour que tous les nouveaux fichiers soient modifiables
par le propriétaire et le groupe. Ceci est rendu nécessaire par la création
d'un script d'emballage pour <command>svn</command> et
<command>svnserve</command>&nbsp;:</para>
 
<screen><userinput><command>mv /usr/bin/svn /usr/bin/svn.orig &amp;&amp;
mv /usr/bin/svnserve /usr/bin/svnserve.orig &amp;&amp;
cat &gt;&gt; /usr/bin/svn &lt;&lt; "EOF"</command>
#!/bin/sh
umask 002
/usr/bin/svn.orig "$@"
<command>EOF
cat &gt;&gt; /usr/bin/svnserve &lt;&lt; "EOF"</command>
#!/bin/sh
umask 002
/usr/bin/svnserve.orig "$@"
<command>EOF
chmod 0755 /usr/bin/svn{,serve}</command></userinput></screen>
 
<note><para>Si vous utilisez <application>Apache</application> pour travailler
avec le dépôt sur <acronym>HTTP</acronym>, même pour un accès anonyme, vous
devez emballer <command>/usr/sbin/httpd</command> dans un script similaire.
</para></note>
 
</sect3>
 
<sect3><title>2. Créez un dépôt <application>Subversion</application>.</title>
 
<para>Avec subversion-1.1.0 et ultérieur, un nouveau type de stockage de données
pour le dépôt est disponible, <acronym>FSFS</acronym>. C'est un compromis pour
la rapidité du nouveau serveur, néanmoins, le dépôt peut maintenant être placé
sur un montage réseau et toute corruption ne requiert pas un administrateur
pour récupérer le dépôt. Pour plus d'informations et de comparaisons entre
<acronym>FSFS</acronym> et <acronym>BDB</acronym>, merci de lire
<ulink url="http://svnbook.red-bean.com/svnbook-1.1/ch05.html#svn-ch-5-sect-1.2.A"/>.
En option, vous pouvez passer <parameter>bdb</parameter> à la place de
<parameter>fsfs</parameter> dans la commande suivante pour créer un stockage de
données BerkelyDB.</para>
 
<para>Créez un nouveau dépôt <application>Subversion</application> avec les
commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>install -d -m0755 /srv &amp;&amp;
install -d -m0755 -o svn -g svn /srv/svn/repositories &amp;&amp;
svnadmin create --fs-type fsfs /srv/svn/repositories/svntest</command></userinput></screen>
 
<para>Maintenant que le dépôt est créé, nous avons besoin de le remplir avec
quelque chose d'utile. Vous aurez besoin d'avoir une configuration de répertoires
prédéfinis de la façon que vous pensez que votre dépôt doit avoir l'air. Par
exemple, voici une configuration simple de BLFS en exemple avec une racine
<filename>svntest/</filename>. Vous aurez besoin de configurer une hiérarchie
de répertoires similaire à ce qui suit&nbsp;:</para>
 
<screen> svntest/ # Le nom du dépôt
trunk/ # Contient le source
BOOK/
bootscripts/
edguide/
patches/
scripts/
branches/ # Nécessaire pour les branches supplémentaires
tags/ # Nécessaire pour les points de version</screen>
 
<para>Une fois que vous avez créé votre hiérarchie de répertoires comme indiquée
ci-dessus, vous êtes prêt pour l'import initial&nbsp;:</para>
 
<screen><userinput><command>svn import -m "Initial import." \
<replaceable>[/path/to/source/tree]</replaceable> \
file:///srv/svn/repositories/svntest</command></userinput></screen>
 
<para>Maintenant, continuez en modifiant les informations sur le propriétaire
et le groupe sur le dépôt, et ajoutez votre utilisateur habituel aux groupes
svn et svntest&nbsp;:</para>
 
<screen><userinput><command>chown -R svn:svntest /srv/svn/repositories/svntest &amp;&amp;
chmod -R g+w /srv/svn/repositories/svntest &amp;&amp;
chmod g+s /srv/svn/repositories/svntest/db &amp;&amp;
usermod -G svn,svntest,<replaceable>[insert existing groups]</replaceable> <replaceable>[username]</replaceable></command></userinput></screen>
 
<para>svntest est le groupe affecté au dépôt svntest. Comem mentionné plus tôt,
ceci facilite l'administration de plusieurs dépôts lors de l'utilisation
d'<application>OpenSSH</application> pour l'authentification. En allant plus
loin, vous aurez besoin d'ajouter votre utilisateur habituel, et peut-être
d'autres utilisateurs si vous souhaitez qu'ils aient accès en écriture au dépôt,
aux groupes svn et svntest.</para>
 
<para>De plus, vous noterez que le répertoire <filename>db</filename> du nouveau
dépôt dispose du bit SGID. Au cas où la raison n'en serait pas claire
immédiatement, lors de l'utilisation d'une méthode d'authentification externe
(comme <command>ssh</command>), le <quote>sticky bit</quote> est configuré de
façon à ce que tous les nouveaux fichiers soient la propriété de l'utilisateur
qui les a créés mais aussi pour qu'ils aient comme groupe svntest. Toute personne
du groupe svntest peut créer des fichiers mais donne toujours le droit d'écriture
de groupe à ces fichiers. Ceci évite de verrouiller d'autres utilisateurs à
partir du dépôt.</para>
 
<para>Maintenant, continuez en retournant à votre compte utilisateur normal et
jetez un &oelig;il à votre nouveau dépôt en utilisant
<command>svnlook</command>&nbsp;:</para>
 
<screen><userinput><command>svnlook tree /srv/svn/repositories/svntest/</command></userinput></screen>
 
<note><para>Vous pourriez avoir besoin de vous déconnecter puis de vous reconnecter
pour rafraichir votre appartenance aux groupes. '<command>su
<replaceable>[nomutilisateur]</replaceable></command>' devrait aussi contourner
ce problème.</para></note>
 
</sect3>
 
<sect3><title>3. Configurer le serveur</title>
 
<para>Comme mentionné précédemment, ces instructions configureront le serveur
pour utiliser seulement <command>ssh</command> lors des accès en écriture au
dépôt et pour fournir un accès anonyme en utilisant <command>svnserve</command>.
Il existe d'autres moyens de fournir un accès au dépôt. Ces configurations
supplémentaires sont mieux expliquées sur
<ulink url="http://svnbook.red-bean.com/"/>.</para>
 
<para>La configuration de l'accès doit se faire pour chaque dépôt. Créez le
fichier <filename>svnserve.conf</filename> pour le dépôt svntest en utilisant
les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>cp /srv/svn/repositories/svntest/conf/svnserve.conf \
/srv/svn/repositories/svntest/conf/svnserve.conf.default &amp;&amp;
cat &gt; /srv/svn/repositories/svntest/conf/svnserve.conf &lt;&lt; "EOF"</command>
[general]
anon-access = read
auth-access = write
<command>EOF</command></userinput></screen>
 
<para>Il n'y a pas grand chose dans le fichier de configuration. Vous remarquerez
que seule la section générale est requise. Jetez un &oelig;il au fichier
<filename>svnserve.conf.default</filename> pour des informations sur
l'utilisation de la méthode d'authentification intégrée,
<command>svnserve</command>.</para>
 
</sect3>
 
<sect3><title>4. Exécuter le serveur</title>
 
<para>Il existe plusieurs façons de démarrer <command>svnserve</command>. La
façon la plus commune est de le lancer comme un processus
<command>inetd</command> ou <command>xinetd</command>. Autrement, vous pouvez
utiliser un script de démarrage pour lancer le serveur au démarrage de la
machine.</para>
 
<note><para>Si vous ne souhaitez pas fournir d'accès anonyme aux dépôts svn ou
si vous ne souhaitez pas utiliser l'authentification intégrée à
<command>svnserve</command>, vous n'avez pas besoin d'exécuter
<command>svnserve</command>.</para></note>
 
<para>Si vous utilisez <command>inetd</command>, ajoutez une ligne à
<filename>/etc/inetd.conf</filename> en utilisant les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>cat &gt;&gt; /etc/inetd.conf &lt;&lt; "EOF"</command>
svn stream tcp nowait svn /usr/bin/svnserve svnserve -i
<command>EOF</command></userinput></screen>
 
<para>Si vous utilisez <command>xinetd</command>, ajoutez les lignes suivantes
dans votre fichier <filename>/etc/xinetd.conf</filename>&nbsp;:</para>
 
<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
service svn
{
port = 3690
socket_type = stream
protocol = tcp
wait = no
user = svn
server = /usr/bin/svnserve
server_args = -i -r /srv/svn/repositories
}
<command>EOF</command></userinput></screen>
 
<para>Enfin, si vous souhaitez simplement exécuter le serveur au démarrage,
installez le script de démarrage svn inclus dans le paquetage
<xref linkend="intro-important-bootscripts"/>.</para>
 
<screen><userinput><command>make install-svn</command></userinput></screen>
 
</sect3>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/leafnode.xml
1,13 → 1,274
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY leafnode-download-http "http://prdownloads.sourceforge.net/leafnode/leafnode-&leafnode-version;.rel.tar.bz2">
<!ENTITY leafnode-download-ftp "ftp://ftp.gwdg.de/pub/linux/mirrors/sunsite/system/news/transport/leafnode-&leafnode-version;.rel.tar.bz2">
<!ENTITY leafnode-md5sum "1d8d27673780ba49fcb69883c2cabdec">
<!ENTITY leafnode-size "385&nbsp;Ko">
<!ENTITY leafnode-buildsize "6,3&nbsp;Mo">
<!ENTITY leafnode-time "0,10&nbsp;SBU">
]>
 
<sect1 id="leafnode" xreflabel="Leafnode-&leafnode-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="leafnode.html"?>
<title>Leafnode-&leafnode-version;</title>
<indexterm zone="leafnode">
<primary sortas="a-Leafnode">Leafnode</primary></indexterm>
 
&leafnode-intro;
&leafnode-inst;
&leafnode-exp;
&leafnode-config;
&leafnode-desc;
<sect2>
<title>Introduction à <application>Leafnode</application></title>
 
<para><application>Leafnode</application> est un serveur <acronym>NNTP</acronym>
conçu pour les petits sites fournissant un spooler USENET local.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&leafnode-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&leafnode-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &leafnode-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&leafnode-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&leafnode-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&leafnode-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances de <application>Leafnode</application></title>
<sect4><title>Requis</title>
<para><xref linkend="pcre"/> et <xref linkend="tcpwrappers"/></para>
</sect4>
 
<sect4><title>Recommandé</title>
<para><xref linkend="xinetd"/> et <xref linkend="fcron"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de <application>Leafnode</application></title>
 
<para>Créez le groupe et l'utilisateur news, s'ils ne sont pas déjà
présents&nbsp;:</para>
 
<screen><userinput><command>groupadd news &amp;&amp;
useradd -c "Leafnode News Server" -d /var/spool/news -g news news</command></userinput></screen>
 
<para>Installez <application>Leafnode</application> en lançant les commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>./configure --prefix=/usr \
--localstatedir=/var --sysconfdir=/etc/leafnode \
--with-lockfile=/var/lock/leafnode/fetchnews.lck &amp;&amp;
make</command></userinput></screen>
 
<para>Maintenant, en tant qu'utilisateur root&nbsp;:</para>
 
<screen><userinput role='root'><command>make install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Explications des commandes d'installation</title>
 
<para><parameter>--localstatedir=/var</parameter>&nbsp;: modifie le répertoire
spool, étant <filename class="directory">/usr/var</filename> par défaut.</para>
 
<para><parameter>--sysconfdir=/etc/leafnode</parameter>&nbsp;:
<application>Leafnode</application> lit les données de configuration à partir
d'un fichier nommé <filename>config</filename> qui sera créé dans
<filename class="directory">/etc/leafnode</filename> pour éviter tout conflit
potentiel avec d'autres paquetages.</para>
 
<para><command>make update</command>&nbsp;: lancez cette commande si vous faites
une mise à jour à partir d'une très vieille version de
<application>Leafnode</application>.</para>
 
</sect2>
 
<sect2>
<title>Configurer <application>Leafnode</application></title>
 
<sect3 id="leafnode-config"><title>Fichiers de configuration</title>
<para><filename>/etc/leafnode/config</filename>,
<filename>/etc/nntpserver</filename>,
<filename>/etc/xinetd.conf</filename> ou
<filename>/etc/inetd.conf</filename> et
<filename>/etc/sysconfig/createfiles</filename></para>
<indexterm zone="leafnode leafnode-config">
<primary sortas="e-etc-leafnode-config">/etc/leafnode/config</primary>
</indexterm>
<indexterm zone="leafnode leafnode-config">
<primary sortas="e-etc-nntpserver">/etc/nntpserver</primary></indexterm>
<indexterm zone="leafnode leafnode-config">
<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary></indexterm>
<indexterm zone="leafnode leafnode-config">
<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary></indexterm>
<indexterm zone="leafnode leafnode-config"><primary
sortas="e-etc-sysconfig-createfiles">/etc/sysconfig/createfiles</primary>
</indexterm>
</sect3>
 
<sect3><title>Commandes de configuration</title>
 
<para>Le fichier <filename>/etc/leafnode/config</filename> doit être édité
pour refléter le nom du fournisseur <acronym>NNTP</acronym> en amont. Copiez
le fichier de configuration d'exemple dans <filename>/etc/leafnode/config</filename>
et sauvegardez l'original pour référence&nbsp;:</para>
 
<screen><userinput><command>cp /etc/leafnode/config.example /etc/leafnode/config</command></userinput></screen>
 
<para>Modifiez l'entrée
<screen><userinput>server = </userinput></screen>
pour refléter votre fournisseur de nouvelles.</para>
 
<para>Le fichier <filename>/etc/nntpserver</filename> doit contenir 127.0.0.1
pour empêcher les nouveaux clients de lire à partir du flux en amont. Créez ce
fichier en utilisant la commande suivante&nbsp;:</para>
 
<screen><userinput><command>cat &gt; /etc/nntpserver &lt;&lt; "EOF"</command>
127.0.0.1
 
<command>EOF</command></userinput></screen>
 
<para>Le script <command>/etc/rc.d/init.d/cleanfs</command>, faisant partie du
paquetage des scripts de démarrage <acronym>LFS</acronym>, supprimera le
répertoire <filename class="directory">/var/lock/leafnode</filename> pendant la
séquence de démarrage du système. Installez la ligne suivante dans le fichier
<filename>/etc/sysconfig/createfiles</filename> pour créer de nouveau le
répertoire&nbsp;:</para>
 
<screen><userinput>/var/lock/leafnode dir 2775 news news</userinput></screen>
 
<para><application>Leafnode</application> pourrait être configuré pour utiliser
<command>inetd</command> en ajoutant une entrée dans le fichier
<filename>/etc/inetd.conf</filename> avec la commande&nbsp;:</para>
 
<screen><userinput><command>echo "nntp stream tcp nowait news /usr/sbin/tcpd /usr/sbin/leafnode" \
&gt;&gt; /etc/inetd.conf</command></userinput></screen>
 
<para>Lancez la commande <command>killall -HUP inetd</command> pour relire le
fichier <filename>inetd.conf</filename> modifié.</para>
 
<para>Autrement, <application>Leafnode</application> pourrait être configuré
pour utiliser <command>xinetd</command> en ajoutant une entrée dans le fichier
<filename>/etc/xinetd.conf</filename> avec la commande suivante&nbsp;:</para>
 
<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
service nntp
{
flags = NAMEINARGS NOLIBWRAP
socket_type = stream
protocol = tcp
wait = no
user = news
server = /usr/sbin/tcpd
server_args = /usr/sbin/leafnode
instances = 7
per_source = 3
}
<command>EOF</command></userinput></screen>
 
<para>Lancez la commande a <command>killall -HUP xinetd</command> pour relire
le fichier <filename>xinetd.conf</filename> modifié.</para>
 
<para>Ajoutez des entrées dans le fichier crontab de root ou de l'utilisateur
news pour lancer les commandes <command>fetchnews</command> et
<command>texpire</command> aux intervalles de temps désirés.</para>
 
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<segmentedlist>
<segtitle>Programmes installés</segtitle>
<segtitle>Bibliothèques installées</segtitle>
<segtitle>Répertoires installés</segtitle>
 
<seglistitem>
<seg>applyfilter, checkgroups, fetchnews, leafnode, leafnode-version,
newsq et texpire</seg>
<seg>Aucune</seg>
<seg>/etc/leafnode, /var/lock/leafnode et /var/spool/news</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Descriptions courtes</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="applyfilter">
<term><command>applyfilter</command></term>
<listitem><para>filtre les articles des groupes de nouvelles euivant des
expressions rationnelles.</para>
<indexterm zone="leafnode applyfilter">
<primary sortas="b-applyfilter">applyfilter</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="checkgroups">
<term><command>checkgroups</command></term>
<listitem><para>insère des titres de groupes de nouvelles dans la base de
données.</para>
<indexterm zone="leafnode checkgroups">
<primary sortas="b-checkgroups">checkgroups</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="fetchnews">
<term><command>fetchnews</command></term>
<listitem><para>envoie les articles postés et récupère les nouveaux articles
à partir d'un serveur de nouvelles en amont.</para>
<indexterm zone="leafnode fetchnews">
<primary sortas="b-fetchnews">fetchnews</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="leafnode-prog">
<term><command>leafnode</command></term>
<listitem><para>est un démon pour le serveur <acronym>NNTP</acronym>.</para>
<indexterm zone="leafnode leafnode-prog">
<primary sortas="b-leafnode">leafnode</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="leafnode-version">
<term><command>leafnode-version</command></term>
<listitem><para>affiche la version de <application>Leafnode</application>.</para>
<indexterm zone="leafnode leafnode-version">
<primary sortas="b-leafnode-version">leafnode-version</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="newsq">
<term><command>newsq</command></term>
<listitem><para>affiche les articles attendant d'être envoyés en amont.</para>
<indexterm zone="leafnode newsq">
<primary sortas="b-newsq">newsq</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="texpire">
<term><command>texpire</command></term>
<listitem><para>fait expirer les vieux articles et les groupes non lus.</para>
<indexterm zone="leafnode texpire">
<primary sortas="b-texpire">texpire</primary>
</indexterm></listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/rsync.xml
1,12 → 1,140
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY rsync-download-http "http://rsync.samba.org/ftp/rsync/rsync-&rsync-version;.tar.gz">
<!ENTITY rsync-download-ftp "ftp://ftp.samba.org/pub/rsync/rsync-&rsync-version;.tar.gz">
<!ENTITY rsyncd-md5sum "2beb30caafa69a01182e71c528fb0393">
<!ENTITY rsyncd-size "583 KB">
<!ENTITY rsync-buildsize "4.8 MB">
<!ENTITY rsyncd-time "0.17 SBU">
]>
 
<sect1 id="rsync" xreflabel="rsync-&rsync-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="rsync.html"?>
<title>rsync-&rsync-version;</title>
<title><application>rsync</application>-&rsync-version;</title>
 
&rsync-intro;
&rsync-inst;
&rsync-config;
&rsync-desc;
<sect2>
<title>Introduction à <application>rsync</application></title>
 
<para>Le paquetage <application>rsync</application> contient l'outil
<command>rsync</command>. Il est utile pour synchroniser de grosses archives de
fichiers sur un réseau.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&rsync-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&rsync-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &rsyncd-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&rsyncd-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&rsync-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&rsyncd-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances de <application>rsync</application></title>
<sect4><title>Optionnel</title>
<para><xref linkend="popt"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de <application>rsync</application></title>
 
<para>Pour des raisons de sécurité, lancer le serveur <application>rsync</application>
avec un utilisateur et groupe sans privilège est encouragé. Si vous avez
l'intention de lancer <command>rsync</command> en tant que démon, créez
l'utilisateur et le groupe rsyncd avec les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>groupadd rsyncd &amp;&amp;
useradd -c "rsyncd Daemon" -d /home/rsync -g rsyncd -s /bin/false rsyncd</command>
</userinput></screen>
 
<para>Installez <application>rsync</application> en lançant les commandes suivantes
commands:</para>
 
<screen><userinput><command>./configure --prefix=/usr &amp;&amp;
make &amp;&amp;
make install </command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Configurer <application>rsync</application></title>
 
<sect3><title>Fichiers de configuration</title>
<para><filename>/etc/rsyncd.conf</filename></para>
</sect3>
 
<sect3><title>Informations de configuration</title>
<para>Ceci est une configuration simple de téléchargement uniquement.
Voir la page man de rsyncd man-page pour des options supplémentaires (par
exemple, authentification de l'utilisateur).</para>
 
<screen><userinput><command>cat &gt; /etc/rsyncd.conf &lt;&lt; "EOF"</command>
# Ceci est un fichier basique de configuration de rsync.
# Il exporte un seul module sans authentification de l'utilisateur.
 
motd file = /home/rsync/welcome.msg
use chroot = yes
 
[localhost]
path = /home/rsync
comment = Default rsync module
read only = yes
list = yes
uid = rsyncd
gid = rsyncd
 
<command>EOF</command></userinput></screen>
</sect3>
 
<sect3><title>Script de démarrage de rsyncd</title>
 
<para>Notez que vous voulez lancer le serveur <application>rsync</application>
seulement si vous voulez proposer une archive <application>rsync</application>
sur votre machine locale. Vous n'avez pas besoin de ce script pour exécuter le
client <application>rsync</application>.</para>
 
<para>Installez le script de démarrage <filename>/etc/rc.d/init.d/rsyncd</filename>
inclus dans le paquetage <xref linkend="intro-important-bootscripts"/>.</para>
 
<screen><userinput><command>make install-rsyncd</command></userinput></screen>
 
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<para>Le paquetage <application>rsync</application> contient
<command>rsync</command>.</para>
 
</sect2>
 
<sect2><title>Description</title>
 
<sect3><title>rsync</title>
<para><application>rsync</application> est un remplacement pour
<command>rcp</command> (et <command>scp</command>) qui a beaucoup plus de
fonctionnalités. Il utilise l'algorithme rsync, fournissant une méthode très
rapide de synchronisation de fichiers distants. Il le fait en envoyant seulement
les différences des fichiers sur le lien, sans réclamer que les deux ensembles
de fichiers soient présents aux deux bouts du lien.</para></sect3>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/other/dhcp.xml
1,13 → 1,238
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY dhcp-download-http "http://gd.tuwien.ac.at/infosys/servers/isc/dhcp/dhcp-&dhcp-version;.tar.gz">
<!ENTITY dhcp-download-ftp "ftp://ftp.isc.org/isc/dhcp/dhcp-&dhcp-version;.tar.gz">
<!ENTITY dhcp-md5sum "04800a111521e7442749b2ce883f962b">
<!ENTITY dhcp-size "834&nbsp;Ko">
<!ENTITY dhcp-buildsize "29,7&nbsp;Mo">
<!ENTITY dhcp-time "0,22&nbsp;SBU">
]>
 
<sect1 id="dhcp" xreflabel="DHCP-&dhcp-version;">
<sect1info>
<othername>$LastChangedBy: bdubbs $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="dhcp.html"?>
<title><acronym>DHCP</acronym>-&dhcp-version;</title>
 
&dhcp-intro;
&dhcp-inst;
&dhcp-exp;
&dhcp-config;
&dhcp-desc;
<indexterm zone="dhcp">
<primary sortas="a-dhcp">Dhcp</primary>
</indexterm>
 
<sect2>
<title>Introduction à
<application><acronym>DHCP</acronym></application></title>
 
<para>Le paquetage <application><acronym>DHCP</acronym></application> contient
à la fois les programmes client et serveur pour <acronym>DHCP</acronym>.
<command>dhclient</command> (le client) est utile pour connecter votre ordinateur
à un réseau utilisant <acronym>DHCP</acronym> pour affecter les adresses du
réseau. <command>dhcpd</command> (le serveur) est utile pour affecter les adresses
réseau sur un réseau privé.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;: <ulink url="&dhcp-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;: <ulink url="&dhcp-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &dhcp-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&dhcp-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;: &dhcp-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;: &dhcp-time;</para></listitem>
</itemizedlist>
</sect3>
 
<sect3>
<title>Dépendances de <application>dhcp</application></title>
 
<sect4>
<title>Requis</title>
<para><xref linkend="net-tools"/> (vous pourriez omettre
<application>net-tools</application> en utilisant le correctif suivant pour
prendre en compte <application>iproute2</application>&nbsp;:
<ulink url="&patch-root;/dhcp-&dhcp-version;-iproute2-2.patch"/>)
</para>
</sect4>
</sect3>
 
</sect2>
 
<sect2 id='dhcp-kernel'>
<title>Installation de
<application><acronym>DHCP</acronym></application></title>
 
<note><para>Vous devez avoir le support du <quote>Packet Socket</quote> (Device
Drivers -&gt; Networking Support -&gt; Networking Options -&gt; Packet Socket)
compilé dans le noyau.</para></note>
 
<indexterm zone="dhcp dhcp-kernel">
<primary sortas="d-dhcp">DHCP</primary>
</indexterm>
 
<para>Installez <application><acronym>DHCP</acronym></application> en lançant
les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>patch -Np1 -i ../dhcp-&dhcp-version;-iproute2-2.patch &amp;&amp;
./configure &amp;&amp;
make</command></userinput></screen>
 
<para>Maintenant, en tant qu'utilisateur root&nbsp;:</para>
<screen><userinput role='root'><command>make LIBDIR=/usr/lib INCDIR=/usr/include install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Explications des commandes</title>
 
<para><parameter>LIBDIR=/usr/lib INCDIR=/usr/include</parameter>&nbsp;: cette
commande installe la bibliothèque et les fichiers d'inclusion dans
<filename class="directory">/usr</filename> au lieu de
<filename class="directory">/usr/local</filename>.</para>
 
</sect2>
 
<sect2 id='dhcp-config'>
<title>Configurer <application><acronym>DHCP</acronym></application></title>
 
<indexterm zone="dhcp dhcp-config">
<primary sortas="e-etc-dhclient.conf">/etc/dhclient.conf</primary>
</indexterm>
 
<indexterm zone="dhcp dhcp-config">
<primary sortas="e-etc-dhcpd.conf">/etc/dhcpd.conf</primary>
</indexterm>
 
 
<sect3>
<title>Fichiers de configuration</title>
<para><filename>/etc/dhclient.conf</filename></para>
</sect3>
 
<sect3 id='dhcp-init'>
<title>Informations de configuration</title>
 
<para>L'nformation sur la configuration du client <acronym>DHCP</acronym> peut
être trouvée dans <xref linkend="connect-dhcp"/>.</para>
 
<para>Notez que vous avez seulement besoin du serveur <acronym>DHCP</acronym>
si vous voulez utiliser des adresses <acronym>LAN</acronym> sur votre réseau.
Le client <acronym>DHCP</acronym> n'a pas besoin de ce script pour être utilisé.
De plus, notez que ce script est codé pour l'interface <emphasis
role="strong">eth1</emphasis>. Il pourrait donc être nécessaire pour le modifier
suivant la configuration de votre matériel.</para>
 
<para>Installez le script de démarrage <filename>/etc/rc.d/init.d/dhcp</filename>
inclus dans le paquetage <xref linkend="intro-important-bootscripts"/>.</para>
 
<indexterm zone="dhcp dhcp-init">
<primary sortas="f-dhcp">dhcpd</primary>
</indexterm>
 
<screen><userinput><command>make install-dhcp</command></userinput></screen>
 
<para>Le fichier lease doit exister au démarrage. La commande suivante satisfera
ce pré-requis&nbsp;:</para>
 
<screen><userinput><command>touch /var/state/dhcp/dhcpd.leases</command></userinput></screen>
 
<para>Les commandes suivantes créeront un fichier de configuration de base pour
un serveur <acronym>DHCP</acronym>. Il existe plusieurs options que vous pourriez
vouloir ajouter (informations passées au client <acronym>DHCP</acronym>). Elles
sont couvertes dans la page man de <filename>dhcp.conf</filename>.</para>
 
<screen><userinput><command>cat &gt; /etc/dhcpd.conf &lt;&lt; "EOF"</command>
default-lease-time 72000;
max-lease-time 144000;
ddns-update-style ad-hoc;
 
subnet <replaceable>[192.168.5.0]</replaceable> netmask <replaceable>[255.255.255.0]</replaceable> {
range <replaceable>[192.168.5.10] [192.168.5.240]</replaceable>;
option broadcast-address <replaceable>[192.168.5.255]</replaceable>;
option routers <replaceable>[192.168.5.1]</replaceable>;
}
<command>EOF</command></userinput></screen>
 
<para>Toutes les adresses doivent être modifiées pour correspondre à vos
besoins.</para>
 
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<segmentedlist>
<segtitle>Programmes installés</segtitle>
<segtitle>Bibliothèques installées</segtitle>
<segtitle>Répertoires installés</segtitle>
<seglistitem>
<seg>dhcpd, dhcrelay, dhclient, dhclient-script, omshell</seg>
<seg>bdhcpctl.a, libomapi.a</seg>
<seg>/var/state/dhcp, /usr/include/omapip, /usr/include/isi-dhcp</seg>
</seglistitem>
</segmentedlist>
<variablelist>
<bridgehead renderas="sect3">Descriptions courtes</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="dhclient">
<term><command>dhclient</command></term>
<listitem>
<para>est l'implémentation du client <acronym>DHCP</acronym>.</para>
<indexterm zone="dhcp dhclient">
<primary sortas="b-dhclient">dhclient</primary>
</indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="dhcpd">
<term><command>dhcpd</command></term>
<listitem>
<para>implémente le protocole de configuration dynamique de l'hôte
(<foreignphrase>Dynamic Host Configuration Protocol</foreignphrase>
(<acronym>DHCP</acronym>) et les requêtes du protocole
<quote><foreignphrase>Internet Bootstrap</foreignphrase></quote>
(<acronym>BOOTP</acronym>) pour des adresses réseau.</para>
<indexterm zone="dhcp dhcpd">
<primary sortas="b-dhcpd">dhcpd</primary>
</indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="dhcrelay">
<term><command>dhcrelay</command></term>
<listitem>
<para>fournit un moyen d'accepter les requêtes <acronym>DHCP</acronym> et
<acronym>BOOTP</acronym> sur un sous-réseau sans un serveur
<acronym>DHCP</acronym> et les relaie sur un serveur
<acronym>DHCP</acronym> sur un autre sous-réseau.</para>
<indexterm zone="dhcp dhcrelay">
<primary sortas="b-dhcrelay">dhcrelay</primary>
</indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="omshell">
<term><command>omshell</command></term>
<listitem>
<para>fournit une façon interactive de se connecter, de demander et, quelque
fois, de modifier l'état du serveur HDCP ISC via OMAPI, l'API de gestion
des objets.</para>
<indexterm zone="dhcp omshell">
<primary sortas="b-omshell">omshell</primary>
</indexterm>
</listitem>
</varlistentry>
 
</variablelist>
</sect2>
</sect1>
 
/trunk/blfs/server/other/openssh.xml
1,13 → 1,202
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY openssh-download-http "http://sunsite.ualberta.ca/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-download-ftp "ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-&openssh-version;.tar.gz">
<!ENTITY openssh-md5sum "8e1774d0b52aff08f817f3987442a16e">
<!ENTITY openssh-size "854 KB">
<!ENTITY openssh-buildsize "13.3 MB">
<!ENTITY openssh-time "0.40 SBU">
]>
 
<sect1 id="openssh" xreflabel="OpenSSH-&openssh-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:50 $</date>
</sect1info>
<?dbhtml filename="openssh.html"?>
<title>Open<acronym>SSH</acronym>-&openssh-version;</title>
 
&openssh-intro;
&openssh-inst;
&openssh-exp;
&openssh-config;
&openssh-desc;
<sect2>
<title>Introduction à
<application>Open<acronym>SSH</acronym></application></title>
 
<para>Le paquetage <application>Open<acronym>SSH</acronym></application> contient
des clients <command>ssh</command> et le démon <command>sshd</command>. Ils sont
utiles pour crypter l'authentification et le trafic qui suit sur un réseau.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&openssh-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&openssh-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &openssh-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&openssh-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&openssh-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&openssh-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances d'<application>Open<acronym>SSH</acronym></application></title>
<sect4><title>Requis</title>
<para><xref linkend="openssl"/></para>
</sect4>
 
<sect4><title>Optionnel</title>
<para><xref linkend="Linux_PAM"/>,
<xref linkend="tcpwrappers"/>,
X (<xref linkend="xfree86"/> ou <xref linkend="xorg"/>),
<xref linkend="mitkrb"/> ou <xref linkend="heimdal"/>,
<xref linkend="j2sdk"/>,
<xref linkend="net-tools"/> et
<ulink url="http://www.opensc.org/">OpenSC</ulink></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de
<application>Open<acronym>SSH</acronym></application></title>
 
<para><application>Open<acronym>SSH</acronym></application> fonctionne avec deux
processus lors de la connexion entre ordinateurs. Le premier processus est un
processus privilégié et contrôle l'échange des droits si nécessaire. Le second
processus communique avec le réseau. Les étapes supplémentaires d'installation
sont nécessaires pour configurer le bon environnement, grâce aux commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>mkdir /var/empty &amp;&amp;
chown root:sys /var/empty &amp;&amp;
groupadd sshd &amp;&amp;
useradd -c 'sshd privsep' -d /var/empty -g sshd -s /bin/false sshd</command></userinput></screen>
 
<para><application>OpenSSH</application> est très sensible aux changements dans
les bibliothèques liées d'<application>OpenSSL</application>. Si vous recompilez
<application>OpenSSL</application>, <application>OpenSSH</application> pourrait
échouer au lancement. Une alternative est de lier avec la bibliothèque statique
d'<application>OpenSSL</application>. Pour lier la bibliothèque statique,
exécutez la commande suivante&nbsp;:</para>
 
<screen><userinput><command>sed -i "s:-lcrypto:/usr/lib/libcrypto.a:g" configure</command></userinput></screen>
 
<para>Installez <application>Open<acronym>SSH</acronym></application> en lançant
les commandes suivantes&nbsp;:</para>
 
<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc/ssh \
--libexecdir=/usr/sbin --with-md5-passwords &amp;&amp;
make &amp;&amp;
make install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Explications des commandes</title>
 
<para><parameter>--sysconfdir=/etc/ssh</parameter>&nbsp;: ceci empêche le stockage
des fichiers de configuration dans
<filename class="directory">/usr/etc</filename>.</para>
 
<para><parameter>--with-md5-passwords</parameter>&nbsp;: ceci est requis si vous
effectuez les modifications recommandées par l'astuce shadowpasswd_plus de
<acronym>LFS</acronym> sur votre serveur <acronym>SSH</acronym> lorsque vous
avez installez la suite Shadow Password ou si vous avez accès à un serveur
<acronym>SSH</acronym> qui fournit l'authentification des mots de passe
utilisateur avec un cryptage md5. </para>
 
<para><parameter>--libexecdir=/usr/sbin</parameter>&nbsp;:
<application>Open<acronym>SSH</acronym></application> installe des programmes
appelés par des programmes dans <filename class="directory">/usr/libexec</filename>.
<command>sftp-server</command> est un outil de <command>sshd</command> et
<command>ssh-askpass</command> est un outil de <command>ssh-add</command>
qui est installé comme lien vers <command>X11-ssh-askpass</command>. Ces deux-là
devraient être installés dans <filename class="directory">/usr/sbin</filename>,
et non pas dans <filename class="directory">/usr/libexec</filename>.</para>
 
</sect2>
 
<sect2>
<title>Configurer <application>Open<acronym>SSH</acronym></application></title>
 
<sect3><title>Fichiers de configuration</title>
 
<para><filename>/etc/ssh/ssh_config</filename> et
<filename>/etc/ssh/sshd_config </filename></para>
 
<para>Il n'y a pas de modifications requises sur un de ces fichiers. Néanmoins,
vous pourriez vouloir faire des modifications pour une sécurité appropriée de
votre système. Une modification recommandée est de désactiver la connexion de
l'utilisateur root via ssh. Exécutez la commande suivante pour cela&nbsp;:</para>
 
<screen><userinput><command>echo "PermitRootLogin no" >> /etc/ssh/sshd_config</command></userinput></screen>
 
<para>Des informations de configuration supplémentaires sont disponibles dans
les pages man de <command>sshd</command>, <command>ssh</command> et
<command>ssh-agent</command></para>.
</sect3>
 
<sect3><title>Script de démarrage sshd</title>
 
<para>Pour exécuter le serveur <acronym>SSH</acronym> au démarrage du système,
installez le script de démarrage <filename>/etc/rc.d/init.d/sshd</filename>
inclus dans le paquetage <xref linkend="intro-important-bootscripts"/>.</para>
 
<screen><userinput><command>make install-sshd</command></userinput></screen>
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<para>Le paquetage <application>Open<acronym>SSH</acronym></application>
contient <command>ssh</command>, <command>sshd</command>,
<command>ssh-agent</command>, <command>ssh-add</command>,
<command>sftp</command>, <command>scp</command>,
<command>ssh-keygen</command>, <command>sftp-server</command> et
<command>ssh-keyscan</command>.</para>
 
</sect2>
 
<sect2><title>Description</title>
 
<sect3><title>ssh</title>
<para>Le programme client de base, style
<command>rlogin</command>/<command>rsh</command>.</para></sect3>
 
<sect3><title>sshd</title>
<para>Le démon qui attend les demandes de connexions <command>ssh</command>.
</para></sect3>
 
<sect3><title>ssh-agent</title>
<para>Un agent d'authentification qui peut sotcker les clés privées.</para></sect3>
 
<sect3><title>ssh-add</title>
<para>Outil pour ajouter des clés à <command>ssh-agent</command>.</para></sect3>
 
<sect3><title>sftp</title>
<para>Programme style <acronym>FTP</acronym> mais fonctionnant avec les
protocoles <acronym>SSH</acronym>1 et <acronym>SSH</acronym>2.</para></sect3>
 
<sect3><title>scp</title>
<para>Programme de copie de fichiers agissant comme <command>rcp</command>.</para></sect3>
 
<sect3><title>ssh-keygen</title>
<para>Outil de génération de clés.</para></sect3>
 
<sect3><title>sftp-server</title>
<para>Sous-système du serveur <acronym>SFTP</acronym>.</para></sect3>
 
<sect3><title>ssh-keyscan</title>
<para>Outil pour récupérer les clés publiques des hôtes à partir de certains
hôtes.</para></sect3>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/mail/postfix/postfix-config.xml
File deleted
/trunk/blfs/server/mail/postfix/postfix.ent
File deleted
/trunk/blfs/server/mail/postfix/postfix-intro.xml
File deleted
/trunk/blfs/server/mail/postfix/postfix-exp.xml
File deleted
/trunk/blfs/server/mail/postfix/postfix-inst.xml
File deleted
/trunk/blfs/server/mail/postfix/postfix-desc.xml
File deleted
/trunk/blfs/server/mail/exim/exim-config.xml
File deleted
/trunk/blfs/server/mail/exim/exim.ent
File deleted
/trunk/blfs/server/mail/exim/exim-intro.xml
File deleted
/trunk/blfs/server/mail/exim/exim-exp.xml
File deleted
/trunk/blfs/server/mail/exim/exim-inst.xml
File deleted
/trunk/blfs/server/mail/exim/exim-desc.xml
File deleted
/trunk/blfs/server/mail/sendmail/sendmail-config.xml
File deleted
/trunk/blfs/server/mail/sendmail/sendmail.ent
File deleted
/trunk/blfs/server/mail/sendmail/sendmail-intro.xml
File deleted
/trunk/blfs/server/mail/sendmail/sendmail-inst.xml
File deleted
/trunk/blfs/server/mail/sendmail/sendmail-desc.xml
File deleted
/trunk/blfs/server/mail/courier/courier.ent
File deleted
/trunk/blfs/server/mail/courier/courier-intro.xml
File deleted
/trunk/blfs/server/mail/courier/courier-exp.xml
File deleted
/trunk/blfs/server/mail/courier/courier-inst.xml
File deleted
/trunk/blfs/server/mail/courier/courier-desc.xml
File deleted
/trunk/blfs/server/mail/courier/courier-config.xml
File deleted
/trunk/blfs/server/mail/qpopper/qpopper-inst.xml
File deleted
/trunk/blfs/server/mail/qpopper/qpopper-desc.xml
File deleted
/trunk/blfs/server/mail/qpopper/qpopper-config.xml
File deleted
/trunk/blfs/server/mail/qpopper/qpopper.ent
File deleted
/trunk/blfs/server/mail/qpopper/qpopper-intro.xml
File deleted
/trunk/blfs/server/mail/exim.xml
1,13 → 1,434
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY exim-download-http "http://www.exim.org/ftp/exim4/exim-&exim-version;.tar.bz2">
<!ENTITY exim-download-ftp "ftp://ftp.exim.org/pub/exim/exim4/exim-&exim-version;.tar.bz2">
<!ENTITY exim-md5sum "f8f646d4920660cb5579becd9265a3bf">
<!ENTITY exim-size "1.4 MB">
<!ENTITY exim-buildsize "14.9 MB">
<!ENTITY exim-time "0.14 SBU">
]>
 
<sect1 id="exim" xreflabel="Exim-&exim-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:49 $</date>
</sect1info>
<?dbhtml filename="exim.html"?>
<title>Exim-&exim-version;</title>
<title><application>Exim</application>-&exim-version;</title>
<indexterm zone="exim">
<primary sortas="a-Exim">Exim</primary></indexterm>
 
&exim-intro;
&exim-inst;
&exim-exp;
&exim-config;
&exim-desc;
<sect2>
<title>Introduction to <application>Exim</application></title>
 
<para>The <application>Exim</application> package contains a Mail Transport
Agent written by the University of Cambridge, released under the
<acronym>GNU</acronym> Public License.</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&exim-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&exim-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum:
&exim-md5sum;</para></listitem>
<listitem><para>Download size:
&exim-size;</para></listitem>
<listitem><para>Estimated disk space required:
&exim-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&exim-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Additional downloads</title>
<itemizedlist spacing="compact">
<listitem><para>Required patch for Berkeley DB: <ulink
url="&patch-root;/exim-&exim-version;-db43-1.patch"/></para>
</listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Exim</application> dependencies</title>
<sect4><title>Required</title>
<para><xref linkend="db"/> or
<xref linkend="gdbm"/> or
<ulink url="http://sourceforge.net/projects/tdb">TDB</ulink></para>
</sect4>
 
<sect4><title>Optional</title>
<para>X (<xref linkend="xfree86"/> or <xref linkend="xorg"/>),
<xref linkend="openldap"/>,
<xref linkend="openssl"/> or
<ulink url="http://www.gnu.org/software/gnutls/">GnuTLS</ulink>,
<xref linkend="cyrus-sasl"/>,
<xref linkend="mysql"/>,
<xref linkend="postgresql"/>,
<xref linkend="tcpwrappers"/> and
<xref linkend="Linux_PAM"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Exim</application></title>
 
<para>Before building <application>Exim</application>, as the root user you
should create the group and user exim which will run the
<command>exim</command> daemon:</para>
 
<screen><userinput><command>groupadd exim &amp;&amp;
useradd -d /dev/null -c "Exim Daemon" -g exim -s /bin/false exim</command></userinput></screen>
 
<para>If you have <application>Berkeley <acronym>DB</acronym></application>
installed, apply the following patch:</para>
 
<screen><userinput><command>patch -Np1 -i ../exim-&exim-version;-db43-1.patch</command></userinput></screen>
 
<para>Install <application>Exim</application> with the following
commands:</para>
 
<screen><userinput><command>sed -e 's,^BIN_DIR.*$,BIN_DIRECTORY=/usr/sbin,' src/EDITME | \
sed -e 's,^CONF.*$,CONFIGURE_FILE=/etc/exim.conf,' | \
sed -e 's,^EXIM_USER.*$,EXIM_USER=exim,' | \
sed -e 's,^EXIM_MONITOR,#EXIM_MONITOR,' > Local/Makefile &amp;&amp;
make</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make install &amp;&amp;
install -v -m644 doc/exim.8 /usr/share/man/man8 &amp;&amp;
install -v -d -m755 /usr/share/doc/exim-&exim-version; &amp;&amp;
install -v -m644 doc/* /usr/share/doc/exim-&exim-version; &amp;&amp;
ln -sv exim /usr/sbin/sendmail</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><command>sed -e ... > Local/Makefile</command>: Most of
<application>Exim</application>'s configuration options are compiled in using
the directives in <filename>Local/Makefile</filename> which is created from
the <filename>src/EDITME</filename> file. This command specifies the minimum
set of options. Descriptions for the options are listed below.</para>
 
<para><parameter>BIN_DIRECTORY=/usr/sbin</parameter>: This installs all of
<application>Exim</application>'s binaries and scripts in
<filename class='directory'>/usr/sbin</filename>.</para>
 
<para><parameter>CONFIGURE_FILE=/etc/exim.conf</parameter>: This installs
<application>Exim</application>'s main configuration file in
<filename class='directory'>/etc</filename>.</para>
 
<para><parameter>EXIM_USER=exim</parameter>: This tells
<application>Exim</application> that after the daemon no longer needs root
privileges, the process hands off the daemon to the exim user.</para>
 
<para><parameter>#EXIM_MONITOR</parameter>: This defers building the
<application>Exim</application> monitor program, as it requires
<application>X</application> Window System support, by commenting out the
<parameter>EXIM_MONITOR</parameter> line in the <filename>Makefile</filename>.
If you wish to build the monitor program, omit this <command>sed</command>
command and issue the following command before building the package (modify
<filename>Local/eximon.conf</filename>, if necessary):
<command>cp exim_monitor/EDITME Local/eximon.conf</command>.</para>
 
<para><command>ln -s exim /usr/sbin/sendmail</command>: Creates a link to
<command>sendmail</command> for applications which need it.
<application>Exim</application> will accept most
<application>Sendmail</application> command-line options.</para>
 
</sect2>
 
<sect2>
<title>Adding additional functionality</title>
 
<para>To utilize some or all of the dependency packages, you'll need to modify
<filename>Local/Makefile</filename> to include the appropriate directives and
parameters to link additional libraries before you build
<application>Exim</application>. <filename>Local/Makefile</filename> is
heavily commented with instructions on how to do this. Listed below is
additional information to help you link these dependency packages.</para>
 
<para>To use a backend database other than <application>Berkelely
DB</application>, see the instructions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_4.html#SECT4.3"/>.</para>
 
<para>For <acronym>SSL</acronym> functionality, see the instructions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_4.html#SECT4.6"/> and
<ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_37.html#CHAP37"/>.</para>
 
<para>For <application>tcpwrappers</application> functionality, see the
instructions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_4.html#SECT4.7"/>.</para>
 
<para>For information about adding authentication mechanisms to the
build, see the instructions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_34.html#SECT34.4"/> For
specific information about using <application>Cyrus-SASL</application>, see
section 10 of the <filename>doc/NewStuff</filename> file located in the source
tree.</para>
 
<para>For information about linking <application>Linux-PAM</application>, see
the instuctions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_11.html#IX935"/>.</para>
 
<para>For information about linking database engine libraries used for
<application>Exim</application> name lookups, see the instuctions at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_9.html#CHAP9"/>.</para>
 
<para>If you wish to add <application>Readline</application> support to
<application>Exim</application> when invoked in <quote>test expansion</quote>
(-bv) mode, see the information in section 8 of the
<filename>doc/NewStuff</filename> file located in the source tree.</para>
 
<para>You may wish to modify the default configuration and send log files to
syslog instead of the default
<filename class='directory'>/var/spool/exim/log</filename> directory. See the
information at <ulink
url="http://www.exim.org/exim-html-4.40/doc/html/spec_45.html#CHAP45"/>.</para>
 
</sect2>
 
<sect2>
<title>Configuring Exim</title>
 
<sect3 id="exim-config"><title>Config files</title>
 
<para><filename>/etc/exim.conf</filename> and
<filename>/etc/aliases</filename></para>
<indexterm zone="exim exim-config">
<primary sortas="e-etc-exim.conf">/etc/exim.conf</primary></indexterm>
<indexterm zone="exim exim-config">
<primary sortas="e-etc-aliases">/etc/aliases</primary></indexterm>
 
</sect3>
 
<sect3><title>Configuration Information</title>
 
<para>A default (nothing but comments) <filename>/etc/aliases</filename> file
is installed during the package installation if this file did not exist on
your system. Create the necessary aliases and start the
<application>Exim</application> daemon using the following commands:</para>
 
<screen><userinput><command>cat &gt;&gt; /etc/aliases &lt;&lt; "EOF"</command>
postmaster: root
MAILER-DAEMON: root
<command>EOF
exim -v -bi &amp;&amp;
/usr/sbin/exim -bd -q15m</command></userinput></screen>
 
<note><para>To protect an existing <filename>/etc/aliases</filename> file,
the command above appends these aliases to it. This file should be checked and
duplicate aliases removed, if present.</para></note>
 
<para>The <command>/usr/sbin/exim -bd -q15m</command> command starts the
<application>Exim</application> daemon with a 15 minute interval in processing
the mail queue. Adjust this parameter to suit your desires.</para>
 
<para id="exim-init">To automate the running of <command>exim</command> at
startup, install the <filename>/etc/rc.d/init.d/exim</filename> init script
included in the <xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="exim exim-init">
<primary sortas="f-exim">exim</primary></indexterm>
 
<screen><userinput><command>make install-exim</command></userinput></screen>
 
<para>The bootscript also starts the <application>Exim</application> daemon
and dispatches a queue runner process every 15 minutes. Modify the
<parameter>-q<replaceable>[time interval]</replaceable></parameter> parameter
in <filename>/etc/rc.d/init.d/exim</filename>, if necessary for your
installation.</para>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
 
<seglistitem>
<seg>exicyclog, exigrep, exim, exim-4.43-2, exim_checkaccess, exim_dbmbuild,
exim_dumpdb, exim_fixdb, exim_lock, exim_tidydb, eximstats, exinext, exipick,
exiqgrep, exiqsumm, exiwhat and optionally, eximon and eximon.bin</seg>
<seg>None</seg>
<seg>/usr/share/doc/exim-&exim-version; and /var/spool/exim</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="exicyclog">
<term><command>exicyclog</command></term>
<listitem><para>cycles <application>Exim</application> log files.</para>
<indexterm zone="exim exicyclog">
<primary sortas="b-exicyclog">exicyclog</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exigrep">
<term><command>exigrep</command></term>
<listitem><para>searches <application>Exim</application> log files.</para>
<indexterm zone="exim exigrep">
<primary sortas="b-exigrep">exigrep</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim-prog">
<term><command>exim</command></term>
<listitem><para>is a symlink to the <command>exim-4.43-2</command>
<acronym>MTA</acronym> daemon.</para>
<indexterm zone="exim exim-prog">
<primary sortas="g-exim">exim</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim-4.43-2">
<term><command>exim-4.43-2</command></term>
<listitem><para>is the <application>Exim</application> mail transport
agent daemon.</para>
<indexterm zone="exim exim-4.43-2">
<primary sortas="b-exim-4.43-2">exim-4.43-2</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_checkaccess">
<term><command>exim_checkaccess</command></term>
<listitem><para>states whether a given recipient address from a given host is
acceptable or not.</para>
<indexterm zone="exim exim_checkaccess">
<primary sortas="b-exim_checkaccess">exim_checkaccess</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_dbmbuild">
<term><command>exim_dbmbuild</command></term>
<listitem><para> creates and rebuilds <application>Exim</application>
databases.</para>
<indexterm zone="exim exim_dbmbuild">
<primary sortas="b-exim_dbmbuild">exim_dbmbuild</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_dumpdb">
<term><command>exim_dumpdb</command></term>
<listitem><para> writes the contents of <application>Exim</application>
databases to the standard output.</para>
<indexterm zone="exim exim_dumpdb">
<primary sortas="b-exim_dumpdb">exim_dumpdb</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_fixdb">
<term><command>exim_fixdb</command></term>
<listitem><para>modifies data in <application>Exim</application>
databases.</para>
<indexterm zone="exim exim_fixdb">
<primary sortas="b-exim_fixdb">exim_fixdb</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_lock">
<term><command>exim_lock</command></term>
<listitem><para>locks a mailbox file.</para>
<indexterm zone="exim exim_lock">
<primary sortas="b-exim_lock">exim_lock</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exim_tidydb">
<term><command>exim_tidydb</command></term>
<listitem><para>removes old records from <application>Exim</application>
databases.</para>
<indexterm zone="exim exim_tidydb">
<primary sortas="b-exim_tidydb">exim_tidydb</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="eximstats">
<term><command>eximstats</command></term>
<listitem><para>generates mail statistics from <application>Exim</application>
log files.</para>
<indexterm zone="exim eximstats">
<primary sortas="b-eximstats">eximstats</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exinext">
<term><command>exinext</command></term>
<listitem><para>queries remote host retry times.</para>
<indexterm zone="exim exinext">
<primary sortas="b-exinext">exinext</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exipick">
<term><command>exipick</command></term>
<listitem><para>selects messages based on various criteria.</para>
<indexterm zone="exim exipick">
<primary sortas="b-exipick">exipick</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exiqgrep">
<term><command>exiqgrep</command></term>
<listitem><para>is a utility for selective queue listing.</para>
<indexterm zone="exim exiqgrep">
<primary sortas="b-exiqgrep">exiqgrep</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exiqsumm">
<term><command>exiqsumm</command></term>
<listitem><para>produces a summary of the messages in the mail queue.</para>
<indexterm zone="exim exiqsumm">
<primary sortas="b-exiqsumm">exiqsumm</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="exiwhat">
<term><command>exiwhat</command></term>
<listitem><para>queries running <application>Exim</application>
processes.</para>
<indexterm zone="exim exiwhat">
<primary sortas="b-exiwhat">exiwhat</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="eximon">
<term><command>eximon</command></term>
<listitem><para>is a start-up shell script for <command>eximon.bin</command>
used to set the required environment variables before running the
program.</para>
<indexterm zone="exim eximon">
<primary sortas="b-eximon">eximon</primary>
</indexterm></listitem>
</varlistentry>
 
<varlistentry id="eximon.bin">
<term><command>eximon.bin</command></term>
<listitem><para>is a monitor program which displays current information in an
<application>X</application> window, and also contains a menu interface to
<application>Exim</application>'s command line administration options.</para>
<indexterm zone="exim eximon.bin">
<primary sortas="b-eximon.bin">eximon.bin</primary>
</indexterm></listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/mail/mail.xml
1,4 → 1,10
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
]>
 
<chapter id="server-mail">
<?dbhtml filename="mail.html"?>
<title>Logiciels serveur de courier</title>
11,10 → 17,10
<acronym>POP</acronym> (qpopper) et un serveur <acronym>IMAP</acronym>
(Courier-<acronym>IMAP</acronym>).</para>
 
&postfix;
&sendmail;
&exim;
&qpopper;
&courier;
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="postfix.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="sendmail.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="exim.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="qpopper.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="courier.xml"/>
 
</chapter>
/trunk/blfs/server/mail/qpopper.xml
1,12 → 1,158
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY qpopper-download-http "http://ftp.uni-koeln.de/mail/qpopper&qpopper-version;.tar.gz">
<!ENTITY qpopper-download-ftp "ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper&qpopper-version;.tar.gz">
<!ENTITY qpopper-md5sum "e00853280c9e899711f0b0239d3d8f86">
<!ENTITY qpopper-size "2,2&nbsp;Mo">
<!ENTITY qpopper-buildsize "9,0&nbsp;Mo">
<!ENTITY qpopper-time "0,13&nbsp;SBU">
]>
 
<sect1 id="qpopper" xreflabel="Qpopper-&qpopper-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:49 $</date>
</sect1info>
<?dbhtml filename="qpopper.html"?>
<title>Qpopper-&qpopper-version;</title>
<indexterm zone="qpopper">
<primary sortas="a-Qpopper">Qpopper</primary></indexterm>
 
&qpopper-intro;
&qpopper-inst;
&qpopper-config;
&qpopper-desc;
<sect2>
<title>Introduction à <application>Qpopper</application></title>
 
<para>Le paquetage <application>Qpopper</application> contient un serveur de
courrier électronique <acronym>POP</acronym>3.</para>
 
<sect3><title>Informations sur le paquetage</title>
<itemizedlist spacing='compact'>
<listitem><para>Téléchargement (HTTP)&nbsp;:
<ulink url="&qpopper-download-http;"/></para></listitem>
<listitem><para>Téléchargement (FTP)&nbsp;:
<ulink url="&qpopper-download-ftp;"/></para></listitem>
<listitem><para>Téléchargement de la somme MD5&nbsp;: &qpopper-md5sum;</para></listitem>
<listitem><para>Taille du téléchargement&nbsp;:&qpopper-size;</para></listitem>
<listitem><para>Estimation de l'espace disque requis&nbsp;:
&qpopper-buildsize;</para></listitem>
<listitem><para>Estimation du temps de construction&nbsp;:
&qpopper-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title>Dépendances de <application>Qpopper</application></title>
<sect4><title>Requis</title>
<para><ulink url="../server/mail.html">MTA</ulink></para>
</sect4>
 
<sect4><title>Optionnel</title>
<para><xref linkend="openssl"/>,
<xref linkend="gdbm"/>,
<xref linkend="Linux_PAM"/>, et
<xref linkend="mitkrb"/> ou <xref linkend="heimdal"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation de <application>Qpopper</application></title>
 
<para>Installez <application>Qpopper</application> avec les commandes
suivantes&nbsp;:</para>
 
<screen><userinput><command>./configure --prefix=/usr &amp;&amp;
make</command></userinput></screen>
 
<para>Maintenant, en tant qu'utilisateur root&nbsp;:</para>
 
<screen><userinput role='root'><command>make install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Configurer <application>Qpopper</application></title>
 
<sect3 id="qpopper-config"><title>Informations de configuration</title>
 
<para>Mettez à jour le fichier de configuraton de <application>Syslog</application>
et forcez le démon <command>syslogd</command> à relire le nouveau fichier pour que
les événements de <application>Qpopper</application> soient tracés&nbsp;:</para>
<indexterm zone="qpopper qpopper-config">
<primary sortas="e-etc-syslog.conf">/etc/syslog.conf</primary></indexterm>
 
<screen><userinput><command>echo "local0.notice;local0.debug /var/log/POP.log" &gt;&gt; \
/etc/syslog.conf &amp;&amp;
killall -HUP syslogd</command></userinput></screen>
 
<para>Si vous utilisez <command>inetd</command>, la commande suivante ajoutera
l'entrée <application>Qpopper</application> dans
<filename>/etc/inetd.conf</filename>&nbsp;:</para>
<indexterm zone="qpopper qpopper-config">
<primary sortas="e-etc-inetd.conf">/etc/inetd.conf</primary></indexterm>
 
<screen><userinput><command>echo "pop3 stream tcp nowait root /usr/sbin/popper popper" &gt;&gt; \
/etc/inetd.conf &amp;&amp;
killall inetd || inetd</command></userinput></screen>
 
<para>Lancez un <command>killall -HUP inetd</command> pour relire le fichier
<filename>inetd.conf</filename> modifié.</para>
 
<para>Si vous utilisez <command>xinetd</command>, la commande suivante ajoutera
l'entrée <application>Qpopper</application> dans
<filename>/etc/xinetd.conf</filename>&nbsp;:</para>
<indexterm zone="qpopper qpopper-config">
<primary sortas="e-etc-xinetd.conf">/etc/xinetd.conf</primary></indexterm>
 
<screen><userinput><command>cat &gt;&gt; /etc/xinetd.conf &lt;&lt; "EOF"</command>
service pop3
{
port = 110
socket_type = stream
protocol = tcp
wait = no
user = root
server = /usr/sbin/popper
}
<command>EOF</command></userinput></screen>
 
<para>Lancez un <command>killall -HUP xinetd</command> pour relire le fichier
<filename>xinetd.conf</filename> modifié.</para>
</sect3>
 
</sect2>
 
<sect2>
<title>Contenu</title>
 
<segmentedlist>
<segtitle>Programme installé</segtitle>
<segtitle>Bibliothèques installées</segtitle>
<segtitle>Répertoires installés</segtitle>
 
<seglistitem>
<seg>popper</seg>
<seg>None</seg>
<seg>None</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Descriptions courtes</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="popper-qpopper">
<term><command>popper</command></term>
<listitem><para>est le démon pour le protocole <acronym>POP</acronym>3.</para>
<indexterm zone="qpopper popper-qpopper">
<primary sortas="b-popper">popper</primary>
</indexterm></listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/mail/courier.xml
1,13 → 1,952
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY courier-download-http "http://prdownloads.sourceforge.net/courier/courier-&courier-version;.tar.bz2">
<!ENTITY courier-download-ftp " ">
<!ENTITY courier-md5sum "639bb3b236914e3b86f287ce3f55264e">
<!ENTITY courier-size "4.3 MB">
<!ENTITY courier-buildsize "102 MB">
<!ENTITY courier-time "2.62 SBU">
]>
 
<sect1 id="courier" xreflabel="Courier-&courier-version;">
<sect1info>
<othername>$LastChangedBy: igor $</othername>
<date>$Date: 2005-06-16 06:11:49 $</date>
</sect1info>
<?dbhtml filename="courier.html"?>
<title>Courier-&courier-version;</title>
<indexterm zone="courier">
<primary sortas="a-Courier">Courier MTA</primary></indexterm>
 
&courier-intro;
&courier-inst;
&courier-exp;
&courier-config;
&courier-desc;
<sect2>
<title>Introduction to <application>Courier</application></title>
 
<para>The <application>Courier</application> package contains a Mail Transport
Agent (<acronym>MTA</acronym>). This is useful for sending email to other users
of your host machine. It can also be configured to be a central mail server for
your domain or a mail relay agent. The <application>Courier</application>
packages also includes a web-based email interface, <acronym>IMAP</acronym>,
<acronym>IMAP</acronym>-<acronym>SSL</acronym>, <acronym>POP</acronym>3, and
<acronym>POP</acronym>3-<acronym>SSL</acronym>.</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&courier-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&courier-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum: &courier-md5sum;</para></listitem>
<listitem><para>Download size: &courier-size;</para></listitem>
<listitem><para>Estimated disk space required:
&courier-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&courier-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Courier</application> dependencies</title>
<sect4><title>Required</title>
<para><xref linkend="gdbm"/></para>
</sect4>
 
<sect4><title>Optional</title>
<para><xref linkend="mysql"/> or <xref linkend="postgresql"/>,
<xref linkend="Linux_PAM"/>,
<xref linkend="openssl"/>,
<xref linkend="fam"/>,
<xref linkend="openldap"/>,
<xref linkend="apache"/>,
<xref linkend="ispell"/> or <xref linkend="aspell"/>,
<xref linkend="gnupg"/>,
<xref linkend="expect"/>,
<xref linkend="gs"/> or <xref linkend="espgs"/>,
<ulink url="http://netpbm.sourceforge.net/">Netpbm</ulink> and
<ulink url="http://alpha.greenie.net/mgetty/">Mgetty+Sendfax</ulink></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Courier</application></title>
<note><para><application>Courier's</application> tarball must be extacted as an
unprivileged user or the configure script will fail.</para></note>
<para>Before you compile the program, you need to create the courier user
and group that is expected to be in place when the install script executes.
As the root user, add the courier user and group with the following
commands:</para>
 
<screen><userinput role="root"><command>groupadd courier &amp;&amp;
useradd -c 'Courier Mail Server' -d /dev/null \
-g courier -s /bin/false courier</command></userinput></screen>
 
<para>The install script also expects a bin user. If you already have a user
named bin, this step can be safely ignored.</para>
 
<screen><userinput role="root"><command>useradd -c 'bin' -d /dev/null -g bin -u 1 bin</command></userinput></screen>
 
<para><application>Courierfilter</application> requires the directory
<filename class="directory">/var/run/courier</filename> to store
all the <application>Courier</application> pid and lockfiles.
<filename class="directory">/var/lock/subsys</filename> also must exist
for the master lock file for <application>Courier</application>. Issue
the following commands to create these directories:</para>
 
<screen><userinput role="root"><command>install -d /var/run/courier -o courier -g courier -m755 &amp;&amp;
install -d /var/lock/subsys -o root -g root -m755</command></userinput></screen>
 
<para>Build <application>Courier</application> as an unprivileged user
with the following commands:</para>
 
<screen><userinput><command>./configure --prefix=/usr --libexecdir=/usr/lib/courier \
--datadir=/usr/share/courier --sysconfdir=/etc/courier \
--localstatedir=/var/lib/courier --with-piddir=/var/run/courier \
--with-paranoid-smtpext --disable-autorenamesent \
--enable-workarounds-for-imap-client-bugs --with-db=gdbm &amp;&amp;
make</command></userinput></screen>
 
<para>Once again, become the root user and install
<application>Courier</application> with the following commands:</para>
 
<screen><userinput role="root"><command>make install &amp;&amp;
make install-configure</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><parameter>--libexecdir=/usr/lib/courier</parameter>: Specifies
the directory which contains programs and libraries that cannot be
directly executed from the command-line.</para>
 
<para><parameter>--datadir=/usr/share/courier</parameter>: Specifies the
directory where miscellaneous shell scripts,
<application>Perl</application> scripts, and data files will be
installed.</para>
 
<para><parameter>--localstatedir=/var/spool/courier</parameter>:
Specifies the directory that will hold the mail queue, and other
temporary data.</para>
 
<para><parameter>--with-piddir=/var/run/courier</parameter>: Specifies
the directory where <application>Courier</application>'s
<filename>PID</filename> files are stored when
<application>Courier</application> is active.</para>
 
<para><option>--with-paranoid-smtpext</option>: Be paranoid when
negotiating Courier-specific <acronym>ESMTP</acronym> extensions with
remote servers. The <application>Courier</application> mail server
defines and implements certain experimental <acronym>ESMTP</acronym>
extensions: XVERP and XEXDATA. Problems may result in the event that
someone else uses the same name to implement some other extension. If
this option is specified, <application>Courier's</application>
<acronym>ESMTP</acronym> server will also advertise a dummy
<acronym>ESMTP</acronym> capability called XCOURIEREXTENSIONS, and will
not recognize any Courier-specific extensions unless the remote mail
server also advertises this dummy <acronym>ESMTP</acronym>
capability.</para>
 
<para><option>--disable-autorenamesent</option>: Do not rename the Sent
folder every month. This option can also be controlled by the
<envar>SQWEBMAIL_AUTORENAMESENT</envar> environment variable.</para>
 
<para><option>--enable-workarounds-for-imap-client-bugs</option>: There
are several confirmed bugs in some <acronym>IMAP</acronym> clients that
do not properly implement the <acronym>IMAP</acronym>4rev1 protocol.
This option enables some workarounds for those buggy
<acronym>IMAP</acronym> clients. NOTE: <command>make check</command>
will fail if this option is used. You should first configure without
this option, and if all post-configuration tests succeed, rerun
configure with this option and recompile.</para>
 
<para><parameter>--with-db=gdbm</parameter>:
<application>Courier</application> requires either the
<application><acronym>GDBM</acronym></application> or the
<application>DB</application> database library.
<application><acronym>GDBM</acronym></application> is used if both are
present. This option forces the selection of
<application>GDBM</application> as courier is currently broken when used
with <application>DB</application>.</para>
 
<!-- # Note - Courier will build fine with <xref linkend="db"/>, but all
the database files will not be created correctly -->
 
<para><parameter>--with-ispell=/usr/bin/aspell</parameter>:
<application>Courier</application>'s webmail server can use spell
checking, if <command>configure</command> finds
<application>ispell</application> or if you explicitly set the location
of <application>aspell</application>.</para>
 
<para><parameter>--enable-mimetypes=<replaceable>[location of mime.types
file]</replaceable></parameter>: Use this switch if you receive an error
saying that the <filename>mime.types</filename> file could not be found.</para>
</sect2>
 
<sect2 id="etc-courier-star">
<title>Configuring <application>Courier</application></title>
<indexterm zone="courier etc-courier-star">
<primary sortas="e-etc-courier-star">/etc/courier/*</primary></indexterm>
 
<sect3><title>Configuration Files</title>
<para><filename>/etc/courier/*</filename></para>
</sect3>
 
<sect3><title>Configuration Information</title>
 
<para>While still as root, you will need to create the following files with
the contents specified.</para>
 
<para><filename>/etc/courier/defaultdomain</filename></para>
 
<screen><userinput role="root"><command>cat &gt; /etc/courier/defaultdomain &lt;&lt; "EOF"</command>
<replaceable>[yourdomain]</replaceable>
<command>EOF</command></userinput></screen>
 
<para><filename>/etc/courier/me</filename></para>
 
<screen><userinput role="root"><command>cat &gt; /etc/courier/me &lt;&lt; "EOF"</command>
<replaceable>[servername.yourdomain]</replaceable>
<command>EOF</command></userinput></screen>
 
<para><filename>/etc/courier/locals</filename></para>
 
<screen><userinput role="root"><command>cat &gt; /etc/courier/locals &lt;&lt; "EOF"</command>
localhost
<replaceable>[yourdomain]</replaceable>
<command>EOF</command></userinput></screen>
 
<para><filename>/etc/courier/esmtpacceptmailfor.dir/system</filename></para>
 
<screen><userinput role="root"><command>cat &gt; /etc/courier/esmtpacceptmailfor.dir/system &lt;&lt; "EOF"</command>
localhost
<replaceable>[yourdomain]</replaceable>
<command>EOF</command></userinput></screen>
 
<para>You will also need to edit the
<filename>/etc/courier/aliases/system</filename> file and change the
following entry.</para>
 
<screen><userinput>postmaster: <replaceable>[your administrator email]</replaceable></userinput></screen>
 
<para>If you want to deny access from some hosts from sending mail, you
will need to edit the
<filename>/etc/courier/smtpaccess/default</filename> file.</para>
 
<para>If you wish to host mail for non local domains including virtual
domains, you must add them to
<filename>/etc/courier/hosteddomains</filename>. This file should exist
whether you need a hosted domain list or not:</para>
 
<screen><userinput role="root"><command>touch /etc/courier/hosteddomains</command></userinput></screen>
 
<para>After the above steps are completed you will need to run the
following commands:</para>
 
<screen><userinput role="root"><command>makesmtpaccess &amp;&amp;
makehosteddomains &amp;&amp;
makealiases</command></userinput></screen>
 
<para>For each user, you will need to create a
<filename class="directory">Maildir</filename> directory:</para>
 
<screen><userinput role="root"><command>cd /home/<replaceable>[username]</replaceable> &amp;&amp;
maildirmake Maildir &amp;&amp;
chown <replaceable>[username]</replaceable>.<replaceable>[username]</replaceable> Maildir -R</command></userinput></screen>
 
<para>If you wish to use <acronym>SSL</acronym> with
<application>Courier</application>, you should obtain certificates and
store them in <filename>/usr/share/courier</filename>. You can
optionally create self-signed, test certificates with the following
commands:</para>
 
<screen><userinput role="root"><command>mkesmtpdcert &amp;&amp;
mkimapdcert &amp;&amp;
mkpop3dcert</command></userinput></screen>
 
<para>All of <application>Courier</application>'s configuration files reside
in the directory <filename class="directory">/etc/courier/</filename>. For
each service <acronym>SMTP</acronym>, <acronym>POP3</acronym> and
<acronym>IMAP</acronym>, you will have a standard config file, and an
<acronym>SSL</acronym> config file. For each service that you
wish to utilize, you will need to edit the configuration file, and
change the <replaceable>[DAEMON]</replaceable>START variable from 'NO' to
'YES'. For example, to use <acronym>SMTP</acronym> with
<acronym>SSL</acronym>, you'll need to edit
<filename>/etc/courier/esmtpd-ssl</filename> and change the value of
'ESMTPDSSLSTART' to 'YES'. Make the same change for each service
configuration that you wish to use with
<application>Courier</application>.</para>
 
<para>If you wish to use <acronym>LDAP</acronym>, an
<acronym>LDAP</acronym> configuration file should be created:</para>
 
<screen><userinput role="root"><command>echo "LDAPALIASDSTART=YES" > /etc/courier/ldapaliasd</command></userinput></screen>
 
<para>Similarly, if you wish to use webmail, you should create the webmail
configuration file:</para>
 
<screen><userinput role="root"><command>echo "WEBMAILDSTART=YES" > /etc/courier/webmaild</command></userinput></screen>
 
<para>You will also need to copy the <filename>webmail</filename> file from
<filename>/usr/lib/courier/courier/webmail</filename> to the
<filename class='directory'>cgi-bin</filename> directory of your
<application>Apache</application> server.</para>
 
<screen><userinput role="root"><command>cp -a /usr/lib/courier/courier/webmail/webmail /srv/www/cgi-bin</command></userinput></screen>
 
<para>You will then need to copy the images to a directory under your
<filename class='directory'>htdocs</filename> directory of your
<application>Apache</application> server. The directory needs to be named
<filename class='directory'>webmail</filename> or you need to specify it
during the configure phase with
<parameter>--enable-imageurl=<replaceable>[URL]</replaceable></parameter>.</para>
 
<screen><userinput role="root"><command>cp -a /usr/share/courier/sqwebmail/images /srv/www/htdocs/webmail</command></userinput></screen>
 
<para>If you wish to utilze the webadmin utility, you will need to copy the
<filename>webadmin</filename> file from
<filename class="directory">/usr/lib/courier/courier/webmail</filename>
to your <filename class="directory">cgi-bin</filename> directory of your
<application>Apache</application> server.</para>
 
<screen><userinput role="root"><command>cp -a /usr/lib/courier/courier/webmail/webadmin /srv/www/cgi-bin</command></userinput></screen>
 
<para>You also need to put the password into the file
<filename>/etc/courier/webadmin/password</filename>:</para>
 
<screen><userinput role="root"><command>cat &gt; /etc/courier/webadmin/password &lt;&lt; "EOF"</command>
<replaceable>[password]</replaceable>
<command>EOF</command></userinput></screen>
 
<para>If you are not using <acronym>SSL</acronym> on your <application>Apache
</application> server, you will also need to add
<filename>/etc/courier/webadmin/unsecureok</filename>, so you will be able
to use your web based administration tool.</para>
 
<screen><userinput role="root"><command>touch /etc/courier/webadmin/unsecureok</command></userinput></screen>
 
<para>If you use <application>Linux-PAM</application> on your system,
you will need to create the <acronym>PAM</acronym> configuration files:</para>
 
<screen><userinput role="root"><command>cat &gt; /etc/pam.d/esmtp &lt;&lt; "EOF"</command>
# Begin /etc/pam.d/esmtp
 
auth required pam_unix.so try_first_pass
account required pam_unix.so
session required pam_unix.so
 
# End /etc/pam.d/esmtp
<command>EOF
cat &gt; /etc/pam.d/pop3 &lt;&lt; "EOF"</command>
# Begin /etc/pam.d/pop3
 
auth required pam_unix.so try_first_pass
account required pam_unix.so
session required pam_unix.so
 
# End /etc/pam.d/pop3
<command>EOF
cat &gt; /etc/pam.d/imap &lt;&lt; "EOF"</command>
# Begin /etc/pam.d/imap
 
auth required pam_unix.so try_first_pass
account required pam_unix.so
session required pam_unix.so
 
# End /etc/pam.d/imap
<command>EOF
cat &gt; /etc/pam.d/webmail &lt;&lt; "EOF"</command>
# Begin /etc/pam.d/webmail
 
auth required pam_unix.so try_first_pass
account required pam_unix.so
session required pam_unix.so
 
# End /etc/pam.d/webmail
<command>EOF</command></userinput></screen>
 
<para id="courier-init">Finally, if you wish to start the
<application>Courier</application> server at boot, install
the <filename>/etc/rc.d/init.d/courier</filename> bootscript included in the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="courier courier-init">
<primary sortas="f-courier-init">courier</primary></indexterm>
 
<screen><userinput role="root"><command>make install-courier</command></userinput></screen>
 
</sect3>
 
<!-- Begin virtual user setup * To be removed once added to the hint. -->
 
<sect3>
 
<title>Configuring for virtual users</title>
 
<para>These instructions will configure <application>Courier</application>
to lookup virtual users in a <application>MySQL</application> database.
Begin by making the following changes to
<filename>/etc/courier/authmysqlrc</filename>:</para>
 
<screen><userinput>MYSQL_SERVER localhost
MYSQL_USERNAME courier
MYSQL_PASSWORD <replaceable>[your choice]</replaceable>
MYSQL_SOCKET /var/run/mysql/mysql.sock
MYSQL_PORT 3306
MYSQL_DATABASE courier_mail
MYSQL_USER_TABLE users
MYSQL_CLEAR_PWFIELD clear
DEFAULT DOMAIN <replaceable>[your domain]</replaceable>
MYSQL_QUOTA_FIELD quota</userinput></screen>
 
<para>Connect to <application>MySQL</application>:</para>
 
<screen><userinput role="root"><command>mysql -p</command></userinput></screen>
 
<para>Create the <filename>courier_mail</filename> database and setup
the users table:</para>
 
<screen><userinput role="root"><command>CREATE DATABASE courier_mail;
USE courier_mail
CREATE TABLE users (
id char(128) DEFAULT '' NOT NULL,
crypt char(128) DEFAULT '' NOT NULL,
clear char(128) DEFAULT '' NOT NULL,
name char(128) DEFAULT '' NOT NULL,
uid int(10) unsigned DEFAULT '65534' NOT NULL,
gid int(10) unsigned DEFAULT '65534' NOT NULL,
home char(255) DEFAULT '' NOT NULL,
quota char(255) DEFAULT '' NOT NULL,
KEY id (id(128))
);</command></userinput></screen>
 
<para>Grant all priveledges to the courier user created earlier:</para>
 
<screen><userinput role="root"><command>GRANT ALL PRIVILEGES ON *.* TO courier@localhost \
IDENTIFIED BY '<replaceable>[password]</replaceable>' WITH GRANT OPTION;
QUIT</command></userinput></screen>
 
<para>Create a virtual mailman user and group:</para>
<screen><userinput role="root"><command>groupadd -g 9000 vmailman &amp;&amp;
useradd -c 'Virtual Mailman' -g vmailman -m -k /dev/null -u 9000 vmailman</command></userinput></screen>
 
<para>Create a mail directory for a new virtual user:</para>
 
<screen><userinput role="root"><command>cd /home/vmailman &amp;&amp;
mkdir <replaceable>[virtual_user]</replaceable> &amp;&amp;
cd <replaceable>[virtual_user]</replaceable> &amp;&amp;
maildirmake Maildir &amp;&amp;
chown vmailman.vmailman Maildir -R</command></userinput></screen>
 
<para>Now, connect the the <application>MySQL</application> database as
the courier user:</para>
 
<screen><userinput role="root"><command>mysql -u courier -p</command></userinput></screen>
 
<para>To add the virtual user you need to enter at least one version of the
password either clear text or encrypted.</para>
 
<para>Add the first virtual user with the following commands:</para>
 
<screen><userinput role="root"><command>USE courier_mail
INSERT INTO users VALUES (
'<replaceable>[virtual_users]</replaceable>@<replaceable>[domain.com]</replaceable>,
'<replaceable>[encrypted password or blank]</replaceable>',
'<replaceable>[clear text password or blank]</replaceable>',
'<replaceable>[User's Name]</replaceable>',
9000,
9000,
'<replaceable>[location of Maildir]</replaceable>',
'<replaceable>[Quota in Bytes']</replaceable>
);
QUIT</command></userinput></screen>
 
<para>For example:</para>
 
<screen><userinput role="root"><command>INSERT INTO users VALUES (
'blfsuser@linuxfromscratch.org',
'',
'password',
'BLFS User',
9000,
9000,
'/home/vmailman/blfsuser',
''
);</command></userinput></screen>
 
</sect3>
 
<!-- End of Virtual user setup -->
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>addcr, authenumerate, cancelmsg, courier, courier-config,
courieresmtpd, courierfilter, courierlogger, couriermlm, couriertcpd,
couriertls, deliverquota, dotforward, esmtpd, esmtpd-msa, esmtpd-ssl,
filterctl, imapd, imapd-ssl, lockmail, mailbot, maildiracl, maildirkw,
maildirmake, maildrop, mailq, makeacceptmailfor, makealiases, makedat,
makehosteddomains, makemime, makepercentrelay, makesmtpaccess,
makesmtpaccess-msa, makeuserdb, makeuucpneighbors, mimegpg,
mkesmtpdcert, mkimapdcert, mkpop3dcert, pop3d, pop3d-ssl, preline,
pw2userdb, reformail, reformime, rmail, sendmail, sharedindexinstall,
sharedindexsplit, showconfig, showmodules, testmxlookup, userdb,
userdbpw, vchkpw2userdb, webgpg, webmaild</seg>
 
<seg>/etc/courier, /usr/lib/courier, /usr/share/courier, /var/lib/courier,
/var/lock/subsys, /var/run/courier and /var/spool/courier</seg>
 
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="cancelmsg">
<term><command>cancelmsg</command></term>
<listitem><para>removes a message from the mail queue.</para>
<indexterm zone="courier cancelmsg">
<primary sortas="b-cancelmsg">cancelmsg</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courier-prog">
<term><command>courier</command></term>
<listitem><para>is an administrative command used to control the
<application>Courier</application> scheduling engine.</para>
<indexterm zone="courier courier-prog">
<primary sortas="b-courier">courier</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierfax">
<term><command>courierfax</command></term>
<listitem><para>sends email messages by fax.</para>
<indexterm zone="courier courierfax">
<primary sortas="b-courierfax">courierfax</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierfilter">
<term><command>courierfilter</command></term>
<listitem><para>starts and stops all mail filters installed by
<command>filterctl</command>.</para>
<indexterm zone="courier courierfilter">
<primary sortas="b-courierfilter">courierfilter</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierldapaliasd">
<term><command>courierldapaliasd</command></term>
<listitem><para>supports mail address aliasing using an LDAP directory.</para>
<indexterm zone="courier courierldapaliasd">
<primary sortas="b-courierldapaliasd">courierldapaliasd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierlogger">
<term><command>courierlogger</command></term>
<listitem><para>captures error messages from other
<application>Courier</application> applications and forwards them to
the system logger.</para>
<indexterm zone="courier courierlogger">
<primary sortas="b-courierlogger">courierlogger</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="couriermlm">
<term><command>couriermlm</command></term>
<listitem><para>sets up, maintains, and manages mailing lists.</para>
<indexterm zone="courier couriermlm">
<primary sortas="b-couriermlm">couriermlm</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierperlfilter">
<term><command>courierperlfilter</command></term>
<listitem><para>is a sample filter written in
<application>Perl</application>.</para>
<indexterm zone="courier courierperlfilter">
<primary sortas="b-courierperlfilter">courierperlfilter</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierpop3d">
<term><command>courierpop3d</command></term>
<listitem><para>is a <application>Courier</application>
<acronym>POP</acronym>3 server.</para>
<indexterm zone="courier courierpop3d">
<primary sortas="b-courierpop3d">courierpop3d</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="courierpop3login">
<term><command>courierpop3login</command></term>
<listitem><para>reads the <acronym>POP</acronym>3 userid and password and
passes them to the authentication modules.</para>
<indexterm zone="courier courierpop3login">
<primary sortas="b-courierpop3login">courierpop3login</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="couriertcpd">
<term><command>couriertcpd</command></term>
<listitem><para>accepts incoming network connections, and runs other
<application>Courier</application> programs after establishing each network
connection.</para>
<indexterm zone="courier couriertcpd">
<primary sortas="b-couriertcpd">couriertcpd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="couriertls">
<term><command>couriertls</command></term>
<listitem><para>is used by applications to encrypt a network connection
using <acronym>SSL</acronym>/<acronym>TLS</acronym>.</para>
<indexterm zone="courier couriertls">
<primary sortas="b-couriertls">couriertls</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="dotforward">
<term><command>dotforward</command></term>
<listitem><para>is a compatibility module that reads forwarding
instructions in <filename>$HOME/.forward</filename>.</para>
<indexterm zone="courier dotforward">
<primary sortas="b-dotforward">dotforward</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="dupfilter">
<term><command>dupfilter</command></term>
<listitem><para>is a threaded filter that tries to block junk E-mail by
attempting to detect multiple copies of the same message, which are
rejected.</para>
<indexterm zone="courier dupfilter">
<primary sortas="b-dupfilter">dupfilter</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="esmtpd">
<term><command>esmtpd</command></term>
<listitem><para>is a control script for courieresmtpd.</para>
<indexterm zone="courier esmtpd">
<primary sortas="b-esmtpd">esmtpd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="esmtpd-msa">
<term><command>esmtpd-msa</command></term>
<listitem><para>is a control script for courieresmtpd, but adds message
submission port 587 for the <acronym>MSA</acronym> protocol.</para>
<indexterm zone="courier esmtpd-msa">
<primary sortas="b-esmtpd-msa">esmtpd-msa</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="filterctl">
<term><command>filterctl</command></term>
<listitem><para>installs or uninstalls global mail filters.</para>
<indexterm zone="courier filterctl">
<primary sortas="b-filterctl">filterctl</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="imapd">
<term><command>imapd</command></term>
<listitem><para>is the
<application>Courier</application>-<acronym>IMAP</acronym>
server.</para>
<indexterm zone="courier imapd">
<primary sortas="b-imapd">imapd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="lockmail">
<term><command>lockmail</command></term>
<listitem><para>is a helper utility for locking mailbox files.</para>
<indexterm zone="courier lockmail">
<primary sortas="b-lockmail">lockmail</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mailbot">
<term><command>mailbot</command></term>
<listitem><para>is a <acronym>MIME</acronym>-aware autoresponder utility.</para>
<indexterm zone="courier mailbot">
<primary sortas="b-mailbot">mailbot</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="maildiracl">
<term><command>maildiracl</command></term>
<listitem><para>manages access control lists.</para>
<indexterm zone="courier maildiracl">
<primary sortas="b-maildiracl">maildiracl</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="maildirkw">
<term><command>maildirkw</command></term>
<listitem><para>modifies
<application>Courier</application>-<acronym>IMAP</acronym> compatible maildir
message keywords.</para>
<indexterm zone="courier maildirkw">
<primary sortas="b-maildirkw">maildirkw</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="maildirmake">
<term><command>maildirmake</command></term>
<listitem><para>creates maildirs, and maildir folders.</para>
<indexterm zone="courier maildirmake">
<primary sortas="b-maildirmake">maildirmake</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="maildrop">
<term><command>maildrop</command></term>
<listitem><para>is a replacement local mail delivery agent that includes a
mail filtering language.</para>
<indexterm zone="courier maildrop">
<primary sortas="b-maildrop">maildrop</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mailq-courier">
<term><command>mailq</command></term>
<listitem><para>displays a list of all messages that have not been
delivered yet.</para>
<indexterm zone="courier mailq-courier">
<primary sortas="b-mailq">mailq</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makeacceptmailfor">
<term><command>makeacceptmailfor</command></term>
<listitem><para>builds a list of domains to accept mail for, from the
<filename class="directory">/etc/courier/esmtpacceptmailfor.dir</filename>
directory.</para>
<indexterm zone="courier makeacceptmailfor">
<primary sortas="b-makeacceptmailfor">makeacceptmailfor</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makealiases">
<term><command>makealiases</command></term>
<listitem><para>builds an alias database from one or more plain text
source files.</para>
<indexterm zone="courier makealiases">
<primary sortas="b-makealiases">makealiases</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makedat">
<term><command>makedat</command></term>
<listitem><para>is a utility to create <application>GDBM</application> or
<application>DB</application> files from plain text files.</para>
<indexterm zone="courier makedat">
<primary sortas="b-makedat">makedat</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makehosteddomains">
<term><command>makehosteddomains</command></term>
<listitem><para>rebuilds the contents of the hosteddomains database from the
contents of <filename>/tools/etc/courier/hosteddomains</filename>.</para>
<indexterm zone="courier makehosteddomains">
<primary sortas="b-makehosteddomains">makehosteddomains</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makemime">
<term><command>makemime</command></term>
<listitem><para>creates <acronym>MIME</acronym>-formatted messages from one
or more files.</para>
<indexterm zone="courier makemime">
<primary sortas="b-makemime">makemime</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makepercentrelay">
<term><command>makepercentrelay</command></term>
<listitem><para>builds a list of %-relayed domains from the
<filename class="directory">percentrelay.dir</filename> directory.</para>
<indexterm zone="courier makepercentrelay">
<primary sortas="b-makepercentrelay">makepercentrelay</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makesmtpaccess">
<term><command>makesmtpaccess</command></term>
<listitem><para>builds <acronym>ESMTP</acronym> server access files from the
<filename class="directory">/etc/courier/smtpaccess</filename>
directory.</para>
<indexterm zone="courier makesmtpaccess">
<primary sortas="b-makesmtpaccess">makesmtpaccess</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makesmtpaccess-msa">
<term><command>makesmtpaccess-msa</command></term>
<listitem><para>builds <acronym>ESMTP</acronym> server access files from the
<filename class="directory">/etc/courier/smtpaccess</filename> directory.
This esmtp list is for the <acronym>MSA</acronym> protocol.</para>
<indexterm zone="courier makesmtpaccess-msa">
<primary sortas="b-makesmtpaccess-msa">makesmtpaccess-msa</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makeuserdb">
<term><command>makeuserdb</command></term>
<listitem><para>builds a user/password db from the contents
of <filename class="directory">/tools/etc/courier/userdb</filename>.</para>
<indexterm zone="courier makeuserdb">
<primary sortas="b-makeuserdb">makeuserdb</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mimegpg">
<term><command>mimegpg</command></term>
<listitem><para>signs, encrypts, or decrypts <acronym>MIME</acronym>-formatted
email messages using <application>GnuPG</application>.</para>
<indexterm zone="courier mimegpg">
<primary sortas="b-mimegpg">mimegpg</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mkesmtpdcert">
<term><command>mkesmtpdcert</command></term>
<listitem><para>creates a secure <acronym>SMTP</acronym> test
certificate.</para>
<indexterm zone="courier mkesmtpdcert">
<primary sortas="b-mkesmtpdcert">mkesmtpdcert</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mkimapdcert">
<term><command>mkimapdcert</command></term>
<listitem><para>creates a secure <acronym>IMAP</acronym> test
certificate.</para>
<indexterm zone="courier mkimapdcert">
<primary sortas="b-mkimapdcert">mkimapdcert</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mkpop3dcert">
<term><command>mkpop3dcert</command></term>
<listitem><para>creates a secure <acronym>POP3</acronym> test
certificate.</para>
<indexterm zone="courier mkpop3dcert">
<primary sortas="b-mkpop3dcert">mkpop3dcert</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="pop3d">
<term><command>pop3d</command></term>
<listitem><para>is a wrapper script for <command>couriertcpd</command> to
start and stop the <acronym>POP3</acronym> service.</para>
<indexterm zone="courier pop3d">
<primary sortas="b-pop3d">pop3d</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="pop3d-ssl">
<term><command>pop3d-ssl</command></term>
<listitem><para>is a wrapper script for <command>couriertcpd</command> to
start and stop the <acronym>POP3</acronym> over <acronym>SSL</acronym>
service.</para>
<indexterm zone="courier pop3d-ssl">
<primary sortas="b-pop3d-ssl">pop3d-ssl</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="preline">
<term><command>preline</command></term>
<listitem><para>prepends legacy <filename>mbox</filename> headers to mail
messages.</para>
<indexterm zone="courier preline">
<primary sortas="b-preline">preline</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="reformail">
<term><command>reformail</command></term>
<listitem><para>reads a message on standard input, reformats it in some
way, and writes the message to standard output.</para>
<indexterm zone="courier reformail">
<primary sortas="b-reformail">reformail</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="reformime">
<term><command>reformime</command></term>
<listitem><para>is a utility for reformatting <acronym>MIME</acronym>
messages.</para>
<indexterm zone="courier reformime">
<primary sortas="b-reformime">reformime</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="sendmail-courier">
<term><command>sendmail</command></term>
<listitem><para>reads an email message and delivers the message to its
recipients.</para>
<indexterm zone="courier sendmail-courier">
<primary sortas="b-sendmail">sendmail</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="submit">
<term><command>submit</command></term>
<listitem><para>submits messages to <application>Courier</application> for
processing.</para>
<indexterm zone="courier submit">
<primary sortas="b-submit">submit</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="testmxlookup">
<term><command>testmxlookup</command></term>
<listitem><para>lists the names and <acronym>IP</acronym> addresses of mail
relays that receive mail for the domain.</para>
<indexterm zone="courier testmxlookup">
<primary sortas="b-testmxlookup">testmxlookup</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="userdb">
<term><command>userdb</command></term>
<listitem><para>is a script to individually manipulate entries in
<filename>/tools/etc/courier/userdb.</filename></para>
<indexterm zone="courier userdb">
<primary sortas="b-userdb">userdb</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="userdbpw">
<term><command>userdbpw</command></term>
<listitem><para>reads a single line of text on standard input, encrypts
it, and prints the encrypted result to standard output.</para>
<indexterm zone="courier userdbpw">
<primary sortas="b-userdbpw">userdbpw</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/mail/postfix.xml
1,13 → 1,587
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY postfix-download-http "http://www.mirrorspace.org/postfix/official/postfix-&postfix-version;.tar.gz">
<!ENTITY postfix-download-ftp "ftp://ftp.porcupine.org/mirrors/postfix-release/official/postfix-&postfix-version;.tar.gz">
<!ENTITY postfix-md5sum "bcaa4aac80595d04c60c72844203a04d">
<!ENTITY postfix-size "1.9 MB">
<!ENTITY postfix-buildsize "81 MB">
<!ENTITY postfix-time "0.29 SBU">
]>
 
<sect1 id="postfix" xreflabel="Postfix-&postfix-version;">
<sect1info>
<othername>$LastChangedBy: bdubbs $</othername>
<date>$Date: 2005-06-16 06:11:49 $</date>
</sect1info>
<?dbhtml filename="postfix.html"?>
<title>Postfix-&postfix-version;</title>
<indexterm zone="postfix">
<primary sortas="a-Postfix">Postfix</primary></indexterm>
 
&postfix-intro;
&postfix-inst;
&postfix-exp;
&postfix-config;
&postfix-desc;
<sect2>
<title>Introduction to Postfix</title>
 
<para>The <application>Postfix</application> package contains a Mail
Transport Agent (<acronym>MTA</acronym>). This is useful for sending email
to other users of your host machine. It can also be configured to be a
central mail server for your domain, a mail relay agent or simply a mail
delivery agent to your local Internet Service Provider
(<acronym>ISP</acronym>).</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP): <ulink
url="&postfix-download-http;"/></para></listitem>
<listitem><para>Download (FTP): <ulink
url="&postfix-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum: &postfix-md5sum;</para></listitem>
<listitem><para>Download size: &postfix-size;</para></listitem>
<listitem><para>Estimated disk space required:
&postfix-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&postfix-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Postfix</application> dependencies</title>
<sect4><title>Required</title>
<para><xref linkend="db"/></para>
</sect4>
 
<sect4><title>Optional</title>
<para><xref linkend="pcre"/>,
<xref linkend="mysql"/>,
<xref linkend="postgresql"/>,
<xref linkend="openldap"/>,
<xref linkend="openssl"/> and
<xref linkend="cyrus-sasl"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Postfix</application></title>
 
<sect3><title>Configuring the build</title>
 
<para>The <application>Postfix</application> source tree does not contain a
<filename>configure</filename> script, rather the makefile in the
top-level directory contains a <parameter>makefiles</parameter> target that
regenerates all the other makefiles in the build tree. If you wish to
use additional software such as a database back-end for virtual users, or
<acronym>TLS</acronym>/<acronym>SSL</acronym> authentication, you will
need to regenerate the makefiles using one or more of the appropriate
<envar>CCARGS</envar> and <envar>AUXLIBS</envar> settings listed below.</para>
 
<para>Here is an example that combines the
<acronym>TLS</acronym>/<acronym>SSL</acronym> and
<application>Cyrus-SASL</application> arguments:</para>
 
<screen><userinput><command>make makefiles \
CCARGS="-DHAS_SSL -DUSE_SASL_AUTH -I/usr/include/openssl -I/usr/include/sasl" \
AUXLIBS="-L/usr/lib -R/usr/lib -lssl -lcrypto -lsasl2"</command></userinput></screen>
 
<sect4><title>SSL/TLS authentication</title>
<para>To use <acronym>SSL</acronym>/<acronym>TLS</acronym>
authentication with <application>Postfix</application>, you will first
need to apply a patch availible from
<ulink url="ftp://ftp.aet.tu-cottbus.de/pub/postfix_tls/pfixtls-0.8.18-2.1.3-0.9.7d.tar.gz"/>.
Unzip the patch tarball, and apply it with the following commands:</para>
 
<screen><userinput><command>patch -p1 &lt; ../pfixtls-0.8.18-2.1.3-0.9.7d/pfixtls.diff</command></userinput></screen>
 
<para>You will need to pass the following values to the
<command>make makefiles</command> command:</para>
 
<screen><userinput>CCARGS="-DHAS_SSL -I/usr/include/openssl" \
AUXLIBS="-L/usr/lib -lssl -lcrypto"</userinput></screen>
 
<para>To use <acronym>SSL</acronym> or <acronym>TLS</acronym> you will
also need <xref linkend="cyrus-sasl"/>.</para>
</sect4>
 
<sect4><title>Cyrus-SASL</title>
<para>To use <application>Cyrus-SASL</application> with
<application>Postfix</application>, use the following arguments:</para>
 
<screen><userinput>CCARGS="-DUSE_SASL_AUTH -I/usr/include/sasl" \
AUXLIBS="-L/usr/lib -R/usr/lib -lsasl2"</userinput></screen>
</sect4>
 
<sect4><title>OpenLDAP</title>
<para>To use <application>OpenLDAP</application> with
<application>Postfix</application>, use the following arguments:</para>
 
<screen><userinput>CCARGS="-I/usr/include -DHAS_LDAP" \
AUXLIBS="-L/usr/lib -lldap -llber"</userinput></screen>
</sect4>
 
<sect4><title>MySQL</title>
<para>To use <application>MySQL</application> with
<application>Postfix</application>, use the following arguments:</para>
 
<screen><userinput>CCARGS="-DHAS_MYSQL -I/usr/include/mysql" \
AUXLIBS="-L/usr/lib -lmysqlclient -lz -lm"</userinput></screen>
</sect4>
 
<sect4><title>PostgreSQL</title>
<para>To use <application>PostgreSQL</application> with
<application>Postfix</application>, use the following arguments:</para>
 
<screen><userinput>CCARGS="-DHAS_PGSQL -I/usr/include/postgresql" \
AUXLIBS="-L/usr/lib -lpq -lz -lm"</userinput></screen>
</sect4>
 
</sect3>
 
<sect3><title>Installing Postfix</title>
 
<para>Before you compile the program, you need to create users and groups that
will be expected to be in place when the install script executes. Add the
users and groups with the following commands:</para>
 
<screen><userinput><command>groupadd postfix &amp;&amp;
groupadd postdrop &amp;&amp;
groupadd -g 65534 nogroup &amp;&amp;
useradd -c postfix -d /dev/null -g postfix -s /bin/false postfix &amp;&amp;
useradd -c nobody -d /home -g nogroup -s /bin/bash -u 65534 nobody &amp;&amp;
chown postfix:postfix /var/mail</command></userinput></screen>
 
<para>Install <application>Postfix</application> by running the
following commands:</para>
 
<screen><userinput><command>make &amp;&amp;
sh postfix-install daemon_directory=/usr/sbin \
manpage_directory=/usr/share/man \
sample_directory=/usr/share/doc/postfix \
-non-interactive</command></userinput></screen>
 
<para>The final installation step is to install the program's documentation with
the following commands:</para>
 
<screen><userinput><command>install -d /usr/share/doc/postfix &amp;&amp;
cp -rf html/* /usr/share/doc/postfix</command></userinput></screen>
</sect3></sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><command>sh postfix-install ... -non-interactive</command> : This keeps
the install script from asking any questions, thereby accepting default
destination directories in all but the three cases explicitly mentioned.</para>
 
<para><command>make makefiles</command> : This command rebuilds the
makefiles throughout the source tree to use the options contained in the
<envar>CCARGS</envar> and <envar>AUXLIBS</envar> variables.</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>Postfix</application></title>
 
<sect3 id="postfix-config"><title>Config files</title>
<para><filename>/etc/aliases</filename>,
<filename>/etc/postfix/main.cf</filename> and
<filename>/etc/postfix/master.cf</filename></para>
<indexterm zone="postfix postfix-config">
<primary sortas="e-etc-aliases">/etc/aliases</primary></indexterm>
<indexterm zone="postfix postfix-config">
<primary sortas="e-etc-postfix-star">/etc/postfix/*</primary></indexterm>
</sect3>
 
<sect3><title>Configuration Information</title>
 
<screen><userinput><command>cat &gt;&gt; /etc/aliases &lt;&lt; "EOF"</command>
# Begin /etc/aliases
 
MAILER-DAEMON: postmaster
postmaster: root
 
root: LOGIN
# End /etc/aliases
<command>EOF</command></userinput></screen>
 
<note><para>To protect an existing <filename>/etc/aliases</filename> file, the
above command appends these aliases to it if it exists. This file should be
checked and duplicate aliases removed, if present.</para></note>
 
<para>The <filename>/etc/aliases</filename> file that was just created or
appended, the <filename>main.cf</filename> and the
<filename>master.cf</filename> must be personalized for your system. The
<filename>aliases</filename> file needs your non-root login identity so mail
addressed to root can be forwarded to you at the user level. The
<filename>main.cf</filename> file needs your fully qualified hostname. All of
these edits can be done with <command>sed</command> commands entered into the
console with appropriate substitutions of your non-root login name for
<replaceable>[user]</replaceable> and your fully qualified hostname for
<replaceable>[localhost.localdomain]</replaceable>. You will find the
<filename>main.cf</filename> file is self documenting, so load it into your
editor to make the changes you need for your situation.</para>
 
<screen><userinput><command>sed -i "s/LOGIN/<replaceable>[user]</replaceable>/" /etc/aliases &amp;&amp;
sed -i "s/#myhostname = host.domain.tld/myhostname = \
<replaceable>[localhost.localdomain]</replaceable>/" /etc/postfix/main.cf &amp;&amp;
/usr/bin/newaliases &amp;&amp;
/usr/sbin/postfix start</command></userinput></screen></sect3>
 
<sect3 id="postfix-init"><title>Postfix init.d script</title>
 
<para>To automate the running of Postfix at startup, install the
<filename>/etc/rc.d/init.d/postfix</filename> init script included in the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="postfix postfix-init"> <primary
sortas="f-postfix">postfix</primary></indexterm>
 
<screen><userinput><command>make install-postfix</command></userinput></screen>
 
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
 
<seglistitem>
<seg>bounce, cleanup, error, flush, lmtp, local, mailq, master,
newaliases, nqmgr, oqmgr, pickup, pipe, postalias, postcat, postconf,
postdrop, postfix, postkick, postlock, postlog, postmap, postqueue,
postsuper, proxymap, qmgr, qmqpd, sendmail, showq, smtp, smtpd, spawn,
trivial-rewrite, verify, and virtual</seg>
<seg>None</seg>
<seg>/etc/postfix and /usr/share/doc/postfix</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="bounce">
<term><command>bounce</command></term>
<listitem><para>A daemon that maintains per-message log files with
non-delivery status information.</para>
<indexterm zone="postfix bounce">
<primary sortas="b-bounce">bounce</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="cleanup">
<term><command>cleanup</command></term>
<listitem><para>A daemon that processes inbound mail, inserts it into the
incoming mail queue, and informs the queue manager of its arrival.</para>
<indexterm zone="postfix cleanup">
<primary sortas="b-cleanup">cleanup</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="error">
<term><command>error</command></term>
<listitem><para>A deamon that processes non-delivery requests from the
queue manager.</para>
<indexterm zone="postfix error">
<primary sortas="b-error">error</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="flush">
<term><command>flush</command></term>
<listitem><para>A daemon that maintains a record of deferred mail by
destination.</para>
<indexterm zone="postfix flush">
<primary sortas="b-flush">flush</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="lmtp">
<term><command>lmtp</command></term>
<listitem><para>A daemon that processes message delivery requests from the
queue manager.</para>
<indexterm zone="postfix lmtp">
<primary sortas="b-lmtp">lmtp</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="local">
<term><command>local</command></term>
<listitem><para>A daemon that processes delivery requests from the queue
manager to deliver mail to local recipients.</para>
<indexterm zone="postfix local">
<primary sortas="b-local">local</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mailq">
<term><command>mailq</command></term>
<listitem><para>A symlink to <filename>sendmail</filename>.</para>
<indexterm zone="postfix mailq">
<primary sortas="b-mailq">mailq</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="master">
<term><command>master</command></term>
<listitem><para>The resident process that runs
<application>Postfix</application> daemons on demand.</para>
<indexterm zone="postfix master">
<primary sortas="b-master">master</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="newaliases">
<term><command>newaliases</command></term>
<listitem><para>A symlink to <filename>sendmail</filename>.</para>
<indexterm zone="postfix newaliases">
<primary sortas="b-newaliases">newaliases</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="nqmgr">
<term><command>nqmgr</command></term>
<listitem><para>A daemon that awaits the arrival of incoming mail and
arranges for its delivery.</para>
<indexterm zone="postfix nqmgr">
<primary sortas="b-nqmgr">nqmgr</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="oqmgr">
<term><command>oqmgr</command></term>
<listitem><para>The old style queue manager. This will be removed
soon.</para>
<indexterm zone="postfix oqmgr">
<primary sortas="b-oqmgr">oqmgr</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="pickup">
<term><command>pickup</command></term>
<listitem><para>A daemon that waits for hints that new mail has been
dropped into the maildrop directory, and feeds it into the
<application>cleanup</application> daemon.</para>
<indexterm zone="postfix pickup">
<primary sortas="b-pickup">pickup</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="pipe">
<term><command>pipe</command></term>
<listitem><para>A daemon that processes requests from the queue
manager to deliver messages to external commands.</para>
<indexterm zone="postfix pipe">
<primary sortas="b-pipe">pipe</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postalias">
<term><command>postalias</command></term>
<listitem><para>Creates or queries one or more
<application>Postfix</application> alias databases, or updates an
existing one.</para>
<indexterm zone="postfix postalias">
<primary sortas="b-postalias">postalias</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postcat">
<term><command>postcat</command></term>
<listitem><para>Prints the contents of the
<application>named</application> files in human readable format.</para>
<indexterm zone="postfix postcat">
<primary sortas="b-postcat">postcat</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postconf">
<term><command>postconf</command></term>
<listitem><para>Displays or changes the value of
<application>Postfix</application> configuration parameters.</para>
<indexterm zone="postfix postconf">
<primary sortas="b-postconf">postconf</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postdrop">
<term><command>postdrop</command></term>
<listitem><para>Creates a file in the maildrop directory and copies
it's standard input to the file.</para>
<indexterm zone="postfix postdrop">
<primary sortas="b-postdrop">postdrop</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postfix-bin">
<term><command>postfix</command></term>
<listitem><para>Controls the operation of the
<application>Postfix</application> mail system.</para>
<indexterm zone="postfix postfix-bin">
<primary sortas="b-postfix">postfix</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postkick">
<term><command>postkick</command></term>
<listitem><para>Sends requests to the specified service over a
local transport channel.</para>
<indexterm zone="postfix postkick">
<primary sortas="b-postkick">postkick</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postlock">
<term><command>postlock</command></term>
<listitem><para>Locks a mail folder for exclusive use, and executes
commands passed to it.</para>
<indexterm zone="postfix postlock">
<primary sortas="b-postlock">postlock</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postlog">
<term><command>postlog</command></term>
<listitem><para>A <application>Postfix</application>-compatible logging
interface for use in, for example, shell scripts.</para>
<indexterm zone="postfix postlog">
<primary sortas="b-postlog">postlog</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postmap">
<term><command>postmap</command></term>
<listitem><para>Creates or queries one or more Postfix lookup
tables, or updates an existing one.</para>
<indexterm zone="postfix postmap">
<primary sortas="b-postmap">postmap</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postqueue">
<term><command>postqueue</command></term>
<listitem><para>The <application>Postfix</application> user interface for
queue management.</para>
<indexterm zone="postfix postqueue">
<primary sortas="b-postqueue">postqueue</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="postsuper">
<term><command>postsuper</command></term>
<listitem><para>The <application>Postfix</application> user interface for
superuser queue management.</para>
<indexterm zone="postfix postsuper">
<primary sortas="b-postsuper">postsuper</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="proxymap">
<term><command>proxymap</command></term>
<listitem><para>Provides read-only table lookup services to other
<application>Postfix</application> processes.</para>
<indexterm zone="postfix proxymap">
<primary sortas="b-proxymap">proxymap</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="qmgr">
<term><command>qmgr</command></term>
<listitem><para>A daemon that awaits the arrival of incoming mail and
arranges for its delivery.</para>
<indexterm zone="postfix qmgr">
<primary sortas="b-qmgr">qmgr</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="qmqpd">
<term><command>qmqpd</command></term>
<listitem><para>A daemon that receives one message per connection, and
pipes it through the <application>cleanup</application> daemon, and
places it into the incoming queue.</para>
<indexterm zone="postfix qmqpd">
<primary sortas="b-qmqpd">qmqpd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="sendmail-postfix">
<term><command>sendmail</command></term>
<listitem><para>The <application>Postfix</application> to
<application>Sendmail</application> compatibility interface.</para>
<indexterm zone="postfix sendmail-postfix">
<primary sortas="b-sendmail">sendmail</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="showq">
<term><command>showq</command></term>
<listitem><para>A daemon that reports the Postfix mail queue status.</para>
<indexterm zone="postfix showq">
<primary sortas="b-showq">showq</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="smtp">
<term><command>smtp</command></term>
<listitem><para>Looks up a list of mail exchanger addresses for the
destination host, sorts the list by preference, and connects to
each listed address until it finds a server that responds.</para>
<indexterm zone="postfix smtp">
<primary sortas="b-smtp">smtp</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="smtpd">
<term><command>smtpd</command></term>
<listitem><para>Accepts network connection requests and performs zero
or more SMTP transactions per connection.</para>
<indexterm zone="postfix smtpd">
<primary sortas="b-smtpd">smtpd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="spawn">
<term><command>spawn</command></term>
<listitem><para>Listens on a port as specified in the
<application>Postfix</application> <filename>master.cf</filename> file
and spawns an external command whenever a connection is established.</para>
<indexterm zone="postfix spawn">
<primary sortas="b-spawn">spawn</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="trivial-rewrite">
<term><command>trivial-rewrite</command></term>
<listitem><para>A daemon that rewrites addresses to standard form.</para>
<indexterm zone="postfix trivial-rewrite">
<primary sortas="b-trivial-rewrite">trivial-rewrite</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="verify">
<term><command>verify</command></term>
<listitem><para>Maintains a record of what recipient addresses are known
to be deliverable or undeliverable.</para>
<indexterm zone="postfix verify">
<primary sortas="b-verify">verify</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="virtual">
<term><command>virtual</command></term>
<listitem><para>Delivers mail to virtual user's mail directories.</para>
<indexterm zone="postfix virtual">
<primary sortas="b-virtual">virtual</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/mail/sendmail.xml
1,12 → 1,337
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY sendmail-download-ftp "ftp://ftp.sendmail.org/pub/sendmail/sendmail.&sendmail-version;.tar.gz">
<!ENTITY sendmail-download-http "http://www.sendmail.org/ftp/sendmail.&sendmail-version;.tar.gz">
<!ENTITY sendmail-md5sum "2809fbf9c8b067947b650d0128928d05">
<!ENTITY sendmail-size "1.9 MB">
<!ENTITY sendmail-buildsize "18.8 MB">
<!ENTITY sendmail-time "0.38 SBU">
]>
 
<sect1 id="sendmail" xreflabel="Sendmail-&sendmail-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:11:49 $</date>
</sect1info>
<?dbhtml filename="sendmail.html"?>
<title>Sendmail-&sendmail-version;</title>
<indexterm zone="sendmail">
<primary sortas="a-Sendmail">Sendmail</primary></indexterm>
 
&sendmail-intro;
&sendmail-inst;
&sendmail-config;
&sendmail-desc;
<sect2>
<title>Introduction to <application>Sendmail</application></title>
 
<para>The <application>Sendmail</application> package contains a Mail
Transport Agent (<acronym>MTA</acronym>).</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&sendmail-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&sendmail-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum: &sendmail-md5sum;</para></listitem>
<listitem><para>Download size: &sendmail-size;</para></listitem>
<listitem><para>Estimated disk space required:
&sendmail-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&sendmail-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Sendmail</application> dependencies</title>
 
<sect4><title>Required</title>
<para><xref linkend="db"/> and <xref linkend="procmail"/></para>
</sect4>
 
<sect4><title>Optional</title>
<para><xref linkend="openssl"/>,
<xref linkend="openldap"/>,
<xref linkend="tcpwrappers"/>,
<xref linkend="pcre"/>,
<xref linkend="cyrus-sasl"/>,
<ulink url="http://www-dev.cites.uiuc.edu/ph/nph/">nph</ulink>, and
<xref linkend="gs"/> or <xref linkend="espgs"/> (for creating
<acronym>PDF</acronym> documentation)</para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Sendmail</application></title>
 
<para>Before building <application>Sendmail</application>, create the users,
groups and directories that <application>Sendmail</application> requires
with the following commands issued as the root user:</para>
 
<screen><userinput role='root'><command>groupadd smmsp &amp;&amp;
groupadd mail &amp;&amp;
useradd -c "Sendmail Daemon" -g smmsp -G mail smmsp &amp;&amp;
chmod 1777 /var/mail &amp;&amp;
mkdir /var/spool/mqueue</command></userinput></screen>
 
<para><emphasis>Note:</emphasis> See the source tree
<filename>sendmail/README</filename> file for information on linking optional
packages into the build. Use the example below, which adds support for
<application>tcpwrappers</application>, <acronym>SASL</acronym>,
Start<acronym>TLS</acronym>
(<application>Open<acronym>SSL</acronym></application>) and
<application>Open<acronym>LDAP</acronym></application>, as a starting point.
Of course, modify it to suit your particular needs.</para>
 
<screen><userinput><command>cat &gt;&gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"</command>
APPENDDEF(`confENVDEF',`-DSTARTTLS -DTCPWRAPPERS -DSASL -DLDAPMAP')
APPENDDEF(`confLIBS', `-lssl -lcrypto -lwrap -lsasl2 -lldap -llber')
APPENDDEF(`confINCDIRS', `-I/usr/include/sasl')
<command>EOF</command></userinput></screen>
 
<para>Install <application>Sendmail</application> with the following
commands:</para>
 
<screen><userinput><command>cat &gt;&gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"</command>
define(`confMANGRP',`root')
define(`confMANOWN',`root')
define(`confSBINGRP',`root')
define(`confUBINGRP',`root')
define(`confUBINOWN',`root')
<command>EOF
cd sendmail &amp;&amp;
sh Build &amp;&amp;
cd ../cf/cf &amp;&amp;
cp generic-linux.mc sendmail.mc &amp;&amp;
sh Build sendmail.cf</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>install -v -d -m755 /etc/mail &amp;&amp;
sh Build install-cf &amp;&amp;
cd ../../ &amp;&amp;
sh Build install &amp;&amp;
cp -v -R cf/* /etc/mail &amp;&amp;
cp -v cf/cf/{submit,sendmail}.mc /etc/mail &amp;&amp;
for manpage in sendmail editmap mailstats makemap praliases smrsh
do
install -v -m444 $manpage/$manpage.8 /usr/share/man/man8
done &amp;&amp;
install -v -m444 sendmail/aliases.5 /usr/share/man/man5 &amp;&amp;
install -v -m444 sendmail/mailq.1 /usr/share/man/man1 &amp;&amp;
install -v -m444 sendmail/newaliases.1 /usr/share/man/man1 &amp;&amp;
install -v -m444 vacation/vacation.1 /usr/share/man/man1</command></userinput></screen>
 
<para>Install the <application>Sendmail</application> Installation and
Operations Guide with the following commands:</para>
 
<screen><userinput><command>cd doc/op &amp;&amp;
sed -i -e 's/groff/GROFF_NO_SGR=1 groff/' Makefile &amp;&amp;
make op.txt op.pdf</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>install -v -d -m755 /usr/share/doc/sendmail-&sendmail-version; &amp;&amp;
install -v -m644 op.ps op.txt op.pdf \
/usr/share/doc/sendmail-&sendmail-version; &amp;&amp;
cd ../../</command></userinput></screen>
 
<para><emphasis>Note:</emphasis> remove <filename>op.pdf</filename> from the
<command>make</command> and <command>install</command> commands if you don't
have <application>Ghostscript</application> installed.</para>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><command>cat &gt; devtools/Site/site.config.m4 &lt;&lt; "EOF"</command>:
This creates a configuration file changing some of the default settings.</para>
 
<para><command>sh Build; sh Build sendmail.cf; sh Build install-cf;
sh Build install</command>: <application>Sendmail</application> uses an
<application>m4</application> based build script to create the various
<filename>Makefile</filename>'s. These commands build and install the
package.</para>
 
<para><command>for manpage in...;do...;done; install ...</command>: The man
pages are installed already formatted and <command>man</command> displays them
somewhat garbled. These commands replace the formatted pages with
pages <command>man</command> can display properly.</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>Sendmail</application></title>
 
<sect3 id="sendmail-config"><title>Config files</title>
<para><filename>/etc/mail/*</filename></para>
<indexterm zone="sendmail sendmail-config">
<primary sortas="e-etc-mail">/etc/mail/*</primary></indexterm>
</sect3>
 
<sect3><title>Configuration information</title>
 
<para>Create the <filename>/etc/mail/local-host-names</filename> and
<filename>/etc/mail/aliases</filename> files using the following
commands as the root user:</para>
 
<screen><userinput role='root'><command>echo $(hostname) > /etc/mail/local-host-names
cat &gt; /etc/mail/aliases &lt;&lt; "EOF"</command>
postmaster: root
MAILER-DAEMON: root
 
<command>EOF
newaliases -v</command></userinput></screen>
 
<para><application>Sendmail</application>'s primary configuration file,
<filename>/etc/mail/sendmail.cf</filename>, is complex and not meant to be
directly edited. The recommended method to make changes is to modify
<filename>/etc/mail/sendmail.mc</filename>, and various
<application>m4</application> files, then run the <command>m4</command>
macro processor from within <filename class='directory'>/etc/mail</filename>
as follows:</para>
 
<screen><userinput><command>m4 m4/cf.m4 sendmail.mc > sendmail.cf</command></userinput></screen>
 
<para>A full explanation of the files to modify, and the available parameters
can be found in <filename>/etc/mail/README</filename>.</para>
 
<para id="sendmail-init">To automate the running of
<application>Sendmail</application> at startup, install the
<filename>/etc/rc.d/init.d/sendmail</filename> init script included in the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="sendmail sendmail-init">
<primary sortas="f-sendmail-init">sendmail</primary></indexterm>
 
<screen><userinput role='root'><command>make install-sendmail</command></userinput></screen>
 
<note><para>The -qNm option to <command>sendmail</command>, where N is number
of minutes, controls how often <application>Sendmail</application> will process
the mail queue. A default of 5 minutes is used in the init script. Individual
workstation users may want to set this as low as 1 minute, large installations
handling more mail may want to set it higher.</para></note>
 
</sect3>
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>editmap, hoststat, mailstats, mailq, makemap, newaliases, praliases,
purgestat, sendmail, smrsh and vacation</seg>
<seg>None</seg>
<seg>/etc/mail and /usr/share/doc/sendmail-&sendmail-version;</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="editmap">
<term><command>editmap</command></term>
<listitem><para>queries and edits <application>Sendmail</application> map
files.</para>
<indexterm zone="sendmail editmap">
<primary sortas="b-editmap">editmap</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="hoststat">
<term><command>hoststat</command></term>
<listitem><para>prints <application>Sendmail</application>'s persistent host
status.</para>
<indexterm zone="sendmail hoststat">
<primary sortas="b-hoststat">hoststat</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mailstats">
<term><command>mailstats</command></term>
<listitem><para>displays <application>Sendmail</application> statistics.</para>
<indexterm zone="sendmail mailstats">
<primary sortas="b-mailstats">mailstats</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="mailq-sendmail">
<term><command>mailq</command></term>
<listitem><para>prints a summary of outbound mail messages waiting for
delivery.</para>
<indexterm zone="sendmail mailq-sendmail">
<primary sortas="b-mailq">mailq</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="makemap">
<term><command>makemap</command></term>
<listitem><para>creates <application>Sendmail</application> map files.</para>
<indexterm zone="sendmail makemap">
<primary sortas="b-makemap">makemap</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="newaliases-sendmail">
<term><command>newaliases</command></term>
<listitem><para>rebuilds <filename>/etc/mail/aliases.db</filename> from the
contents of <filename>/etc/mail/aliases</filename>.</para>
<indexterm zone="sendmail newaliases-sendmail">
<primary sortas="b-newaliases">newaliases</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="praliases">
<term><command>praliases</command></term>
<listitem><para>displays current <application>Sendmail</application>
aliases.</para>
<indexterm zone="sendmail praliases">
<primary sortas="b-praliases">praliases</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="purgestat">
<term><command>purgestat</command></term>
<listitem><para> causes <application>Sendmail</application> to clear (purge)
all its host-status information.</para>
<indexterm zone="sendmail purgestat">
<primary sortas="b-purgestat">purgestat</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="sendmail-prog-sendmail">
<term><command>sendmail</command></term>
<listitem><para>is the <application>Sendmail</application> mail transport
agent.</para>
<indexterm zone="sendmail sendmail-prog-sendmail">
<primary sortas="b-sendmail">sendmail</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="smrsh">
<term><command>smrsh</command></term>
<listitem><para>is a restricted shell for
<application>Sendmail</application>.</para>
<indexterm zone="sendmail smrsh">
<primary sortas="b-smrsh">smrsh</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="vacation-sendmail">
<term><command>vacation</command></term>
<listitem><para>is an email auto responder.</para>
<indexterm zone="sendmail vacation-sendmail">
<primary sortas="b-vacation">vacation</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/server/server.xml
1,9 → 1,15
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../general.ent">
%general-entities;
]>
 
<part id="server" xreflabel="Server Networking">
<?dbhtml filename="server.html" dir="server"?>
<title>Serveur Réseau</title>
<title>Serveurs réseau</title>
 
&server-mail;
&server-other;
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="mail/mail.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude" href="other/other.xml"/>
 
</part>