aboutsummaryrefslogtreecommitdiff
path: root/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
diff options
context:
space:
mode:
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/network-servers/chapter.xml')
-rw-r--r--en_US.ISO8859-1/books/handbook/network-servers/chapter.xml634
1 files changed, 284 insertions, 350 deletions
diff --git a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
index 8a270095e9..0b41db2778 100644
--- a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
@@ -4,8 +4,7 @@
$FreeBSD$
-->
-
-<chapter id="network-servers">
+<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="network-servers">
<!--
<chapterinfo>
<authorgroup>
@@ -20,7 +19,7 @@
<title>Network Servers</title>
- <sect1 id="network-servers-synopsis">
+ <sect1 xml:id="network-servers-synopsis">
<title>Synopsis</title>
<para>This chapter covers some of the more frequently used network
@@ -113,7 +112,7 @@
</itemizedlist>
</sect1>
- <sect1 id="network-inetd">
+ <sect1 xml:id="network-inetd">
<!--
<sect1info>
<authorgroup>
@@ -135,7 +134,7 @@
<title>The <application>inetd</application>
<quote>Super-Server</quote></title>
- <sect2 id="network-inetd-overview">
+ <sect2 xml:id="network-inetd-overview">
<title>Overview</title>
<para>The &man.inetd.8; daemon is sometimes referred to as the
@@ -162,7 +161,7 @@
<filename>/etc/inetd.conf</filename>.</para>
</sect2>
- <sect2 id="network-inetd-settings">
+ <sect2 xml:id="network-inetd-settings">
<title>Settings</title>
<para><application>inetd</application> is initialized through
@@ -186,7 +185,7 @@
<literal>inetd_flags</literal> option.</para>
</sect2>
- <sect2 id="network-inetd-cmdline">
+ <sect2 xml:id="network-inetd-cmdline">
<title>Command-Line Options</title>
<para>Like most server daemons, <application>inetd</application>
@@ -260,7 +259,7 @@
</variablelist>
</sect2>
- <sect2 id="network-inetd-conf">
+ <sect2 xml:id="network-inetd-conf">
<!-- XXX This section is not very clear and could do with some tlc -->
<title><filename>inetd.conf</filename></title>
@@ -272,7 +271,7 @@
<application>inetd</application> can be forced to re-read its
configuration file by running the command:</para>
- <example id="network-inetd-reread">
+ <example xml:id="network-inetd-reread">
<title>Reloading the <application>inetd</application>
Configuration File</title>
@@ -455,10 +454,10 @@ server-program-arguments</programlisting>
<listitem>
<para>This is the username that the particular daemon
should run as. Most commonly, daemons run as the
- <username>root</username> user. For security purposes,
+ <systemitem class="username">root</systemitem> user. For security purposes,
it is common to find some servers running as the
- <username>daemon</username> user, or the least
- privileged <username>nobody</username> user.</para>
+ <systemitem class="username">daemon</systemitem> user, or the least
+ privileged <systemitem class="username">nobody</systemitem> user.</para>
</listitem>
</varlistentry>
@@ -492,7 +491,7 @@ server-program-arguments</programlisting>
</variablelist>
</sect2>
- <sect2 id="network-inetd-security">
+ <sect2 xml:id="network-inetd-security">
<title>Security</title>
<para>Depending on the choices made at install time, many
@@ -523,7 +522,7 @@ server-program-arguments</programlisting>
<application>inetd</application> invoked daemons.</para>
</sect2>
- <sect2 id="network-inetd-misc">
+ <sect2 xml:id="network-inetd-misc">
<title>Miscellaneous</title>
<para><application>daytime</application>,
@@ -543,7 +542,7 @@ server-program-arguments</programlisting>
</sect2>
</sect1>
- <sect1 id="network-nfs">
+ <sect1 xml:id="network-nfs">
<!--
<sect1info>
<authorgroup>
@@ -667,7 +666,7 @@ server-program-arguments</programlisting>
<para>Running &man.nfsiod.8; can improve performance on the
client, but is not required.</para>
- <sect2 id="network-configuring-nfs">
+ <sect2 xml:id="network-configuring-nfs">
<title>Configuring <acronym>NFS</acronym></title>
<indexterm>
@@ -712,7 +711,7 @@ mountd_flags="-r"</programlisting>
on the reader's network.</para>
<para>This example shows how to export the
- <filename class="directory">/cdrom</filename> directory to
+ <filename>/cdrom</filename> directory to
three clients called <replaceable>alpha</replaceable>,
<replaceable>bravo</replaceable>, and
<replaceable>charlie</replaceable>:</para>
@@ -724,7 +723,7 @@ mountd_flags="-r"</programlisting>
those exported file systems.</para>
<para>The next example exports
- <filename class="directory">/home</filename> to three clients
+ <filename>/home</filename> to three clients
by <acronym>IP</acronym> address. This can be useful for
networks without <acronym>DNS</acronym>. Optionally,
<filename>/etc/hosts</filename> could be configured for
@@ -737,16 +736,16 @@ mountd_flags="-r"</programlisting>
<programlisting>/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4</programlisting>
<para>This next line exports
- <filename class="directory">/a</filename> so that two clients
+ <filename>/a</filename> so that two clients
from different domains may access the file system. The
<option>-maproot=root</option> flag allows the
- <username>root</username> user on the remote system to write
- data on the exported file system as <username>root</username>.
+ <systemitem class="username">root</systemitem> user on the remote system to write
+ data on the exported file system as <systemitem class="username">root</systemitem>.
If the <literal>-maproot=root</literal> flag is not specified,
- the client's <username>root</username> user will be mapped to
- the server's <username>nobody</username> account and will be
+ the client's <systemitem class="username">root</systemitem> user will be mapped to
+ the server's <systemitem class="username">nobody</systemitem> account and will be
subject to the access limitations defined for user,
- <username>nobody</username>.</para>
+ <systemitem class="username">nobody</systemitem>.</para>
<programlisting>/a -maproot=root host.example.com box.example.org</programlisting>
@@ -758,7 +757,7 @@ mountd_flags="-r"</programlisting>
the export information for one file system to one or more
clients. A remote host can only be specified once per file
system. For example, assume that
- <filename class="directory">/usr</filename> is a single file
+ <filename>/usr</filename> is a single file
system. This entry, in <filename>/etc/exports</filename>,
would be invalid:</para>
@@ -766,9 +765,9 @@ mountd_flags="-r"</programlisting>
/usr/src client
/usr/ports client</programlisting>
- <para>The <filename class="directory">/usr</filename> file
+ <para>The <filename>/usr</filename> file
system has two lines specifying exports to the same host,
- <hostid>client</hostid>. The correct format for this
+ <systemitem>client</systemitem>. The correct format for this
situation is:</para>
<programlisting>/usr/src /usr/ports client</programlisting>
@@ -779,8 +778,8 @@ mountd_flags="-r"</programlisting>
system.</para>
<para>The following is an example of a valid export list, where
- <filename class="directory">/usr</filename> and
- <filename class="directory">/exports</filename> are local
+ <filename>/usr</filename> and
+ <filename>/exports</filename> are local
file systems:</para>
<programlisting># Export src and ports to client01 and client02, but only
@@ -805,7 +804,7 @@ mountd_flags="-r"</programlisting>
<para>On a new server being configured with
<acronym>NFS</acronym> services, the server can be started by
- running this command as <username>root</username>:</para>
+ running this command as <systemitem class="username">root</systemitem>:</para>
<screen>&prompt.root; <userinput>service nfsd start</userinput></screen>
@@ -815,11 +814,11 @@ mountd_flags="-r"</programlisting>
<para>The client now has everything it needs to mount a remote
file system. In these examples, the server's name is
- <hostid>server</hostid> and the client's name is
- <hostid>client</hostid>. For testing or to temporarily mount
+ <systemitem>server</systemitem> and the client's name is
+ <systemitem>client</systemitem>. For testing or to temporarily mount
a remote file system, execute <application>mount</application>
- as <username>root</username> on
- <hostid>client</hostid>:</para>
+ as <systemitem class="username">root</systemitem> on
+ <systemitem>client</systemitem>:</para>
<indexterm>
<primary>NFS</primary>
@@ -827,14 +826,14 @@ mountd_flags="-r"</programlisting>
</indexterm>
<screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
- <para>This mounts the <hostid>server</hostid>:
- <filename class="directory">/home</filename> file system to
- the <hostid>client</hostid>:
- <filename class="directory">/mnt</filename> mount point. The
- files and directories in the <hostid>server</hostid>
- <filename class="directory">/home</filename> file system will
- now be available on <hostid>client</hostid>, in the
- <filename class="directory">/mnt</filename> directory.</para>
+ <para>This mounts the <systemitem>server</systemitem>:
+ <filename>/home</filename> file system to
+ the <systemitem>client</systemitem>:
+ <filename>/mnt</filename> mount point. The
+ files and directories in the <systemitem>server</systemitem>
+ <filename>/home</filename> file system will
+ now be available on <systemitem>client</systemitem>, in the
+ <filename>/mnt</filename> directory.</para>
<para>To mount a remote file system each time the client
boots, add it to <filename>/etc/fstab</filename>:</para>
@@ -862,7 +861,7 @@ rpc_statd_enable="YES"</programlisting>
<acronym>NFS</acronym> client and server are already
configured.</para>
- <para>Start the application, as <username>root</username>,
+ <para>Start the application, as <systemitem class="username">root</systemitem>,
with:</para>
<screen>&prompt.root; <userinput>service lockd start</userinput>
@@ -902,8 +901,7 @@ rpc_statd_enable="YES"</programlisting>
</listitem>
<listitem>
- <para>Several clients may need access to the <filename
- class="directory">/usr/ports/distfiles</filename>
+ <para>Several clients may need access to the <filename>/usr/ports/distfiles</filename>
directory. Sharing that directory allows for quick access
to the source files without having to download them to
each client.</para>
@@ -911,7 +909,7 @@ rpc_statd_enable="YES"</programlisting>
</itemizedlist>
</sect2>
- <sect2 id="network-amd">
+ <sect2 xml:id="network-amd">
<!--
<sect2info>
<authorgroup>
@@ -949,21 +947,20 @@ rpc_statd_enable="YES"</programlisting>
<para><application>amd</application> operates by attaching
itself as an NFS server to the
- <filename class="directory">/host</filename> and
- <filename class="directory">/net</filename> directories. When
+ <filename>/host</filename> and
+ <filename>/net</filename> directories. When
a file is accessed within one of these directories,
<application>amd</application> looks up the corresponding
- remote mount and automatically mounts it. <filename
- class="directory">/net</filename> is used to mount an
+ remote mount and automatically mounts it. <filename>/net</filename> is used to mount an
exported file system from an <acronym>IP</acronym> address,
- while <filename class="directory">/host</filename> is used to
+ while <filename>/host</filename> is used to
mount an export from a remote hostname.</para>
<para>For instance, an attempt to access a file within
- <filename class="directory">/host/foobar/usr</filename> would
+ <filename>/host/foobar/usr</filename> would
tell <application>amd</application> to mount the
- <filename class="directory">/usr</filename> export on the host
- <hostid>foobar</hostid>.</para>
+ <filename>/usr</filename> export on the host
+ <systemitem>foobar</systemitem>.</para>
<example>
<title>Mounting an Export with
@@ -972,7 +969,7 @@ rpc_statd_enable="YES"</programlisting>
<para><command>showmount -e</command> shows the
exported file systems that can be mounted from
the <acronym>NFS</acronym> server,
- <hostid>foobar</hostid>:</para>
+ <systemitem>foobar</systemitem>:</para>
<screen>&prompt.user; <userinput>showmount -e foobar</userinput>
Exports list on foobar:
@@ -982,11 +979,11 @@ Exports list on foobar:
</example>
<para>The output from <command>showmount</command> shows
- <filename class="directory">/usr</filename> as an export.
+ <filename>/usr</filename> as an export.
When changing directories to
- <filename class="directory">/host/foobar/usr</filename>,
+ <filename>/host/foobar/usr</filename>,
<application>amd</application> intercepts the request and
- attempts to resolve the hostname <hostid>foobar</hostid>. If
+ attempts to resolve the hostname <systemitem>foobar</systemitem>. If
successful, <application>amd</application> automatically
mounts the desired export.</para>
@@ -1015,7 +1012,7 @@ Exports list on foobar:
</sect2>
</sect1>
- <sect1 id="network-nis">
+ <sect1 xml:id="network-nis">
<!--
<sect1info>
<authorgroup>
@@ -1260,33 +1257,33 @@ Exports list on foobar:
<tbody>
<row>
- <entry><hostid>ellington</hostid></entry>
- <entry><hostid role="ipaddr">10.0.0.2</hostid></entry>
+ <entry><systemitem>ellington</systemitem></entry>
+ <entry><systemitem class="ipaddress">10.0.0.2</systemitem></entry>
<entry><acronym>NIS</acronym> master</entry>
</row>
<row>
- <entry><hostid>coltrane</hostid></entry>
- <entry><hostid role="ipaddr">10.0.0.3</hostid></entry>
+ <entry><systemitem>coltrane</systemitem></entry>
+ <entry><systemitem class="ipaddress">10.0.0.3</systemitem></entry>
<entry><acronym>NIS</acronym> slave</entry>
</row>
<row>
- <entry><hostid>basie</hostid></entry>
- <entry><hostid role="ipaddr">10.0.0.4</hostid></entry>
+ <entry><systemitem>basie</systemitem></entry>
+ <entry><systemitem class="ipaddress">10.0.0.4</systemitem></entry>
<entry>Faculty workstation</entry>
</row>
<row>
- <entry><hostid>bird</hostid></entry>
- <entry><hostid role="ipaddr">10.0.0.5</hostid></entry>
+ <entry><systemitem>bird</systemitem></entry>
+ <entry><systemitem class="ipaddress">10.0.0.5</systemitem></entry>
<entry>Client machine</entry>
</row>
<row>
- <entry><hostid>cli[1-11]</hostid></entry>
+ <entry><systemitem>cli[1-11]</systemitem></entry>
<entry>
- <hostid role="ipaddr">10.0.0.[6-17]</hostid></entry>
+ <systemitem class="ipaddress">10.0.0.[6-17]</systemitem></entry>
<entry>Other client machines</entry>
</row>
</tbody>
@@ -1445,8 +1442,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<secondary>maps</secondary>
</indexterm>
<para><acronym>NIS</acronym> maps
- are generated from the configuration files in <filename
- class="directory">/etc</filename> on the
+ are generated from the configuration files in <filename>/etc</filename> on the
<acronym>NIS</acronym> master, with one exception:
<filename>/etc/master.passwd</filename>. This is to
prevent the propagation of passwords to all the servers in
@@ -1461,7 +1457,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
<para>It is advisable to remove all entries for system
accounts as well as any user accounts that do not need to
be propagated to the <acronym>NIS</acronym> clients, such
- as the <username>root</username> and any other
+ as the <systemitem class="username">root</systemitem> and any other
administrative accounts.</para>
<note><para>Ensure that the
@@ -1523,7 +1519,7 @@ ellington has been setup as an YP master server without any errors.</screen>
Until this occurs, the new user will not be able to
login anywhere except on the <acronym>NIS</acronym>
master. For example, to add the new user
- <username>jsmith</username> to the
+ <systemitem class="username">jsmith</systemitem> to the
<literal>test-domain</literal> domain, run these
commands on the master server:</para>
@@ -1615,8 +1611,7 @@ coltrane has been setup as an YP slave server without any errors.
Remember to update map ypservers on ellington.</screen>
<para>This will generate a directory on the slave server
- called <filename
- class="directory">/var/yp/test-domain</filename> which
+ called <filename>/var/yp/test-domain</filename> which
contains copies of the <acronym>NIS</acronym> master
server's maps. Adding these
<filename>/etc/crontab</filename> entries on each slave
@@ -1688,7 +1683,7 @@ nis_client_enable="YES"</programlisting>
<filename>/etc/master.passwd</filename>. When
removing the accounts, keep in mind that at least one
local account should remain and this account should be
- a member of <groupname>wheel</groupname>. If there is
+ a member of <systemitem class="groupname">wheel</systemitem>. If there is
a problem with <acronym>NIS</acronym>, this local
account can be used to log in remotely, become the
superuser, and fix the problem. Before saving the
@@ -1798,7 +1793,7 @@ nis_client_enable="YES"</programlisting>
<sect3>
<title>Barring Some Users</title>
- <para>In this example, the <hostid>basie</hostid> system
+ <para>In this example, the <systemitem>basie</systemitem> system
is a faculty workstation within the <acronym>NIS</acronym>
domain. The <filename>passwd</filename> map on the master
<acronym>NIS</acronym> server contains accounts for both
@@ -1810,15 +1805,15 @@ nis_client_enable="YES"</programlisting>
system, even if they are present in the
<acronym>NIS</acronym> database, use <command>vipw</command>
to add
- <literal>-<replaceable>username</replaceable></literal> with
+ <literal>-username</literal> with
the correct number of colons towards the end of
<filename>/etc/master.passwd</filename> on the client,
where <replaceable>username</replaceable> is the username of
a user to bar from logging in. The line with the blocked
user must be before the <literal>+</literal> line that
allows <acronym>NIS</acronym> users. In this example,
- <username>bill</username> is barred from logging on to
- <hostid>basie</hostid>:</para>
+ <systemitem class="username">bill</systemitem> is barred from logging on to
+ <systemitem>basie</systemitem>:</para>
<screen>basie&prompt.root; <userinput>cat /etc/master.passwd</userinput>
root:[password]:0:0::0:0:The super-user:/root:/bin/csh
@@ -1843,7 +1838,7 @@ basie&prompt.root;</screen>
</sect3>
</sect2>
- <sect2 id="network-netgroups">
+ <sect2 xml:id="network-netgroups">
<!--
<sect2info>
<authorgroup>
@@ -1888,27 +1883,27 @@ basie&prompt.root;</screen>
<tbody>
<row>
- <entry><username>alpha</username>,
- <username>beta</username></entry>
+ <entry><systemitem class="username">alpha</systemitem>,
+ <systemitem class="username">beta</systemitem></entry>
<entry>IT department employees</entry>
</row>
<row>
- <entry><username>charlie</username>,
- <username>delta</username></entry>
+ <entry><systemitem class="username">charlie</systemitem>,
+ <systemitem class="username">delta</systemitem></entry>
<entry>IT department apprentices</entry>
</row>
<row>
- <entry><username>echo</username>,
- <username>foxtrott</username>,
- <username>golf</username>, ...</entry>
+ <entry><systemitem class="username">echo</systemitem>,
+ <systemitem class="username">foxtrott</systemitem>,
+ <systemitem class="username">golf</systemitem>, ...</entry>
<entry>employees</entry>
</row>
<row>
- <entry><username>able</username>,
- <username>baker</username>, ...</entry>
+ <entry><systemitem class="username">able</systemitem>,
+ <systemitem class="username">baker</systemitem>, ...</entry>
<entry>interns</entry>
</row>
</tbody>
@@ -1930,32 +1925,32 @@ basie&prompt.root;</screen>
<row>
<!-- Names taken from "Good Omens" by Neil Gaiman and Terry
Pratchett. Many thanks for a brilliant book. -->
- <entry><hostid>war</hostid>,
- <hostid>death</hostid>, <hostid>famine</hostid>,
- <hostid>pollution</hostid></entry>
+ <entry><systemitem>war</systemitem>,
+ <systemitem>death</systemitem>, <systemitem>famine</systemitem>,
+ <systemitem>pollution</systemitem></entry>
<entry>Only IT employees are allowed to log onto these
servers.</entry>
</row>
<row>
<!-- gluttony was omitted because it was too fat -->
- <entry><hostid>pride</hostid>, <hostid>greed</hostid>,
- <hostid>envy</hostid>, <hostid>wrath</hostid>,
- <hostid>lust</hostid>, <hostid>sloth</hostid></entry>
+ <entry><systemitem>pride</systemitem>, <systemitem>greed</systemitem>,
+ <systemitem>envy</systemitem>, <systemitem>wrath</systemitem>,
+ <systemitem>lust</systemitem>, <systemitem>sloth</systemitem></entry>
<entry>All members of the IT department are allowed to
login onto these servers.</entry>
</row>
<row>
- <entry><hostid>one</hostid>, <hostid>two</hostid>,
- <hostid>three</hostid>, <hostid>four</hostid>,
+ <entry><systemitem>one</systemitem>, <systemitem>two</systemitem>,
+ <systemitem>three</systemitem>, <systemitem>four</systemitem>,
...</entry>
<entry>Ordinary workstations used by
employees.</entry>
</row>
<row>
- <entry><hostid>trashcan</hostid></entry>
+ <entry><systemitem>trashcan</systemitem></entry>
<entry>A very old machine without any critical data.
Even interns are allowed to use this system.</entry>
</row>
@@ -2062,7 +2057,7 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.byuser</userinput></screen>
<para>To configure a client, use &man.vipw.8; to specify the
name of the netgroup. For example, on the server named
- <hostid>war</hostid>, replace this line:</para>
+ <systemitem>war</systemitem>, replace this line:</para>
<programlisting>+:::::::::</programlisting>
@@ -2079,7 +2074,7 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.byuser</userinput></screen>
<literal>~</literal> function of the shell and all routines
which convert between user names and numerical user IDs. In
other words,
- <command>cd ~<replaceable>user</replaceable></command> will
+ <command>cd ~user</command> will
not work, <command>ls -l</command> will show the numerical ID
instead of the username, and <command>find . -user joe
-print</command> will fail with the message
@@ -2249,7 +2244,7 @@ TWO (,hotel,test-domain)
</sect2>
</sect1>
- <sect1 id="network-ldap">
+ <sect1 xml:id="network-ldap">
<!--
<sect1info>
<authorgroup>
@@ -2349,7 +2344,7 @@ result: 0 Success
server, the OpenLDAP port needs installed. This may be
accomplished using the <command>pkg_add</command> command
or by installing the
- <filename role="port">net/openldap24-server</filename>
+ <package role="port">net/openldap24-server</package>
port. Building the port is recommended as the administrator
may select a great deal of options at this time and disable
some options. In most cases, the defaults will be fine;
@@ -2378,8 +2373,7 @@ result: 0 Success
during the certificate creation process below.</para>
<para>The following commands must be executed in the
- <filename
- class="directory">/usr/local/etc/openldap/private</filename>
+ <filename>/usr/local/etc/openldap/private</filename>
directory. This is important as the file permissions will
need to be restrictive and users should not have access to
these files directly. To create the certificates, issues the
@@ -2557,7 +2551,7 @@ cn: Manager</programlisting>
<para>To import this datafile, issue the following command,
assuming the file is <filename>import.ldif</filename>:</para>
- <screen>&prompt.root; <userinput>ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f <replaceable>import.ldif</replaceable></userinput></screen>
+ <screen>&prompt.root; <userinput>ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f import.ldif</userinput></screen>
<para>There will be a request for the password specified
earlier, and the output should look like this:</para>
@@ -2607,7 +2601,7 @@ result: 0 Success
</sect2>
</sect1>
- <sect1 id="network-dhcp">
+ <sect1 xml:id="network-dhcp">
<!--
<sect1info>
<authorgroup>
@@ -2638,10 +2632,8 @@ result: 0 Success
by the client to obtain the addressing information. &os; does
not install a <acronym>DHCP</acronym> server, but several
servers are available in the &os; Ports Collection. The
- <acronym>DHCP</acronym> protocol is fully described in <ulink
- url="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</ulink>.
- Informational resources are also available at <ulink
- url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para>
+ <acronym>DHCP</acronym> protocol is fully described in <link xlink:href="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</link>.
+ Informational resources are also available at <link xlink:href="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</link>.</para>
<para>This section describes how to use the built-in
<acronym>DHCP</acronym> client. It then describes how to
@@ -2655,7 +2647,7 @@ result: 0 Success
&os;. Users who prefer to create a custom kernel need to keep
this device if <acronym>DHCP</acronym> is used.</para>
- <para>It should be noted that <devicename>bpf</devicename> also
+ <para>It should be noted that <filename>bpf</filename> also
allows privileged users to run network packet sniffers on
that system.</para>
</note>
@@ -2762,7 +2754,7 @@ result: 0 Success
</listitem>
<listitem>
- <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
+ <para><filename>/var/db/dhclient.leases.interface</filename></para>
<para>The <acronym>DHCP</acronym> client keeps a database of
valid leases in this file, which is written as a log and
@@ -2771,7 +2763,7 @@ result: 0 Success
</itemizedlist>
</sect2>
- <sect2 id="network-dhcp-server">
+ <sect2 xml:id="network-dhcp-server">
<title>Installing and Configuring a <acronym>DHCP</acronym>
Server</title>
@@ -2779,8 +2771,7 @@ result: 0 Success
to act as a <acronym>DHCP</acronym> server using the Internet
Systems Consortium (<acronym>ISC</acronym>) implementation of
the <acronym>DHCP</acronym> server. This implementation and
- its documentation can be installed using the <filename
- role="package">net/isc-dhcp42-server</filename> package or
+ its documentation can be installed using the <package>net/isc-dhcp42-server</package> package or
port.</para>
<indexterm>
@@ -2793,8 +2784,7 @@ result: 0 Success
<secondary>installation</secondary>
</indexterm>
- <para>The installation of <filename
- role="package">net/isc-dhcp42-server</filename> installs a
+ <para>The installation of <package>net/isc-dhcp42-server</package> installs a
sample configuration file. Copy
<filename>/usr/local/etc/dhcpd.conf.example</filename> to
<filename>/usr/local/etc/dhcpd.conf</filename> and make any
@@ -2809,22 +2799,22 @@ result: 0 Success
provided to <acronym>DHCP</acronym> clients. For example,
these lines configure the following:</para>
- <programlisting>option domain-name "example.org";<co id="domain-name"/>
-option domain-name-servers ns1.example.org;<co id="domain-name-servers"/>
-option subnet-mask 255.255.255.0;<co id="subnet-mask"/>
+ <programlisting>option domain-name "example.org";<co xml:id="domain-name"/>
+option domain-name-servers ns1.example.org;<co xml:id="domain-name-servers"/>
+option subnet-mask 255.255.255.0;<co xml:id="subnet-mask"/>
-default-lease-time 600;<co id="default-lease-time"/>
-max-lease-time 72400;<co id="max-lease-time"/>
-ddns-update-style none;<co id="ddns-update-style"/>
+default-lease-time 600;<co xml:id="default-lease-time"/>
+max-lease-time 72400;<co xml:id="max-lease-time"/>
+ddns-update-style none;<co xml:id="ddns-update-style"/>
subnet 10.254.239.0 netmask 255.255.255.224 {
- range 10.254.239.10 10.254.239.20;<co id="range"/>
- option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;<co id="routers"/>
+ range 10.254.239.10 10.254.239.20;<co xml:id="range"/>
+ option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;<co xml:id="routers"/>
}
host fantasia {
- hardware ethernet 08:00:07:26:c0:a5;<co id="hardware"/>
- fixed-address fantasia.fugue.com;<co id="fixed-address"/>
+ hardware ethernet 08:00:07:26:c0:a5;<co xml:id="hardware"/>
+ fixed-address fantasia.fugue.com;<co xml:id="fixed-address"/>
}</programlisting>
<calloutlist>
@@ -2973,8 +2963,7 @@ dhcpd_ifaces="dc0"</programlisting>
one <acronym>DHCP</acronym> server forwards a request
from a client to another <acronym>DHCP</acronym> server
on a separate network. If this functionality is
- required, install the <filename
- role="package">net/isc-dhcp42-relay</filename>
+ required, install the <package>net/isc-dhcp42-relay</package>
package or port. The installation includes dhcrelay(8)
which provides more detail.</para>
</listitem>
@@ -2982,7 +2971,7 @@ dhcpd_ifaces="dc0"</programlisting>
</sect2>
</sect1>
- <sect1 id="network-dns">
+ <sect1 xml:id="network-dns">
<!--
<sect1info>
<authorgroup>
@@ -3015,8 +3004,7 @@ dhcpd_ifaces="dc0"</programlisting>
is the most common implementation of the <acronym>DNS</acronym>
protocol. The &os; version provides enhanced security features,
a new file system layout, and automated &man.chroot.8;
- configuration. BIND is maintained by the <ulink
- url="https://www.isc.org/">isc.org</ulink>. It is not
+ configuration. BIND is maintained by the <link xlink:href="https://www.isc.org/">isc.org</link>. It is not
necessary to run a name server to perform <acronym>DNS</acronym>
lookups on a system.</para>
@@ -3105,36 +3093,34 @@ dhcpd_ifaces="dc0"</programlisting>
<itemizedlist>
<listitem>
- <para><hostid>.</hostid> is how the root zone is usually
+ <para><systemitem>.</systemitem> is how the root zone is usually
referred to in documentation.</para>
</listitem>
<listitem>
- <para><hostid>org.</hostid> is a Top Level Domain
+ <para><systemitem>org.</systemitem> is a Top Level Domain
(<acronym>TLD</acronym>) under the root zone.</para>
</listitem>
<listitem>
- <para><hostid role="domainname">example.org.</hostid> is a
- zone under the <hostid>org.</hostid>
+ <para><systemitem class="fqdomainname">example.org.</systemitem> is a
+ zone under the <systemitem>org.</systemitem>
<acronym>TLD</acronym>.</para>
</listitem>
<listitem>
- <para><hostid>1.168.192.in-addr.arpa</hostid> is a zone
+ <para><systemitem>1.168.192.in-addr.arpa</systemitem> is a zone
referencing all <acronym>IP</acronym> addresses which fall
- under the <hostid role="ipaddr">192.168.1.*</hostid>
+ under the <systemitem class="ipaddress">192.168.1.*</systemitem>
<acronym>IP</acronym> address space.</para>
</listitem>
</itemizedlist>
<para>As one can see, the more specific part of a hostname
- appears to its left. For example, <hostid
- role="domainname">example.org.</hostid> is more specific than
- <hostid>org.</hostid>, as <hostid>org.</hostid> is more specific
+ appears to its left. For example, <systemitem class="fqdomainname">example.org.</systemitem> is more specific than
+ <systemitem>org.</systemitem>, as <systemitem>org.</systemitem> is more specific
than the root zone. The layout of each part of a hostname is
- much like a file system: the <filename
- class="directory">/dev</filename> directory falls within the
+ much like a file system: the <filename>/dev</filename> directory falls within the
root, and so on.</para>
<sect2>
@@ -3154,7 +3140,7 @@ dhcpd_ifaces="dc0"</programlisting>
<listitem>
<para>A domain, such as
- <hostid role="domainname">example.org</hostid>, is
+ <systemitem class="fqdomainname">example.org</systemitem>, is
registered and <acronym>IP</acronym> addresses need to be
assigned to hostnames under it.</para>
</listitem>
@@ -3182,7 +3168,7 @@ dhcpd_ifaces="dc0"</programlisting>
</itemizedlist>
<para>When one queries for
- <hostid role="fqdn">www.FreeBSD.org</hostid>, the resolver
+ <systemitem class="fqdomainname">www.FreeBSD.org</systemitem>, the resolver
usually queries the uplink <acronym>ISP</acronym>'s name
server, and retrieves the reply. With a local, caching
<acronym>DNS</acronym> server, the query only has to be made
@@ -3219,8 +3205,7 @@ dhcpd_ifaces="dc0"</programlisting>
</row>
<row>
- <entry><filename
- class="directory">/etc/namedb</filename></entry>
+ <entry><filename>/etc/namedb</filename></entry>
<entry>Directory where BIND zone information
resides.</entry>
</row>
@@ -3235,10 +3220,10 @@ dhcpd_ifaces="dc0"</programlisting>
<para>Depending on how a given zone is configured on the server,
the files related to that zone can be found in the
- <filename class="directory">master</filename>,
- <filename class="directory">slave</filename>, or
- <filename class="directory">dynamic</filename> subdirectories
- of the <filename class="directory">/etc/namedb</filename>
+ <filename>master</filename>,
+ <filename>slave</filename>, or
+ <filename>dynamic</filename> subdirectories
+ of the <filename>/etc/namedb</filename>
directory. These files contain the <acronym>DNS</acronym>
information that will be given out by the name server in
response to queries.</para>
@@ -3274,7 +3259,7 @@ dhcpd_ifaces="dc0"</programlisting>
<filename>/etc/namedb/named.conf</filename> that are beyond
the scope of this document. Other startup options
for <application>named</application> on &os; can be found in
- the <literal>named_<replaceable>*</replaceable></literal>
+ the <literal>named_*</literal>
flags in <filename>/etc/defaults/rc.conf</filename> and in
&man.rc.conf.5;. The
<xref linkend="configtuning-rcd"/> section is also a good
@@ -3291,7 +3276,7 @@ dhcpd_ifaces="dc0"</programlisting>
<para>Configuration files for <application>named</application>
currently reside in
- <filename class="directory">/etc/namedb</filename> directory
+ <filename>/etc/namedb</filename> directory
and will need modification before use unless all that is
needed is a simple resolver. This is where most of the
configuration will be performed.</para>
@@ -3366,7 +3351,7 @@ options {
name server, enabling this may be worthwhile.</para>
<warning>
- <para><hostid role="ipaddr">127.0.0.1</hostid> will
+ <para><systemitem class="ipaddress">127.0.0.1</systemitem> will
<emphasis>not</emphasis> work here. Change this
<acronym>IP</acronym> address to a name server at the
uplink.</para>
@@ -3618,7 +3603,7 @@ zone "1.168.192.in-addr.arpa" {
to <filename>named.conf</filename>.</para>
<para>For example, the simplest zone entry for
- <hostid role="domainname">example.org</hostid> can look
+ <systemitem class="fqdomainname">example.org</systemitem> can look
like:</para>
<programlisting>zone "example.org" {
@@ -3654,7 +3639,7 @@ zone "1.168.192.in-addr.arpa" {
</indexterm>
<para>An example master zone file for
- <hostid role="domainname">example.org</hostid> (existing
+ <systemitem class="fqdomainname">example.org</systemitem> (existing
within <filename>/etc/namedb/master/example.org</filename>)
is as follows:</para>
@@ -3691,7 +3676,7 @@ www IN CNAME example.org.</programlisting>
an exact hostname, whereas everything without a trailing
<quote>.</quote> is relative to the origin. For example,
<literal>ns1</literal> is translated into
- <literal>ns1.<replaceable>example.org.</replaceable></literal></para>
+ <literal>ns1.example.org.</literal></para>
<para>The format of a zone file follows:</para>
@@ -3757,8 +3742,7 @@ www IN CNAME example.org.</programlisting>
<variablelist>
<varlistentry>
- <term><hostid
- role="domainname">example.org.</hostid></term>
+ <term><systemitem class="fqdomainname">example.org.</systemitem></term>
<listitem>
<para>the domain name, also the origin for this
@@ -3767,7 +3751,7 @@ www IN CNAME example.org.</programlisting>
</varlistentry>
<varlistentry>
- <term><hostid role="fqdn">ns1.example.org.</hostid></term>
+ <term><systemitem class="fqdomainname">ns1.example.org.</systemitem></term>
<listitem>
<para>the primary/authoritative name server for this
@@ -3817,24 +3801,24 @@ mx IN A 192.168.1.4
mail IN A 192.168.1.5</programlisting>
<para>The A record indicates machine names. As seen above,
- <hostid role="fqdn">ns1.example.org</hostid> would resolve
- to <hostid role="ipaddr">192.168.1.2</hostid>.</para>
+ <systemitem class="fqdomainname">ns1.example.org</systemitem> would resolve
+ to <systemitem class="ipaddress">192.168.1.2</systemitem>.</para>
<programlisting> IN A 192.168.1.1</programlisting>
<para>This line assigns <acronym>IP</acronym> address
- <hostid role="ipaddr">192.168.1.1</hostid> to the current
+ <systemitem class="ipaddress">192.168.1.1</systemitem> to the current
origin, in this case
- <hostid role="domainname">example.org</hostid>.</para>
+ <systemitem class="fqdomainname">example.org</systemitem>.</para>
<programlisting>www IN CNAME @</programlisting>
<para>The canonical name record is usually used for giving
- aliases to a machine. In the example, <hostid>www</hostid>
+ aliases to a machine. In the example, <systemitem>www</systemitem>
is aliased to the <quote>master</quote> machine whose name
happens to be the same as the domain name
- <hostid role="domainname">example.org</hostid>
- (<hostid role="ipaddr">192.168.1.1</hostid>). CNAMEs can
+ <systemitem class="fqdomainname">example.org</systemitem>
+ (<systemitem class="ipaddress">192.168.1.1</systemitem>). CNAMEs can
never be used together with another kind of record for the
same hostname.</para>
@@ -3846,13 +3830,13 @@ mail IN A 192.168.1.5</programlisting>
<para>The MX record indicates which mail servers are
responsible for handling incoming mail for the zone.
- <hostid role="fqdn">mail.example.org</hostid> is the
+ <systemitem class="fqdomainname">mail.example.org</systemitem> is the
hostname of a mail server, and 10 is the priority of that
mail server.</para>
<para>One can have several mail servers, with priorities of
10, 20 and so on. A mail server attempting to deliver to
- <hostid role="domainname">example.org</hostid> would first
+ <systemitem class="fqdomainname">example.org</systemitem> would first
try the highest priority MX (the record with the lowest
priority number), then the second highest, etc, until the
mail can be properly delivered.</para>
@@ -3902,9 +3886,7 @@ mail IN A 192.168.1.5</programlisting>
</sect2>
<sect2>
- <title><acronym
- role="Domain Name Security
- Extensions">DNSSEC</acronym></title>
+ <title><acronym role="Domain Name Security Extensions">DNSSEC</acronym></title>
<indexterm>
<primary>BIND</primary>
@@ -3912,20 +3894,17 @@ mail IN A 192.168.1.5</programlisting>
extensions</secondary>
</indexterm>
- <para>Domain Name System Security Extensions, or <acronym
- role="Domain Name Security Extensions">DNSSEC</acronym> for
+ <para>Domain Name System Security Extensions, or <acronym role="Domain Name Security Extensions">DNSSEC</acronym> for
short, is a suite of specifications to protect resolving name
servers from forged <acronym>DNS</acronym> data, such as
spoofed <acronym>DNS</acronym> records. By using digital
signatures, a resolver can verify the integrity of the record.
- Note that <acronym role="Domain Name Security
- Extensions">DNSSEC</acronym> only provides integrity via
- digitally signing the Resource Records (<acronym
- role="Resource Record">RR</acronym>s). It provides neither
+ Note that <acronym role="Domain Name Security Extensions">DNSSEC</acronym> only provides integrity via
+ digitally signing the Resource Records (<acronym role="Resource Record">RR</acronym>s). It provides neither
confidentiality nor protection against false end-user
assumptions. This means that it cannot protect against people
- going to <hostid role="domainname">example.net</hostid>
- instead of <hostid role="domainname">example.com</hostid>.
+ going to <systemitem class="fqdomainname">example.net</systemitem>
+ instead of <systemitem class="fqdomainname">example.com</systemitem>.
The only thing <acronym>DNSSEC</acronym> does is authenticate
that the data has not been compromised in transit. The
security of <acronym>DNS</acronym> is an important step in
@@ -4021,13 +4000,11 @@ mail IN A 192.168.1.5</programlisting>
. IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</programlisting>
<para>The SHA-256 <acronym>RR</acronym> can now be compared to
- the digest in <ulink
- url="https://data.iana.org/root-anchors/root-anchors.xml">https://data.iana.org/root-anchors/root-anchors.xml</ulink>.
+ the digest in <link xlink:href="https://data.iana.org/root-anchors/root-anchors.xml">https://data.iana.org/root-anchors/root-anchors.xml</link>.
To be absolutely sure that the key has not been tampered
with the data in the <acronym>XML</acronym> file can be
verified using the <acronym>PGP</acronym> signature in
- <ulink
- url="https://data.iana.org/root-anchors/root-anchors.asc">https://data.iana.org/root-anchors/root-anchors.asc</ulink>.</para>
+ <link xlink:href="https://data.iana.org/root-anchors/root-anchors.asc">https://data.iana.org/root-anchors/root-anchors.asc</link>.</para>
<para>Next, the key must be formatted properly. This differs
a little between <acronym>BIND</acronym> versions 9.6.2 and
@@ -4081,7 +4058,7 @@ dnssec-validation yes;</programlisting>
will contain the <literal>AD</literal> flag to indicate the
data was authenticated. Running a query such as</para>
- <screen>&prompt.user; <userinput>dig @<replaceable>resolver</replaceable> +dnssec se ds </userinput></screen>
+ <screen>&prompt.user; <userinput>dig @resolver +dnssec se ds </userinput></screen>
<para>should return the <acronym>DS</acronym>
<acronym>RR</acronym> for the <literal>.se</literal> zone.
@@ -4097,7 +4074,7 @@ dnssec-validation yes;</programlisting>
<acronym>DNS</acronym> queries.</para>
</sect3>
- <sect3 id="dns-dnssec-auth">
+ <sect3 xml:id="dns-dnssec-auth">
<title>Authoritative <acronym>DNS</acronym> Server
Configuration</title>
@@ -4111,17 +4088,14 @@ dnssec-validation yes;</programlisting>
not rotated very often and a Zone Signing Key
(<acronym role="Zone Signing Key">ZSK</acronym>) that is
rotated more frequently. Information on recommended
- operational practices can be found in <ulink
- url="http://tools.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym>
+ operational practices can be found in <link xlink:href="http://tools.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym>
4641: <acronym>DNSSEC</acronym> Operational
- Practices</ulink>. Practices regarding the root zone can
- be found in <ulink
- url="http://www.root-dnssec.org/wp-content/uploads/2010/06/icann-dps-00.txt"><acronym>DNSSEC</acronym>
+ Practices</link>. Practices regarding the root zone can
+ be found in <link xlink:href="http://www.root-dnssec.org/wp-content/uploads/2010/06/icann-dps-00.txt"><acronym>DNSSEC</acronym>
Practice Statement for the Root Zone
- <acronym>KSK</acronym> operator</ulink> and <ulink
- url="http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt"><acronym>DNSSEC</acronym>
+ <acronym>KSK</acronym> operator</link> and <link xlink:href="http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt"><acronym>DNSSEC</acronym>
Practice Statement for the Root Zone
- <acronym>ZSK</acronym> operator</ulink>. The
+ <acronym>ZSK</acronym> operator</link>. The
<acronym role="Key Signing Key">KSK</acronym> is used to
build a chain of authority to the data in need of validation
and as such is also called a Secure Entry Point
@@ -4135,7 +4109,7 @@ dnssec-validation yes;</programlisting>
there.</para>
<para>To enable <acronym>DNSSEC</acronym> for the
- <hostid role="domainname">example.com</hostid> zone depicted
+ <systemitem class="fqdomainname">example.com</systemitem> zone depicted
in previous examples, the first step is to use
<application>dnssec-keygen</application> to generate the
<acronym>KSK</acronym> and <acronym>ZSK</acronym> key pair.
@@ -4143,7 +4117,7 @@ dnssec-validation yes;</programlisting>
algorithms. It is recommended to use RSA/SHA256 for the
keys and 2048 bits key length should be enough. To generate
the <acronym>KSK</acronym> for
- <hostid role="domainname">example.com</hostid>, run</para>
+ <systemitem class="fqdomainname">example.com</systemitem>, run</para>
<screen>&prompt.user; <userinput>dnssec-keygen -f KSK -a RSASHA256 -b 2048 -n ZONE example.com</userinput></screen>
@@ -4179,7 +4153,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
to use the signed zone file. To sign a zone
<application>dnssec-signzone</application> is used. The
command to sign the zone
- <hostid role="domainname">example.com</hostid>, located in
+ <systemitem class="fqdomainname">example.com</systemitem>, located in
<filename>example.com.db</filename> would look similar
to</para>
@@ -4222,10 +4196,9 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
the new key has propagated through the
<acronym>DNS</acronym> hierarchy. For more information on
key rollovers and other <acronym>DNSSEC</acronym>
- operational issues, see <ulink
- url="http://www.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym>
+ operational issues, see <link xlink:href="http://www.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym>
4641: <acronym>DNSSEC</acronym> Operational
- practices</ulink>.</para>
+ practices</link>.</para>
</sect3>
<sect3>
@@ -4247,7 +4220,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
option <option>sign</option>. To tell
<acronym>BIND</acronym> to use this automatic signing and
zone updating for
- <hostid role="domainname">example.com</hostid>, add the
+ <systemitem class="fqdomainname">example.com</systemitem>, add the
following to <filename>named.conf</filename>:</para>
<programlisting>zone example.com {
@@ -4286,7 +4259,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<acronym>DNS</acronym> service attacks.</para>
<para>It is always good idea to read
- <ulink url="http://www.cert.org/">CERT</ulink>'s security
+ <link xlink:href="http://www.cert.org/">CERT</link>'s security
advisories and to subscribe to the &a.security-notifications;
to stay up to date with the current Internet and &os; security
issues.</para>
@@ -4298,7 +4271,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
</tip>
</sect2>
- <sect2 id="dns-read">
+ <sect2 xml:id="dns-read">
<title>Further Reading</title>
<para>BIND/<application>named</application> manual pages:
@@ -4307,89 +4280,77 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<itemizedlist>
<listitem>
- <para><ulink
- url="https://www.isc.org/software/bind">Official ISC
- BIND Page</ulink></para>
+ <para><link xlink:href="https://www.isc.org/software/bind">Official ISC
+ BIND Page</link></para>
</listitem>
<listitem>
- <para><ulink
- url="https://www.isc.org/software/guild">Official ISC
- BIND Forum</ulink></para>
+ <para><link xlink:href="https://www.isc.org/software/guild">Official ISC
+ BIND Forum</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://www.oreilly.com/catalog/dns5/">O'Reilly
+ <para><link xlink:href="http://www.oreilly.com/catalog/dns5/">O'Reilly
<acronym>DNS</acronym> and BIND 5th
- Edition</ulink></para>
+ Edition</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://www.root-dnssec.org/documentation/">Root
- <acronym>DNSSEC</acronym></ulink></para>
+ <para><link xlink:href="http://www.root-dnssec.org/documentation/">Root
+ <acronym>DNSSEC</acronym></link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html"><acronym>DNSSEC</acronym>
+ <para><link xlink:href="http://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html"><acronym>DNSSEC</acronym>
Trust Anchor Publication for the Root
- Zone</ulink></para>
+ Zone</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc1034">RFC1034
- - Domain Names - Concepts and Facilities</ulink></para>
+ <para><link xlink:href="http://tools.ietf.org/html/rfc1034">RFC1034
+ - Domain Names - Concepts and Facilities</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc1035">RFC1035
+ <para><link xlink:href="http://tools.ietf.org/html/rfc1035">RFC1035
- Domain Names - Implementation and
- Specification</ulink></para>
+ Specification</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc4033">RFC4033
+ <para><link xlink:href="http://tools.ietf.org/html/rfc4033">RFC4033
- <acronym>DNS</acronym> Security Introduction and
- Requirements</ulink></para>
+ Requirements</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc4034">RFC4034
+ <para><link xlink:href="http://tools.ietf.org/html/rfc4034">RFC4034
- Resource Records for the <acronym>DNS</acronym>
- Security Extensions</ulink></para>
+ Security Extensions</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc4035">RFC4035
+ <para><link xlink:href="http://tools.ietf.org/html/rfc4035">RFC4035
- Protocol Modifications for the <acronym>DNS</acronym>
- Security Extensions</ulink></para>
+ Security Extensions</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc4641">RFC4641
- - DNSSEC Operational Practices</ulink></para>
+ <para><link xlink:href="http://tools.ietf.org/html/rfc4641">RFC4641
+ - DNSSEC Operational Practices</link></para>
</listitem>
<listitem>
- <para><ulink
- url="http://tools.ietf.org/html/rfc5011">RFC 5011
+ <para><link xlink:href="http://tools.ietf.org/html/rfc5011">RFC 5011
- Automated Updates of <acronym>DNS</acronym> Security
(<acronym>DNSSEC</acronym>
- Trust Anchors</ulink></para>
+ Trust Anchors</link></para>
</listitem>
</itemizedlist>
</sect2>
</sect1>
- <sect1 id="network-apache">
+ <sect1 xml:id="network-apache">
<!--
<sect1info>
<authorgroup>
@@ -4410,16 +4371,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>The open source <application>Apache HTTP Server
</application> is the most widely used web server. &os; does
not install this web server by default, but it can be installed
- from the <filename
- role="package">www/apache24</filename> package or port.</para>
+ from the <package>www/apache24</package> package or port.</para>
<para>This section summarizes how to configure and start version
2.<replaceable>x</replaceable> of the <application>Apache HTTP
Server</application>, the most widely used version, on &os;.
For more detailed information about
<application>Apache</application>&nbsp;2.X and its configuration
- directives, refer to <ulink
- url="http://httpd.apache.org/">httpd.apache.org</ulink>.</para>
+ directives, refer to <link xlink:href="http://httpd.apache.org/">httpd.apache.org</link>.</para>
<sect2>
<title>Configuring and Starting Apache</title>
@@ -4429,7 +4388,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>In &os;, the main <application>Apache HTTP
Server</application> configuration file is installed as
- <filename>/usr/local/etc/apache2<replaceable>x</replaceable>/httpd.conf</filename>.
+ <filename>/usr/local/etc/apache2x/httpd.conf</filename>.
This ASCII text file begins comment lines with the
<literal>#</literal>. The most frequently modified directives
are:</para>
@@ -4442,11 +4401,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>Specifies the default directory hierarchy for the
<application>Apache</application> installation.
Binaries are stored in the
- <filename class="directory">bin</filename> and
- <filename class="directory">sbin</filename>
+ <filename>bin</filename> and
+ <filename>sbin</filename>
subdirectories of the server root, and configuration
- files are stored in <filename
- class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para>
+ files are stored in <filename>etc/apache2x</filename>.</para>
</listitem>
</varlistentry>
@@ -4467,14 +4425,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<para>Allows an
administrator to set a host name which is sent back to
clients for the server. For example,
- <hostid>www</hostid> can be used instead of the actual
+ <systemitem>www</systemitem> can be used instead of the actual
host name.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><literal>DocumentRoot
- "/usr/local/www/apache2<replaceable>x</replaceable>/data"</literal></term>
+ "/usr/local/www/apache2x/data"</literal></term>
<listitem>
<para>The directory
@@ -4497,11 +4455,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<indexterm><primary>Apache</primary>
<secondary>starting or stopping</secondary></indexterm>
- <para>The <filename role="package">www/apache24</filename> port
+ <para>The <package>www/apache24</package> port
installs an &man.rc.8; script to aid in starting, stopping,
and restarting <application>Apache</application>, which can be
- found in <filename
- class="directory">/usr/local/etc/rc.d/</filename>.</para>
+ found in <filename>/usr/local/etc/rc.d/</filename>.</para>
<para>To launch <application>Apache</application> at system
startup, add the following line to
@@ -4539,8 +4496,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<screen>&prompt.root; <userinput>service apache24 start</userinput></screen>
<para>The <command>httpd</command> service can be tested by
- entering <literal>http://<hostid
- role="fqdn"><replaceable>localhost</replaceable></hostid></literal>
+ entering <literal>http://localhost</literal>
in a web browser, replacing
<replaceable>localhost</replaceable> with the fully-qualified
domain name of the machine running <command>httpd</command>,
@@ -4566,9 +4522,9 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting>
<programlisting>NameVirtualHost *</programlisting>
<para>If the webserver was named
- <hostid role="fqdn">www.domain.tld</hostid> and
+ <systemitem class="fqdomainname">www.domain.tld</systemitem> and
a virtual domain for
- <hostid role="fqdn">www.someotherdomain.tld</hostid> then
+ <systemitem class="fqdomainname">www.someotherdomain.tld</systemitem> then
add the following entries to
<filename>httpd.conf</filename>:</para>
@@ -4587,8 +4543,7 @@ DocumentRoot /www/someotherdomain.tld
<para>For more information about setting up virtual hosts,
please consult the official <application>Apache</application>
- documentation at: <ulink
- url="http://httpd.apache.org/docs/vhosts/"></ulink>.</para>
+ documentation at: <uri xlink:href="http://httpd.apache.org/docs/vhosts/">http://httpd.apache.org/docs/vhosts/</uri>.</para>
</sect2>
<sect2>
@@ -4680,7 +4635,7 @@ DocumentRoot /www/someotherdomain.tld
these pre-requisites with the appropriate
flags.</para>
- <example id="network-www-django-install">
+ <example xml:id="network-www-django-install">
<title>Installing Django with
<application>Apache2</application>,
<application>mod_python3</application>, and
@@ -4695,7 +4650,7 @@ DocumentRoot /www/someotherdomain.tld
interpreter. This will be the interpreter to
call the application for specific URLs on the site.</para>
- <example id="network-www-django-apache-config">
+ <example xml:id="network-www-django-apache-config">
<title>Apache Configuration for Django/mod_python</title>
<para>A line must be added to the apache
@@ -4747,7 +4702,7 @@ DocumentRoot /www/someotherdomain.tld
interpreter and the penalty of Perl start-up time.</para>
<para><application>mod_perl2</application> is available in the
- <filename role="package">www/mod_perl2</filename>
+ <package>www/mod_perl2</package>
port.</para>
</sect3>
@@ -4780,14 +4735,13 @@ DocumentRoot /www/someotherdomain.tld
<para>To gain support for <acronym>PHP</acronym>5 for the
<application>Apache</application> web server, begin by
- installing the <filename role="package">lang/php5</filename>
+ installing the <package>lang/php5</package>
port.</para>
- <para>If the <filename role="package">lang/php5</filename>
+ <para>If the <package>lang/php5</package>
port is being installed for the first time, available
<literal>OPTIONS</literal> will be displayed automatically.
- If a menu is not displayed, i.e., because the <filename
- role="package">lang/php5</filename> port has been installed
+ If a menu is not displayed, i.e., because the <package>lang/php5</package> port has been installed
some time in the past, it is always possible to bring the
options dialog up again by running:</para>
@@ -4806,10 +4760,10 @@ DocumentRoot /www/someotherdomain.tld
deployed web applications). If the
<application>mod_php4</application> is needed instead of
<application>mod_php5</application>, then please use the
- <filename role="package">lang/php4</filename> port. The
- <filename role="package">lang/php4</filename> port
+ <package>lang/php4</package> port. The
+ <package>lang/php4</package> port
supports many of the configuration and build-time options
- of the <filename role="package">lang/php5</filename>
+ of the <package>lang/php5</package>
port.</para>
</note>
@@ -4844,7 +4798,7 @@ DocumentRoot /www/someotherdomain.tld
<para>The <acronym>PHP</acronym> support in &os; is extremely
modular so the base install is very limited. It is very
easy to add support using the
- <filename role="package">lang/php5-extensions</filename>
+ <package>lang/php5-extensions</package>
port. This port provides a menu driven interface to
<acronym>PHP</acronym> extension installation.
Alternatively, individual extensions can be installed using
@@ -4864,7 +4818,7 @@ DocumentRoot /www/someotherdomain.tld
</sect2>
</sect1>
- <sect1 id="network-ftp">
+ <sect1 xml:id="network-ftp">
<!--
<sect1info>
<authorgroup>
@@ -4917,16 +4871,16 @@ DocumentRoot /www/someotherdomain.tld
</indexterm>
<para>To enable anonymous <acronym>FTP</acronym> access to the
- server, create a user named <username>ftp</username> on the
+ server, create a user named <systemitem class="username">ftp</systemitem> on the
&os; system. Users will then be able to log on to the
<acronym>FTP</acronym> server with a username of
- <username>ftp</username> or <username>anonymous</username>.
+ <systemitem class="username">ftp</systemitem> or <systemitem class="username">anonymous</systemitem>.
When prompted for the password, any input will be accepted,
but by convention, an email address should be used as the
password. The <acronym>FTP</acronym> server will call
&man.chroot.2; when an anonymous user logs in, to restrict
access to only the home directory of the
- <username>ftp</username> user.</para>
+ <systemitem class="username">ftp</systemitem> user.</para>
<para>There are two text files that can be created to specify
welcome messages to be displayed to <acronym>FTP</acronym>
@@ -4989,7 +4943,7 @@ DocumentRoot /www/someotherdomain.tld
</sect2>
</sect1>
- <sect1 id="network-samba">
+ <sect1 xml:id="network-samba">
<!--
<sect1info>
<authorgroup>
@@ -5024,8 +4978,7 @@ DocumentRoot /www/someotherdomain.tld
<para><application>Samba</application> software packages should
be included on the &os; installation media. If they were not
installed when first installing &os;, then they may be
- installed from the <filename
- role="package">net/samba34</filename> port or
+ installed from the <package>net/samba34</package> port or
package.</para>
<!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. -->
@@ -5069,8 +5022,8 @@ DocumentRoot /www/someotherdomain.tld
<para>Once <application>swat</application> has been enabled in
<filename>inetd.conf</filename>, a web browser may be used
- to connect to <ulink url="http://localhost:901"></ulink>.
- At first login, the system <username>root</username> account
+ to connect to <uri xlink:href="http://localhost:901">http://localhost:901</uri>.
+ At first login, the system <systemitem class="username">root</systemitem> account
must be used.</para>
<!-- XXX screenshots go here, loader is creating them
@@ -5192,12 +5145,11 @@ DocumentRoot /www/someotherdomain.tld
<literal>tdbsam</literal>, and the following command
should be used to add user accounts:</para>
- <screen>&prompt.root; <userinput><command>pdbedit <option>-a</option> <option>-u</option> <replaceable>username</replaceable></command></userinput></screen>
+ <screen>&prompt.root; <userinput>pdbedit -a -u username</userinput></screen>
</note>
- <para>Please see the <ulink
- url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official
- Samba HOWTO</ulink> for additional information about
+ <para>Please see the <link xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official
+ Samba HOWTO</link> for additional information about
configuration options. With the basics outlined here, the
minimal required start running
<application>Samba</application> will be explained. Other
@@ -5209,7 +5161,7 @@ DocumentRoot /www/someotherdomain.tld
<sect2>
<title>Starting <application>Samba</application></title>
- <para>The <filename role="package">net/samba34</filename> port
+ <para>The <package>net/samba34</package> port
adds a new startup script, which can be used to control
<application>Samba</application>. To enable this script, so
that it can be used for example to start, stop or restart
@@ -5260,11 +5212,11 @@ Starting smbd.</screen>
suite with functionality that allows broad integration with
&microsoft.windows; networks. For more information about
functionality beyond the basic installation described here,
- please see <ulink url="http://www.samba.org"></ulink>.</para>
+ please see <uri xlink:href="http://www.samba.org">http://www.samba.org</uri>.</para>
</sect2>
</sect1>
- <sect1 id="network-ntp">
+ <sect1 xml:id="network-ntp">
<!--
<sect1info>
<authorgroup>
@@ -5317,9 +5269,8 @@ Starting smbd.</screen>
<acronym role="Network Time Protocol">NTP</acronym> servers
must be defined. The network administrator or ISP may have
set up an NTP server for this purpose&mdash;check their
- documentation to see if this is the case. There is an <ulink
- url="http://support.ntp.org/bin/view/Servers/WebHome">online
- list of publicly accessible NTP servers</ulink> which may be
+ documentation to see if this is the case. There is an <link xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online
+ list of publicly accessible NTP servers</link> which may be
referenced to find an NTP server nearest to the system. Take
care to review the policy for any chosen servers, and ask for
permission if required.</para>
@@ -5386,7 +5337,7 @@ driftfile /var/db/ntp.drift</programlisting>
servers are to be used, with one server listed on each line.
If a server is specified with the <literal>prefer</literal>
argument, as with
- <hostid role="fqdn">ntplocal.example.com</hostid>, that
+ <systemitem class="fqdomainname">ntplocal.example.com</systemitem>, that
server is preferred over other servers. A response from a
preferred server will be discarded if it differs
significantly from other servers' responses, otherwise it
@@ -5439,9 +5390,9 @@ driftfile /var/db/ntp.drift</programlisting>
<programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting>
<para>instead, where
- <hostid role="ipaddr">192.168.1.0</hostid> is an
+ <systemitem class="ipaddress">192.168.1.0</systemitem> is an
<acronym>IP</acronym> address on the network and
- <hostid role="netmask">255.255.255.0</hostid> is the
+ <systemitem class="netmask">255.255.255.0</systemitem> is the
network's netmask.</para>
<para>The <filename>/etc/ntp.conf</filename> file can contain
@@ -5512,7 +5463,7 @@ driftfile /var/db/ntp.drift</programlisting>
</sect2>
</sect1>
- <sect1 id="network-syslogd">
+ <sect1 xml:id="network-syslogd">
<!--
<sect1info>
<authorgroup>
@@ -5540,11 +5491,11 @@ driftfile /var/db/ntp.drift</programlisting>
Log file aggregation, merging and rotation may be configured in
one location, using the native tools of &os;, such as
&man.syslogd.8; and &man.newsyslog.8;. In the following example
- configuration, host <hostid>A</hostid>, named
- <hostid role="fqdn">logserv.example.com</hostid>, will collect
+ configuration, host <systemitem>A</systemitem>, named
+ <systemitem class="fqdomainname">logserv.example.com</systemitem>, will collect
logging information for the local network. Host
- <hostid>B</hostid>, named
- <hostid role="fqdn">logclient.example.com</hostid> will pass
+ <systemitem>B</systemitem>, named
+ <systemitem class="fqdomainname">logclient.example.com</systemitem> will pass
logging information to the server system. In live
configurations, both hosts require proper forward and reverse
<acronym>DNS</acronym> or entries in
@@ -5625,14 +5576,14 @@ syslogd_flags="-a logclient.example.com -v -v"</programlisting>
does not matter, but &man.touch.1; works great for situations
such as this:</para>
- <screen>&prompt.root; <userinput><command>touch</command>
- <filename>/var/log/logclient.log</filename></userinput></screen>
+ <screen>&prompt.root; <userinput>touch
+ /var/log/logclient.log</userinput></screen>
<para>At this point, the <command>syslogd</command> daemon
should be restarted and verified:</para>
- <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput>
-&prompt.root; <userinput><command>pgrep</command> syslog</userinput></screen>
+ <screen>&prompt.root; <userinput>service syslogd restart</userinput>
+&prompt.root; <userinput>pgrep syslog</userinput></screen>
<para>If a <acronym>PID</acronym> is returned, the server has
been restarted successfully, and client configuration may
@@ -5707,14 +5658,14 @@ syslogd_flags="-s -v -v"</programlisting>
<para>Once added, <command>syslogd</command> must be restarted
for the changes to take effect:</para>
- <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput></screen>
+ <screen>&prompt.root; <userinput>service syslogd restart</userinput></screen>
<para>To test that log messages are being sent across the
network, use &man.logger.1; on the client to send a message to
<command>syslogd</command>:</para>
- <screen>&prompt.root; <userinput><command>logger</command>
- "<replaceable>Test message from logclient</replaceable>"</userinput></screen>
+ <screen>&prompt.root; <userinput>logger
+ "Test message from logclient"</userinput></screen>
<para>This message should now exist both in
<filename>/var/log/messages</filename> on the client, and
@@ -5745,7 +5696,7 @@ syslogd_flags="-s -v -v"</programlisting>
<programlisting>syslogd_flags="-d -a logclien.example.com -v -v"</programlisting>
- <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput></screen>
+ <screen>&prompt.root; <userinput>service syslogd restart</userinput></screen>
<para>Debugging data similar to the following will flash on the
screen immediately after the restart:</para>
@@ -5770,7 +5721,7 @@ rejected in rule 0 due to name mismatch.</screen>
<literal>logclien</literal>. After the proper alterations
are made, a restart is issued with expected results:</para>
- <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput>
+ <screen>&prompt.root; <userinput>service syslogd restart</userinput>
logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart
syslogd: restarted
logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel
@@ -5798,7 +5749,7 @@ Logging to FILE /var/log/messages</screen>
data. Network data sent from the client to the server will
not be encrypted nor password protected. If a need for
encryption exists, it might be possible to use
- <filename role="package">security/stunnel</filename>, which
+ <package>security/stunnel</package>, which
will transmit data over an encrypted tunnel.</para>
<para>Local security is also an issue. Log files are not
@@ -5813,7 +5764,7 @@ Logging to FILE /var/log/messages</screen>
</sect2>
</sect1>
- <sect1 id="network-iscsi">
+ <sect1 xml:id="network-iscsi">
<!--
<sect1info>
<authorgroup>
@@ -5837,13 +5788,13 @@ Logging to FILE /var/log/messages</screen>
nodes appear in <filename>/dev/</filename>, and must be separately
mounted.</para>
- <sect2 id="network-iscsi-target">
+ <sect2 xml:id="network-iscsi-target">
<title><acronym>iSCSI</acronym> Target</title>
<para>Note: the native <acronym>iSCSI</acronym> target is supported starting with
&os; 10.0-RELEASE. To use <acronym>iSCSI</acronym> in older versions of &os;, install a
userspace target from the Ports Collection, such as
- <filename role="package">net/istgt</filename>.
+ <package>net/istgt</package>.
This chapter only describes the native target.</para>
<sect3>
@@ -5852,13 +5803,11 @@ Logging to FILE /var/log/messages</screen>
<para>Configuring an <acronym>iSCSI</acronym> target is straightforward:
create the <filename>/etc/ctl.conf</filename>
configuration file, add an appropriate line to
- <filename>/etc/rc.conf</filename> to make sure the <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
+ <filename>/etc/rc.conf</filename> to make sure the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
daemon is automatically started at boot, and then start
the daemon.</para>
- <para>A simple <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">ctl.conf(5)</ulink>
+ <para>A simple <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">ctl.conf(5)</link>
configuration file looks like this:</para>
<programlisting>portal-group pg0 {
@@ -5879,13 +5828,11 @@ target iqn.2012-06.com.example:target0 {
<para>The first entry defines the <literal>pg0</literal> portal group.
Portal groups define network addresses the
- <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
+ <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
daemon will listen on. <literal>discovery-auth-group
no-authentication</literal> means that every initiator is allowed to
perform <acronym>iSCSI</acronym> SendTargets discovery without any
- authentication. The following two lines make <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
+ authentication. The following two lines make <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
listen on all <acronym>IPv4</acronym> (<literal>listen 0.0.0.0</literal>) and <acronym>IPv6</acronym> (<literal>listen
[::]</literal>) addresses on the
default port (3560). It is not necessary to define
@@ -5925,31 +5872,25 @@ target iqn.2012-06.com.example:target0 {
line of <acronym>LUN</acronym> configuration (<literal>path /data/target0-0</literal>)
defines the
full path to a file or ZVOL backing the <acronym>LUN</acronym>. The file must
- exist before starting <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>.
+ exist before starting <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>.
The second line is optional and specifies the size.</para>
- <para>To make sure <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
+ <para>To make sure <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
daemon is started at boot, add this
line to <filename>/etc/rc.conf</filename>:</para>
<programlisting>ctld_enable="YES"</programlisting>
<para>On a new server being configured as <acronym>iSCSI</acronym> target,
- <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
- can be started by running this command as <username>root</username>:</para>
+ <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
+ can be started by running this command as <systemitem class="username">root</systemitem>:</para>
<screen>&prompt.root; <userinput>service ctld start</userinput></screen>
- <para>The <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
- daemon reads <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">ctl.conf(5)</ulink>
+ <para>The <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
+ daemon reads <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">ctl.conf(5)</link>
file when started. To make configuration changes take
- effect immediately, force <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</ulink>
+ effect immediately, force <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&amp;sektion=8&amp;manpath=FreeBSD+10-current">ctld(8)</link>
to reread it:</para>
<screen>&prompt.root; <userinput>service ctld reload</userinput></screen>
@@ -6007,20 +5948,18 @@ target iqn.2012-06.com.example:target0 {
</sect3>
</sect2>
- <sect2 id="network-iscsi-initiator">
+ <sect2 xml:id="network-iscsi-initiator">
<title><acronym>iSCSI</acronym> Initiator</title>
<note>
<para>The current <acronym>iSCSI</acronym> initiator is supported starting with
&os; 10.0-RELEASE. To use the <acronym>iSCSI</acronym> initiator available in
- older versions, refer to <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscontrol&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscontrol(8)</ulink>.
+ older versions, refer to <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscontrol&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscontrol(8)</link>.
This chapter only applies to the new
initiator.</para>
</note>
- <para>The <acronym>iSCSI</acronym> initiator requires the <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</ulink>
+ <para>The <acronym>iSCSI</acronym> initiator requires the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</link>
daemon to run. It does not use a configuration
file. To start it automatically at boot, add
this line to
@@ -6029,15 +5968,13 @@ target iqn.2012-06.com.example:target0 {
<programlisting>iscsid_enable="YES"</programlisting>
<para>On a new machine being configured as an <acronym>iSCSI</acronym> initiator,
- <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</ulink>
- can be started by running this command as <username>root</username>:</para>
+ <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</link>
+ can be started by running this command as <systemitem class="username">root</systemitem>:</para>
<screen>&prompt.root; <userinput>service iscsid start</userinput></screen>
<para>Connecting to a target can be done with or without an
- <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsi.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">iscsi.conf(8)</ulink>
+ <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsi.conf&amp;sektion=5&amp;manpath=FreeBSD+10-current">iscsi.conf(8)</link>
configuration file.</para>
<sect3>
@@ -6045,7 +5982,7 @@ target iqn.2012-06.com.example:target0 {
File</title>
<para>To make the initiator connect to a single target, run
- this command as <username>root</username>:</para>
+ this command as <systemitem class="username">root</systemitem>:</para>
<screen>&prompt.root; <userinput>iscsictl -A -p 10.10.10.10 -t iqn.2012-06.com.example:target0</userinput></screen>
@@ -6059,16 +5996,13 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</
established, with <filename>/dev/da0</filename>
representing the attached <acronym>LUN</acronym>. If the
<literal>iqn.2012-06.com.example:target0</literal> target exports more than one
- <acronym>LUN</acronym>, multiple device nodes will be shown in the <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscictl(8)</ulink>
+ <acronym>LUN</acronym>, multiple device nodes will be shown in the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscictl(8)</link>
output:</para>
<screen>Connected: da0 da1 da2.</screen>
<para>Any errors are reported in the system logs, and also visible
- in the <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscictl(8)</ulink>
- output. For example, this usually means the <ulink
- url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</ulink>
+ in the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscictl(8)</link>
+ output. For example, this usually means the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&amp;sektion=8&amp;manpath=FreeBSD+10-current">iscsid(8)</link>
daemon is not running:</para>
<programlisting>Target name Target portal State