Subversion Repositories svn LFS-FR

Compare Revisions

Ignore whitespace Rev 550 → Rev 551

/trunk/blfs/postlfs/security/openssl.xml
0,0 → 1,203
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY openssl-download-http "http://www.openssl.org/source/openssl-&openssl-version;.tar.gz">
<!ENTITY openssl-download-ftp "ftp://ftp.openssl.org/source/openssl-&openssl-version;.tar.gz">
<!ENTITY openssl-md5sum "a8777164bca38d84e5eb2b1535223474">
<!ENTITY openssl-size "3.0 MB">
<!ENTITY openssl-buildsize "35 MB">
<!ENTITY openssl-time "1.16 SBU">
]>
 
<sect1 id="openssl" xreflabel="OpenSSL-&openssl-version;">
<sect1info>
<othername>$LastChangedBy: larry $</othername>
<date>$Date: 2005-06-16 06:24:42 $</date>
</sect1info>
<?dbhtml filename="openssl.html"?>
<title>OpenSSL-&openssl-version;</title>
<indexterm zone="openssl">
<primary sortas="a-OpenSSL">OpenSSL</primary></indexterm>
 
<sect2>
<title>Introduction to <application>Open<acronym>SSL</acronym></application>
</title>
 
<para>The <application>Open<acronym>SSL</acronym></application> package
contains management tools and libraries relating to cryptography. These are
useful for providing cryptography functions to other packages, notably
<application>OpenSSH</application>, email applications and web browsers (for
accessing <acronym>HTTPS</acronym> sites).</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing='compact'>
<listitem><para>Download (HTTP):
<ulink url="&openssl-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&openssl-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum: &openssl-md5sum;</para></listitem>
<listitem><para>Download size: &openssl-size;</para></listitem>
<listitem><para>Estimated disk space required:
&openssl-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&openssl-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Open<acronym>SSL</acronym></application>
dependencies</title>
<sect4><title>Optional</title>
<para><xref linkend="bc"/> (recommended
if you run the test suite during the build)</para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Open<acronym>SSL</acronym></application>
</title>
 
<para>Install <application>Open<acronym>SSL</acronym></application> by running
the following commands:</para>
 
<screen><userinput><command>sed 's/^passwd/openssl-passwd/' doc/apps/passwd.pod \
> doc/apps/openssl-passwd.pod &amp;&amp;
rm doc/apps/passwd.pod &amp;&amp;
mv doc/crypto/{,openssl_}threads.pod &amp;&amp;
./config --openssldir=/etc/ssl --prefix=/usr shared &amp;&amp;
sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g' Makefile &amp;&amp;
make MANDIR=/usr/share/man</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make MANDIR=/usr/share/man install &amp;&amp;
cp -r certs /etc/ssl</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><option>no-rc5 no-idea</option>: When added to the
<command>./config</command> command, this will eliminate the building of those
encryption methods. Patent licenses may be needed for you to utilize either of
those methods in your projects.</para>
 
<para><command>rm doc/apps/passwd.pod</command>: This command prevents
<application>Open<acronym>SSL</acronym></application> from installing its
passwd man page over an existing man page with the same name.</para>
 
<para><command>mv doc/crypto/{,openssl_}threads.pod</command>: This
commands prevents <application>Open<acronym>SSL</acronym></application> from
overwriting an existing man page from <application>Perl</application>.</para>
 
<para><command>sed -i 's%SHLIBDIRS= fips crypto ssl%SHLIBDIRS= crypto ssl%g'
Makefile</command>: This command prevents installation of the non-existent
<filename class="libraryfile">libfips</filename> library.</para>
 
<para><command>make MANDIR=/usr/share/man; make MANDIR=/usr/share/man
install</command>: These commands install
<application>Open<acronym>SSL</acronym></application> with the man pages in
<filename class='directory'>/usr/share/man</filename> instead of
<filename class='directory'>/etc/ssl/man</filename>.</para>
 
<para><command>cp -r certs /etc/ssl</command>: The certificates must be copied
manually since the install script skips this step.</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>OpenSSL</application></title>
 
<sect3 id="openssl-config"><title>Config files</title>
<para><filename>/etc/ssl/openssl.cnf</filename></para>
<indexterm zone="openssl openssl-config">
<primary sortas="e-etc-ssl-openssl.cnf">/etc/ssl/openssl.cnf</primary>
</indexterm>
</sect3>
 
<sect3><title>Configuration Information</title>
 
<para>Most people who just want to use
<application>Open<acronym>SSL</acronym></application> for providing functions
to other programs such as <application>Open<acronym>SSH</acronym></application>
and web browsers won't need to worry about configuring
<application>Open<acronym>SSL</acronym></application>. Configuring
<application>Open<acronym>SSL</acronym></application> is an advanced topic and
so those who do would normally be expected to either know how to do it
or to be able to find out how to do it.</para>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>c_rehash and openssl</seg>
<seg>libcrypto.[so,a] and libssl.[so,a]</seg>
<seg>/etc/ssl and /usr/include/ssl</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="c_rehash">
<term><command>c_rehash</command></term>
<listitem><para>is a <application>Perl</application> script that scans all
files in a directory and adds symbolic links to their hash values.</para>
<indexterm zone="openssl c_rehash">
<primary sortas="b-c_rehash">c_rehash</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="openssl-prog">
<term><command>openssl</command></term>
<listitem><para>is a command-line tool for using the various cryptography
functions of <application>Open<acronym>SSL</acronym></application>'s crypto
library from the shell. It can be used for various functions which are
documented in <command>man 1 openssl</command>.</para>
<indexterm zone="openssl openssl-prog">
<primary sortas="b-openssl">openssl</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="libcrypto">
<term><filename class='libraryfile'>libcrypto.[so,a]</filename></term>
<listitem><para>implements a wide range of cryptographic algorithms used in
various Internet standards. The services provided by this library are used by
the <application>Open<acronym>SSL</acronym></application> implementations of
<acronym>SSL</acronym>, <acronym>TLS</acronym> and <acronym>S/MIME</acronym>,
and they have also been used to implement
<application>Open<acronym>SSH</acronym></application>,
<application>Open<acronym>PGP</acronym></application>, and other cryptographic
standards.</para>
<indexterm zone="openssl libcrypto">
<primary sortas="c-libcrypto">libcrypto.[so,a]</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="libssl">
<term><filename class='libraryfile'>libssl.[so,a]</filename></term>
<listitem><para>implements the Secure Sockets Layer (<acronym>SSL</acronym>
v2/v3) and Transport Layer Security (<acronym>TLS</acronym> v1) protocols. It
provides a rich <acronym>API</acronym>, documentation on which can be found by
running <command>man 3 ssl</command>.</para>
<indexterm zone="openssl libssl">
<primary sortas="c-libssl">libssl.[so,a]</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>
/trunk/blfs/postlfs/security/cyrus-sasl.xml
0,0 → 1,227
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY cyrus-sasl-download-http "http://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz ">
<!ENTITY cyrus-sasl-download-ftp "ftp://ftp.andrew.cmu.edu/pub/cyrus-mail/cyrus-sasl-&cyrus-sasl-version;.tar.gz">
<!ENTITY cyrus-sasl-md5sum "268ead27f4ac39bcfe17d9e38e0f2977">
<!ENTITY cyrus-sasl-size "1.8 MB">
<!ENTITY cyrus-sasl-buildsize "17.3 MB">
<!ENTITY cyrus-sasl-time "0.28 SBU">
]>
 
<sect1 id="cyrus-sasl" xreflabel="Cyrus SASL-&cyrus-sasl-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:24:42 $</date>
</sect1info>
<?dbhtml filename="cyrus-sasl.html"?>
<title>Cyrus <acronym>SASL</acronym>-&cyrus-sasl-version;</title>
<indexterm zone="cyrus-sasl">
<primary sortas="a-Cyrus SASL">Cyrus SASL</primary></indexterm>
 
<sect2>
<title>Introduction to <application>Cyrus <acronym>SASL</acronym></application>
</title>
 
<para>The <application>Cyrus <acronym>SASL</acronym></application> package
contains a Simple Authentication and Security Layer, a method for adding
authentication support to connection-based protocols. To use
<acronym>SASL</acronym>, a protocol includes a command for identifying and
authenticating a user to a server and for optionally negotiating protection of
subsequent protocol interactions. If its use is negotiated, a security layer
is inserted between the protocol and the connection.</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing="compact">
<listitem><para>Download (HTTP):
<ulink url="&cyrus-sasl-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&cyrus-sasl-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum: &cyrus-sasl-md5sum;</para></listitem>
<listitem><para>Download size: &cyrus-sasl-size;</para></listitem>
<listitem><para>Estimated disk space required:
&cyrus-sasl-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&cyrus-sasl-time;</para></listitem>
</itemizedlist>
</sect3>
 
<sect3><title><application>Cyrus <acronym>SASL</acronym></application>
dependencies</title>
 
<sect4><title>Required</title>
<para><xref linkend="openssl"/></para>
</sect4>
 
<sect4><title>Optional</title>
<para><xref linkend="Linux_PAM"/>,
<xref linkend="openldap"/>,
<xref linkend="heimdal"/> or <xref linkend="mitkrb"/>,
<xref linkend="j2sdk"/>,
<xref linkend="mysql"/>,
<xref linkend="postgresql"/>,
<xref linkend="db"/>,
<xref linkend="gdbm"/>,
<xref linkend="courier"/>,
<ulink url="http://www.pdc.kth.se/kth-krb/">krb4</ulink>,
<ulink url="http://sqlite.org/">SQLite</ulink> and
<ulink url="http://dmalloc.com/">Dmalloc</ulink></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Cyrus <acronym>SASL</acronym></application>
</title>
 
<para>Install <application>Cyrus <acronym>SASL</acronym></application> by
running the following commands:</para>
 
<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
--with-dbpath=/var/lib/sasl/sasldb2 \
--with-saslauthd=/var/run &amp;&amp;
make</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make install &amp;&amp;
install -v -m644 saslauthd/saslauthd.mdoc \
/usr/share/man/man8/saslauthd.8 &amp;&amp;
install -v -d -m755 /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
install -v -m644 doc/{*.{html,txt,fig},ONEWS,TODO} \
saslauthd/LDAP_SASLAUTHD /usr/share/doc/cyrus-sasl-&cyrus-sasl-version; &amp;&amp;
install -v -d -m700 /var/lib/sasl</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><parameter>--with-dbpath=/var/lib/sasl/sasldb2</parameter>: This
parameter forces the <command>saslauthd</command> database to be created
in <filename class='directory'>/var/lib/sasl</filename> instead of
<filename class='directory'>/etc</filename>.</para>
 
<para><parameter>--with-saslauthd=/var/run</parameter>: This parameter forces
<command>saslauthd</command> to use the <acronym>FHS</acronym> compliant
directory <filename class='directory'>/var/run</filename> for variable run-time
data.</para>
 
<para><parameter>--with-ldap</parameter>: This parameter enables use
with <application>OpenLDAP</application>.</para>
 
<para><command>install -m644 ...</command>: These commands
install documentation which is not installed by the
<command>make install</command> command.</para>
 
<para><command>install -d -m700 /var/lib/sasl</command>: This directory must
exist when starting <command>saslauthd</command>. If you're not going to be
running the daemon, you may omit the creation of this directory.
</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>Cyrus
<acronym>SASL</acronym></application></title>
 
<sect3 id="cyrus-sasl-config"><title>Config Files</title>
<para><filename>/etc/saslauthd.conf</filename> (for <acronym>LDAP</acronym>
configuration) and <filename>/usr/lib/sasl2/Appname.conf</filename> (where
"Appname" is the application defined name of the application)</para>
<indexterm zone="cyrus-sasl cyrus-sasl-config">
<primary sortas="e-etc-saslauthd.conf">/etc/saslauthd.conf</primary>
</indexterm>
</sect3>
 
<sect3><title>Configuration Information</title>
<para>See <ulink url="file:///usr/share/doc/sasl/sysadmin.html"/> for
information on what to include in the application configuration files. See
<ulink url="file:///usr/share/doc/sasl/LDAP_SASLAUTHD"/> for configuring
<command>saslauthd</command> with <acronym>LDAP</acronym>.</para>
</sect3>
 
<sect3 id="cyrus-sasl-init"><title>Init Script</title>
<para>If you need to run the <command>saslauthd</command> daemon at system
startup, install the <filename>/etc/rc.d/init.d/cyrus-sasl</filename>
init script included in the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="cyrus-sasl cyrus-sasl-init">
<primary sortas="f-cyrus-sasl-init">cyrus-sasl</primary>
</indexterm>
 
<screen><userinput role='root'><command>make install-cyrus-sasl</command></userinput></screen>
 
<note><para>You'll need to modify the init script and replace the
<parameter><replaceable>[authmech]</replaceable></parameter> parameter to the
<parameter>-a</parameter> switch with your desired authentication mechanism.
</para></note>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
 
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Libraries</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>saslauthd, sasldblistusers2 and saslpasswd2</seg>
<seg>libjavasasl.so, libsasl2.so and <acronym>SASL</acronym> plugins/JAVA
classes</seg>
<seg>/usr/include/sasl, /usr/lib/sasl2, /usr/share/doc/sasl and /var/lib/sasl</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="saslauthd">
<term><command>saslauthd</command></term>
<listitem><para>is the <acronym>SASL</acronym> authentication server.</para>
<indexterm zone="cyrus-sasl saslauthd">
<primary sortas="b-saslauthd">saslauthd</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="sasldblistusers2">
<term><command>sasldblistusers2</command></term>
<listitem><para>is used to list the users in the <acronym>SASL</acronym>
password database.</para>
<indexterm zone="cyrus-sasl sasldblistusers2">
<primary sortas="b-sasldblistusers2">sasldblistusers2</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="saslpasswd2">
<term><command>saslpasswd2</command></term>
<listitem><para>is used to set and delete a user's <acronym>SASL</acronym>
password and mechanism specific secrets in the <acronym>SASL</acronym>
password database.</para>
<indexterm zone="cyrus-sasl saslpasswd2">
<primary sortas="b-saslpasswd2">saslpasswd2</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="libsasl2">
<term><filename class='libraryfile'>libsasl2.so</filename></term>
<listitem><para>is a general purpose authentication library for server and
client applications.</para>
<indexterm zone="cyrus-sasl libsasl2">
<primary sortas="c-libsasl2">libsasl2.so</primary></indexterm>
</listitem>
</varlistentry>
 
</variablelist>
 
</sect2>
 
</sect1>
 
/trunk/blfs/postlfs/security/stunnel.xml
0,0 → 1,239
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.3//EN"
"http://www.oasis-open.org/docbook/xml/4.3/docbookx.dtd" [
<!ENTITY % general-entities SYSTEM "../../general.ent">
%general-entities;
 
<!ENTITY stunnel-download-http "http://www.stunnel.org/download/stunnel/src/stunnel-&stunnel-version;.tar.gz">
<!ENTITY stunnel-download-ftp "ftp://ftp.fu-berlin.de/unix/linux/mirrors/gentoo/distfiles/stunnel-&stunnel-version;.tar.gz">
<!ENTITY stunnel-md5sum "7d53af550a1c2e01e146b936e58b8860">
<!ENTITY stunnel-size "486 KB">
<!ENTITY stunnel-buildsize "3.9 MB">
<!ENTITY stunnel-time "0.11 SBU">
]>
 
<sect1 id="stunnel" xreflabel="Stunnel-&stunnel-version;">
<sect1info>
<othername>$LastChangedBy: randy $</othername>
<date>$Date: 2005-06-16 06:24:42 $</date>
</sect1info>
<?dbhtml filename="stunnel.html"?>
<title>Stunnel-&stunnel-version;</title>
<indexterm zone="stunnel">
<primary sortas="a-Stunnel">Stunnel</primary></indexterm>
 
<sect2>
<title>Introduction to <application>Stunnel</application></title>
 
<para>The <application>Stunnel</application> package contains a program that
allows you to encrypt arbitrary <acronym>TCP</acronym> connections inside
<acronym>SSL</acronym> (Secure Sockets Layer) so you can easily communicate
with clients over secure channels. <application>Stunnel</application> can be
used to add <acronym>SSL</acronym> functionality to commonly used Inetd
daemons like <acronym>POP</acronym>-2, <acronym>POP</acronym>-3, and
<acronym>IMAP</acronym> servers, to standalone daemons like
<acronym>NNTP</acronym>, <acronym>SMTP</acronym> and <acronym>HTTP</acronym>,
and in tunneling <acronym>PPP</acronym> over network sockets without changes
to the server package source code.</para>
 
<sect3><title>Package information</title>
<itemizedlist spacing="compact">
<listitem><para>Download (HTTP):
<ulink url="&stunnel-download-http;"/></para></listitem>
<listitem><para>Download (FTP):
<ulink url="&stunnel-download-ftp;"/></para></listitem>
<listitem><para>Download MD5 sum:
&stunnel-md5sum;</para></listitem>
<listitem><para>Download size:
&stunnel-size;</para></listitem>
<listitem><para>Estimated disk space required:
&stunnel-buildsize;</para></listitem>
<listitem><para>Estimated build time:
&stunnel-time;</para></listitem></itemizedlist>
</sect3>
 
<sect3><title><application>Stunnel</application> dependencies</title>
<sect4><title>Required</title>
<para><xref linkend="openssl"/></para>
</sect4>
 
<sect4><title>Optional</title>
<para><xref linkend="tcpwrappers"/></para>
</sect4>
</sect3>
 
</sect2>
 
<sect2>
<title>Installation of <application>Stunnel</application></title>
 
<para>The <command>stunnel</command> daemon will be run in a
<command>chroot</command> jail by an unprivileged user. Create the new user,
group and <command>chroot</command> home directory structure using the
following commands as the root user:</para>
 
<screen><userinput role='root'><command>groupadd stunnel &amp;&amp;
useradd -c "Stunnel Daemon" -d /var/lib/stunnel \
-g stunnel -s /bin/false stunnel &amp;&amp;
install -d -m 700 -o stunnel -g stunnel /var/lib/stunnel/run</command></userinput></screen>
 
<note><para>A signed <acronym>SSL</acronym> Certificate and a Private Key is
necessary to run the <command>stunnel</command> daemon. If you own, or have
already created a signed <acronym>SSL</acronym> Certificate you wish to use,
copy it to <filename>tools/stunnel.pem</filename> in the source directory
before starting the build, otherwise you will be prompted to create one. The
<filename>.pem</filename> file must be formatted as shown below:</para>
 
<screen>-----BEGIN RSA PRIVATE KEY-----
<replaceable>[many encrypted lines of unencrypted key]</replaceable>
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
<replaceable>[many encrypted lines of certificate]</replaceable>
-----END CERTIFICATE-----</screen></note>
 
<para>Install <application>Stunnel</application> by running the following
commands:</para>
 
<screen><userinput><command>./configure --prefix=/usr --sysconfdir=/etc \
--localstatedir=/var/lib/stunnel &amp;&amp;
make</command></userinput></screen>
 
<para>Now, as the root user:</para>
 
<screen><userinput role='root'><command>make install</command></userinput></screen>
 
</sect2>
 
<sect2>
<title>Command explanations</title>
 
<para><parameter>--sysconfdir=/etc</parameter>: This parameter forces the
configuration directory to <filename class='directory'>/etc</filename> instead
of <filename class='directory'>/usr/etc</filename>.</para>
 
<para><parameter>--localstatedir=/var/lib/stunnel</parameter>: This parameter
causes the installation process to create
<filename class='directory'>/var/lib/stunnel/stunnel</filename> instead of
<filename class='directory'>/usr/var/stunnel</filename>.</para>
 
<para><command>make</command>: This command builds the package and, if you
did not copy an <filename>stunnel.pem</filename> file to the source
<filename class='directory'>tools/</filename> directory, prompts you for the
necessary information to create one. Ensure you reply to the</para>
 
<screen><computeroutput>Common Name (FQDN of your server) [localhost]:</computeroutput></screen>
 
<para>prompt with the name or <acronym>IP</acronym> address you will be using
to access the service.</para>
 
</sect2>
 
<sect2>
<title>Configuring <application>Stunnel</application></title>
 
<sect3 id="stunnel-config"><title>Config files</title>
<para><filename>/etc/stunnel/stunnel.conf</filename></para>
<indexterm zone="stunnel stunnel-config">
<primary sortas="e-etc-stunnel-stunnel.conf">/etc/stunnel/stunnel.conf</primary>
</indexterm>
</sect3>
 
<sect3><title>Configuration Information</title>
 
<para>Create a basic <filename>/etc/stunnel/stunnel.conf</filename>
configuration file using the following commands:</para>
 
<screen><userinput role='root'><command>cat &gt;/etc/stunnel/stunnel.conf &lt;&lt; "EOF"</command>
# File: /etc/stunnel/stunnel.conf
 
pid = /run/stunnel.pid
chroot = /var/lib/stunnel
client = no
setuid = stunnel
setgid = stunnel
 
<command>EOF</command></userinput></screen>
 
<para>Next, you need to add the service you wish to encrypt to the
configuration file. The format is as follows:</para>
 
<screen><userinput role='root'>[<replaceable>[service]</replaceable>]
accept = <replaceable>[hostname:portnumber]</replaceable>
connect = <replaceable>[hostname:portnumber]</replaceable></userinput></screen>
 
<para>If you use <application>Stunnel</application> to encrypt a daemon
started from <command>[x]inetd</command>, you may need to disable that daemon
in the <filename>/etc/[x]inetd.conf</filename> file and enable a corresponding
<replaceable>[service]</replaceable>_stunnel service. You may have to add an
appropriate entry in <filename>/etc/services</filename> as well.</para>
 
<para>For a full explanation of the commands and syntax used in the
configuration file, run <command>man stunnel</command>. To see a
<acronym>BLFS</acronym> example of an actual setup of an
<command>stunnel</command> encrypted service, read the
<xref linkend="samba3-swat-config"/> in the <application>Samba</application>
instructions.</para>
 
<para id="stunnel.init">To automatically start the <command>stunnel</command>
daemon when the system is rebooted, install the
<filename>/etc/rc.d/init.d/stunnel</filename> bootscript from the
<xref linkend="intro-important-bootscripts"/> package.</para>
<indexterm zone="stunnel stunnel.init">
<primary sortas="f-stunnel.init">stunnel</primary></indexterm>
 
<screen><userinput role='root'><command>make install-stunnel</command></userinput></screen>
</sect3>
 
</sect2>
 
<sect2>
<title>Contents</title>
<segmentedlist>
<segtitle>Installed Programs</segtitle>
<segtitle>Installed Library</segtitle>
<segtitle>Installed Directories</segtitle>
<seglistitem>
<seg>stunnel and stunnel3</seg>
<seg>libstunnel.so</seg>
<seg>/etc/stunnel, /var/lib/stunnel and /usr/share/doc/stunnel</seg>
</seglistitem>
</segmentedlist>
 
<variablelist>
<bridgehead renderas="sect3">Short Descriptions</bridgehead>
<?dbfo list-presentation="list"?>
 
<varlistentry id="stunnel-prog">
<term><command>stunnel</command></term>
<listitem><para> is a program designed to work as an <acronym>SSL</acronym>
encryption wrapper between remote clients and local
(<command>[x]inetd</command>-startable) or remote servers.</para>
<indexterm zone="stunnel stunnel-prog">
<primary sortas="b-stunnel">stunnel</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="stunnel3">
<term><command>stunnel3</command></term>
<listitem><para>is a <application>Perl</application> wrapper script to use
<command>stunnel</command> 3.x syntax with <command>stunnel</command>
>=4.05.</para>
<indexterm zone="stunnel stunnel3">
<primary sortas="b-stunnel3">stunnel3</primary></indexterm>
</listitem>
</varlistentry>
 
<varlistentry id="libstunnel">
<term><filename class='libraryfile'>libstunnel.so</filename></term>
<listitem><para> contains the <acronym>API</acronym> functions required by
<application>Stunnel</application>.</para>
<indexterm zone="stunnel libstunnel">
<primary sortas="c-libstunnel">libstunnel.so</primary></indexterm>
</listitem>
</varlistentry>
</variablelist>
 
</sect2>
 
</sect1>