diff options
Diffstat (limited to 'en_US.ISO8859-1/books/handbook/network-servers/chapter.xml')
-rw-r--r-- | en_US.ISO8859-1/books/handbook/network-servers/chapter.xml | 634 |
1 files changed, 284 insertions, 350 deletions
diff --git a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml index 8a270095e9..0b41db2778 100644 --- a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml @@ -4,8 +4,7 @@ $FreeBSD$ --> - -<chapter id="network-servers"> +<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="network-servers"> <!-- <chapterinfo> <authorgroup> @@ -20,7 +19,7 @@ <title>Network Servers</title> - <sect1 id="network-servers-synopsis"> + <sect1 xml:id="network-servers-synopsis"> <title>Synopsis</title> <para>This chapter covers some of the more frequently used network @@ -113,7 +112,7 @@ </itemizedlist> </sect1> - <sect1 id="network-inetd"> + <sect1 xml:id="network-inetd"> <!-- <sect1info> <authorgroup> @@ -135,7 +134,7 @@ <title>The <application>inetd</application> <quote>Super-Server</quote></title> - <sect2 id="network-inetd-overview"> + <sect2 xml:id="network-inetd-overview"> <title>Overview</title> <para>The &man.inetd.8; daemon is sometimes referred to as the @@ -162,7 +161,7 @@ <filename>/etc/inetd.conf</filename>.</para> </sect2> - <sect2 id="network-inetd-settings"> + <sect2 xml:id="network-inetd-settings"> <title>Settings</title> <para><application>inetd</application> is initialized through @@ -186,7 +185,7 @@ <literal>inetd_flags</literal> option.</para> </sect2> - <sect2 id="network-inetd-cmdline"> + <sect2 xml:id="network-inetd-cmdline"> <title>Command-Line Options</title> <para>Like most server daemons, <application>inetd</application> @@ -260,7 +259,7 @@ </variablelist> </sect2> - <sect2 id="network-inetd-conf"> + <sect2 xml:id="network-inetd-conf"> <!-- XXX This section is not very clear and could do with some tlc --> <title><filename>inetd.conf</filename></title> @@ -272,7 +271,7 @@ <application>inetd</application> can be forced to re-read its configuration file by running the command:</para> - <example id="network-inetd-reread"> + <example xml:id="network-inetd-reread"> <title>Reloading the <application>inetd</application> Configuration File</title> @@ -455,10 +454,10 @@ server-program-arguments</programlisting> <listitem> <para>This is the username that the particular daemon should run as. Most commonly, daemons run as the - <username>root</username> user. For security purposes, + <systemitem class="username">root</systemitem> user. For security purposes, it is common to find some servers running as the - <username>daemon</username> user, or the least - privileged <username>nobody</username> user.</para> + <systemitem class="username">daemon</systemitem> user, or the least + privileged <systemitem class="username">nobody</systemitem> user.</para> </listitem> </varlistentry> @@ -492,7 +491,7 @@ server-program-arguments</programlisting> </variablelist> </sect2> - <sect2 id="network-inetd-security"> + <sect2 xml:id="network-inetd-security"> <title>Security</title> <para>Depending on the choices made at install time, many @@ -523,7 +522,7 @@ server-program-arguments</programlisting> <application>inetd</application> invoked daemons.</para> </sect2> - <sect2 id="network-inetd-misc"> + <sect2 xml:id="network-inetd-misc"> <title>Miscellaneous</title> <para><application>daytime</application>, @@ -543,7 +542,7 @@ server-program-arguments</programlisting> </sect2> </sect1> - <sect1 id="network-nfs"> + <sect1 xml:id="network-nfs"> <!-- <sect1info> <authorgroup> @@ -667,7 +666,7 @@ server-program-arguments</programlisting> <para>Running &man.nfsiod.8; can improve performance on the client, but is not required.</para> - <sect2 id="network-configuring-nfs"> + <sect2 xml:id="network-configuring-nfs"> <title>Configuring <acronym>NFS</acronym></title> <indexterm> @@ -712,7 +711,7 @@ mountd_flags="-r"</programlisting> on the reader's network.</para> <para>This example shows how to export the - <filename class="directory">/cdrom</filename> directory to + <filename>/cdrom</filename> directory to three clients called <replaceable>alpha</replaceable>, <replaceable>bravo</replaceable>, and <replaceable>charlie</replaceable>:</para> @@ -724,7 +723,7 @@ mountd_flags="-r"</programlisting> those exported file systems.</para> <para>The next example exports - <filename class="directory">/home</filename> to three clients + <filename>/home</filename> to three clients by <acronym>IP</acronym> address. This can be useful for networks without <acronym>DNS</acronym>. Optionally, <filename>/etc/hosts</filename> could be configured for @@ -737,16 +736,16 @@ mountd_flags="-r"</programlisting> <programlisting>/home -alldirs 10.0.0.2 10.0.0.3 10.0.0.4</programlisting> <para>This next line exports - <filename class="directory">/a</filename> so that two clients + <filename>/a</filename> so that two clients from different domains may access the file system. The <option>-maproot=root</option> flag allows the - <username>root</username> user on the remote system to write - data on the exported file system as <username>root</username>. + <systemitem class="username">root</systemitem> user on the remote system to write + data on the exported file system as <systemitem class="username">root</systemitem>. If the <literal>-maproot=root</literal> flag is not specified, - the client's <username>root</username> user will be mapped to - the server's <username>nobody</username> account and will be + the client's <systemitem class="username">root</systemitem> user will be mapped to + the server's <systemitem class="username">nobody</systemitem> account and will be subject to the access limitations defined for user, - <username>nobody</username>.</para> + <systemitem class="username">nobody</systemitem>.</para> <programlisting>/a -maproot=root host.example.com box.example.org</programlisting> @@ -758,7 +757,7 @@ mountd_flags="-r"</programlisting> the export information for one file system to one or more clients. A remote host can only be specified once per file system. For example, assume that - <filename class="directory">/usr</filename> is a single file + <filename>/usr</filename> is a single file system. This entry, in <filename>/etc/exports</filename>, would be invalid:</para> @@ -766,9 +765,9 @@ mountd_flags="-r"</programlisting> /usr/src client /usr/ports client</programlisting> - <para>The <filename class="directory">/usr</filename> file + <para>The <filename>/usr</filename> file system has two lines specifying exports to the same host, - <hostid>client</hostid>. The correct format for this + <systemitem>client</systemitem>. The correct format for this situation is:</para> <programlisting>/usr/src /usr/ports client</programlisting> @@ -779,8 +778,8 @@ mountd_flags="-r"</programlisting> system.</para> <para>The following is an example of a valid export list, where - <filename class="directory">/usr</filename> and - <filename class="directory">/exports</filename> are local + <filename>/usr</filename> and + <filename>/exports</filename> are local file systems:</para> <programlisting># Export src and ports to client01 and client02, but only @@ -805,7 +804,7 @@ mountd_flags="-r"</programlisting> <para>On a new server being configured with <acronym>NFS</acronym> services, the server can be started by - running this command as <username>root</username>:</para> + running this command as <systemitem class="username">root</systemitem>:</para> <screen>&prompt.root; <userinput>service nfsd start</userinput></screen> @@ -815,11 +814,11 @@ mountd_flags="-r"</programlisting> <para>The client now has everything it needs to mount a remote file system. In these examples, the server's name is - <hostid>server</hostid> and the client's name is - <hostid>client</hostid>. For testing or to temporarily mount + <systemitem>server</systemitem> and the client's name is + <systemitem>client</systemitem>. For testing or to temporarily mount a remote file system, execute <application>mount</application> - as <username>root</username> on - <hostid>client</hostid>:</para> + as <systemitem class="username">root</systemitem> on + <systemitem>client</systemitem>:</para> <indexterm> <primary>NFS</primary> @@ -827,14 +826,14 @@ mountd_flags="-r"</programlisting> </indexterm> <screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen> - <para>This mounts the <hostid>server</hostid>: - <filename class="directory">/home</filename> file system to - the <hostid>client</hostid>: - <filename class="directory">/mnt</filename> mount point. The - files and directories in the <hostid>server</hostid> - <filename class="directory">/home</filename> file system will - now be available on <hostid>client</hostid>, in the - <filename class="directory">/mnt</filename> directory.</para> + <para>This mounts the <systemitem>server</systemitem>: + <filename>/home</filename> file system to + the <systemitem>client</systemitem>: + <filename>/mnt</filename> mount point. The + files and directories in the <systemitem>server</systemitem> + <filename>/home</filename> file system will + now be available on <systemitem>client</systemitem>, in the + <filename>/mnt</filename> directory.</para> <para>To mount a remote file system each time the client boots, add it to <filename>/etc/fstab</filename>:</para> @@ -862,7 +861,7 @@ rpc_statd_enable="YES"</programlisting> <acronym>NFS</acronym> client and server are already configured.</para> - <para>Start the application, as <username>root</username>, + <para>Start the application, as <systemitem class="username">root</systemitem>, with:</para> <screen>&prompt.root; <userinput>service lockd start</userinput> @@ -902,8 +901,7 @@ rpc_statd_enable="YES"</programlisting> </listitem> <listitem> - <para>Several clients may need access to the <filename - class="directory">/usr/ports/distfiles</filename> + <para>Several clients may need access to the <filename>/usr/ports/distfiles</filename> directory. Sharing that directory allows for quick access to the source files without having to download them to each client.</para> @@ -911,7 +909,7 @@ rpc_statd_enable="YES"</programlisting> </itemizedlist> </sect2> - <sect2 id="network-amd"> + <sect2 xml:id="network-amd"> <!-- <sect2info> <authorgroup> @@ -949,21 +947,20 @@ rpc_statd_enable="YES"</programlisting> <para><application>amd</application> operates by attaching itself as an NFS server to the - <filename class="directory">/host</filename> and - <filename class="directory">/net</filename> directories. When + <filename>/host</filename> and + <filename>/net</filename> directories. When a file is accessed within one of these directories, <application>amd</application> looks up the corresponding - remote mount and automatically mounts it. <filename - class="directory">/net</filename> is used to mount an + remote mount and automatically mounts it. <filename>/net</filename> is used to mount an exported file system from an <acronym>IP</acronym> address, - while <filename class="directory">/host</filename> is used to + while <filename>/host</filename> is used to mount an export from a remote hostname.</para> <para>For instance, an attempt to access a file within - <filename class="directory">/host/foobar/usr</filename> would + <filename>/host/foobar/usr</filename> would tell <application>amd</application> to mount the - <filename class="directory">/usr</filename> export on the host - <hostid>foobar</hostid>.</para> + <filename>/usr</filename> export on the host + <systemitem>foobar</systemitem>.</para> <example> <title>Mounting an Export with @@ -972,7 +969,7 @@ rpc_statd_enable="YES"</programlisting> <para><command>showmount -e</command> shows the exported file systems that can be mounted from the <acronym>NFS</acronym> server, - <hostid>foobar</hostid>:</para> + <systemitem>foobar</systemitem>:</para> <screen>&prompt.user; <userinput>showmount -e foobar</userinput> Exports list on foobar: @@ -982,11 +979,11 @@ Exports list on foobar: </example> <para>The output from <command>showmount</command> shows - <filename class="directory">/usr</filename> as an export. + <filename>/usr</filename> as an export. When changing directories to - <filename class="directory">/host/foobar/usr</filename>, + <filename>/host/foobar/usr</filename>, <application>amd</application> intercepts the request and - attempts to resolve the hostname <hostid>foobar</hostid>. If + attempts to resolve the hostname <systemitem>foobar</systemitem>. If successful, <application>amd</application> automatically mounts the desired export.</para> @@ -1015,7 +1012,7 @@ Exports list on foobar: </sect2> </sect1> - <sect1 id="network-nis"> + <sect1 xml:id="network-nis"> <!-- <sect1info> <authorgroup> @@ -1260,33 +1257,33 @@ Exports list on foobar: <tbody> <row> - <entry><hostid>ellington</hostid></entry> - <entry><hostid role="ipaddr">10.0.0.2</hostid></entry> + <entry><systemitem>ellington</systemitem></entry> + <entry><systemitem class="ipaddress">10.0.0.2</systemitem></entry> <entry><acronym>NIS</acronym> master</entry> </row> <row> - <entry><hostid>coltrane</hostid></entry> - <entry><hostid role="ipaddr">10.0.0.3</hostid></entry> + <entry><systemitem>coltrane</systemitem></entry> + <entry><systemitem class="ipaddress">10.0.0.3</systemitem></entry> <entry><acronym>NIS</acronym> slave</entry> </row> <row> - <entry><hostid>basie</hostid></entry> - <entry><hostid role="ipaddr">10.0.0.4</hostid></entry> + <entry><systemitem>basie</systemitem></entry> + <entry><systemitem class="ipaddress">10.0.0.4</systemitem></entry> <entry>Faculty workstation</entry> </row> <row> - <entry><hostid>bird</hostid></entry> - <entry><hostid role="ipaddr">10.0.0.5</hostid></entry> + <entry><systemitem>bird</systemitem></entry> + <entry><systemitem class="ipaddress">10.0.0.5</systemitem></entry> <entry>Client machine</entry> </row> <row> - <entry><hostid>cli[1-11]</hostid></entry> + <entry><systemitem>cli[1-11]</systemitem></entry> <entry> - <hostid role="ipaddr">10.0.0.[6-17]</hostid></entry> + <systemitem class="ipaddress">10.0.0.[6-17]</systemitem></entry> <entry>Other client machines</entry> </row> </tbody> @@ -1445,8 +1442,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</ <secondary>maps</secondary> </indexterm> <para><acronym>NIS</acronym> maps - are generated from the configuration files in <filename - class="directory">/etc</filename> on the + are generated from the configuration files in <filename>/etc</filename> on the <acronym>NIS</acronym> master, with one exception: <filename>/etc/master.passwd</filename>. This is to prevent the propagation of passwords to all the servers in @@ -1461,7 +1457,7 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</ <para>It is advisable to remove all entries for system accounts as well as any user accounts that do not need to be propagated to the <acronym>NIS</acronym> clients, such - as the <username>root</username> and any other + as the <systemitem class="username">root</systemitem> and any other administrative accounts.</para> <note><para>Ensure that the @@ -1523,7 +1519,7 @@ ellington has been setup as an YP master server without any errors.</screen> Until this occurs, the new user will not be able to login anywhere except on the <acronym>NIS</acronym> master. For example, to add the new user - <username>jsmith</username> to the + <systemitem class="username">jsmith</systemitem> to the <literal>test-domain</literal> domain, run these commands on the master server:</para> @@ -1615,8 +1611,7 @@ coltrane has been setup as an YP slave server without any errors. Remember to update map ypservers on ellington.</screen> <para>This will generate a directory on the slave server - called <filename - class="directory">/var/yp/test-domain</filename> which + called <filename>/var/yp/test-domain</filename> which contains copies of the <acronym>NIS</acronym> master server's maps. Adding these <filename>/etc/crontab</filename> entries on each slave @@ -1688,7 +1683,7 @@ nis_client_enable="YES"</programlisting> <filename>/etc/master.passwd</filename>. When removing the accounts, keep in mind that at least one local account should remain and this account should be - a member of <groupname>wheel</groupname>. If there is + a member of <systemitem class="groupname">wheel</systemitem>. If there is a problem with <acronym>NIS</acronym>, this local account can be used to log in remotely, become the superuser, and fix the problem. Before saving the @@ -1798,7 +1793,7 @@ nis_client_enable="YES"</programlisting> <sect3> <title>Barring Some Users</title> - <para>In this example, the <hostid>basie</hostid> system + <para>In this example, the <systemitem>basie</systemitem> system is a faculty workstation within the <acronym>NIS</acronym> domain. The <filename>passwd</filename> map on the master <acronym>NIS</acronym> server contains accounts for both @@ -1810,15 +1805,15 @@ nis_client_enable="YES"</programlisting> system, even if they are present in the <acronym>NIS</acronym> database, use <command>vipw</command> to add - <literal>-<replaceable>username</replaceable></literal> with + <literal>-username</literal> with the correct number of colons towards the end of <filename>/etc/master.passwd</filename> on the client, where <replaceable>username</replaceable> is the username of a user to bar from logging in. The line with the blocked user must be before the <literal>+</literal> line that allows <acronym>NIS</acronym> users. In this example, - <username>bill</username> is barred from logging on to - <hostid>basie</hostid>:</para> + <systemitem class="username">bill</systemitem> is barred from logging on to + <systemitem>basie</systemitem>:</para> <screen>basie&prompt.root; <userinput>cat /etc/master.passwd</userinput> root:[password]:0:0::0:0:The super-user:/root:/bin/csh @@ -1843,7 +1838,7 @@ basie&prompt.root;</screen> </sect3> </sect2> - <sect2 id="network-netgroups"> + <sect2 xml:id="network-netgroups"> <!-- <sect2info> <authorgroup> @@ -1888,27 +1883,27 @@ basie&prompt.root;</screen> <tbody> <row> - <entry><username>alpha</username>, - <username>beta</username></entry> + <entry><systemitem class="username">alpha</systemitem>, + <systemitem class="username">beta</systemitem></entry> <entry>IT department employees</entry> </row> <row> - <entry><username>charlie</username>, - <username>delta</username></entry> + <entry><systemitem class="username">charlie</systemitem>, + <systemitem class="username">delta</systemitem></entry> <entry>IT department apprentices</entry> </row> <row> - <entry><username>echo</username>, - <username>foxtrott</username>, - <username>golf</username>, ...</entry> + <entry><systemitem class="username">echo</systemitem>, + <systemitem class="username">foxtrott</systemitem>, + <systemitem class="username">golf</systemitem>, ...</entry> <entry>employees</entry> </row> <row> - <entry><username>able</username>, - <username>baker</username>, ...</entry> + <entry><systemitem class="username">able</systemitem>, + <systemitem class="username">baker</systemitem>, ...</entry> <entry>interns</entry> </row> </tbody> @@ -1930,32 +1925,32 @@ basie&prompt.root;</screen> <row> <!-- Names taken from "Good Omens" by Neil Gaiman and Terry Pratchett. Many thanks for a brilliant book. --> - <entry><hostid>war</hostid>, - <hostid>death</hostid>, <hostid>famine</hostid>, - <hostid>pollution</hostid></entry> + <entry><systemitem>war</systemitem>, + <systemitem>death</systemitem>, <systemitem>famine</systemitem>, + <systemitem>pollution</systemitem></entry> <entry>Only IT employees are allowed to log onto these servers.</entry> </row> <row> <!-- gluttony was omitted because it was too fat --> - <entry><hostid>pride</hostid>, <hostid>greed</hostid>, - <hostid>envy</hostid>, <hostid>wrath</hostid>, - <hostid>lust</hostid>, <hostid>sloth</hostid></entry> + <entry><systemitem>pride</systemitem>, <systemitem>greed</systemitem>, + <systemitem>envy</systemitem>, <systemitem>wrath</systemitem>, + <systemitem>lust</systemitem>, <systemitem>sloth</systemitem></entry> <entry>All members of the IT department are allowed to login onto these servers.</entry> </row> <row> - <entry><hostid>one</hostid>, <hostid>two</hostid>, - <hostid>three</hostid>, <hostid>four</hostid>, + <entry><systemitem>one</systemitem>, <systemitem>two</systemitem>, + <systemitem>three</systemitem>, <systemitem>four</systemitem>, ...</entry> <entry>Ordinary workstations used by employees.</entry> </row> <row> - <entry><hostid>trashcan</hostid></entry> + <entry><systemitem>trashcan</systemitem></entry> <entry>A very old machine without any critical data. Even interns are allowed to use this system.</entry> </row> @@ -2062,7 +2057,7 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.byuser</userinput></screen> <para>To configure a client, use &man.vipw.8; to specify the name of the netgroup. For example, on the server named - <hostid>war</hostid>, replace this line:</para> + <systemitem>war</systemitem>, replace this line:</para> <programlisting>+:::::::::</programlisting> @@ -2079,7 +2074,7 @@ ellington&prompt.user; <userinput>ypcat -k netgroup.byuser</userinput></screen> <literal>~</literal> function of the shell and all routines which convert between user names and numerical user IDs. In other words, - <command>cd ~<replaceable>user</replaceable></command> will + <command>cd ~user</command> will not work, <command>ls -l</command> will show the numerical ID instead of the username, and <command>find . -user joe -print</command> will fail with the message @@ -2249,7 +2244,7 @@ TWO (,hotel,test-domain) </sect2> </sect1> - <sect1 id="network-ldap"> + <sect1 xml:id="network-ldap"> <!-- <sect1info> <authorgroup> @@ -2349,7 +2344,7 @@ result: 0 Success server, the OpenLDAP port needs installed. This may be accomplished using the <command>pkg_add</command> command or by installing the - <filename role="port">net/openldap24-server</filename> + <package role="port">net/openldap24-server</package> port. Building the port is recommended as the administrator may select a great deal of options at this time and disable some options. In most cases, the defaults will be fine; @@ -2378,8 +2373,7 @@ result: 0 Success during the certificate creation process below.</para> <para>The following commands must be executed in the - <filename - class="directory">/usr/local/etc/openldap/private</filename> + <filename>/usr/local/etc/openldap/private</filename> directory. This is important as the file permissions will need to be restrictive and users should not have access to these files directly. To create the certificates, issues the @@ -2557,7 +2551,7 @@ cn: Manager</programlisting> <para>To import this datafile, issue the following command, assuming the file is <filename>import.ldif</filename>:</para> - <screen>&prompt.root; <userinput>ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f <replaceable>import.ldif</replaceable></userinput></screen> + <screen>&prompt.root; <userinput>ldapadd -Z -D "cn=Manager,dc=example,dc=com" -W -f import.ldif</userinput></screen> <para>There will be a request for the password specified earlier, and the output should look like this:</para> @@ -2607,7 +2601,7 @@ result: 0 Success </sect2> </sect1> - <sect1 id="network-dhcp"> + <sect1 xml:id="network-dhcp"> <!-- <sect1info> <authorgroup> @@ -2638,10 +2632,8 @@ result: 0 Success by the client to obtain the addressing information. &os; does not install a <acronym>DHCP</acronym> server, but several servers are available in the &os; Ports Collection. The - <acronym>DHCP</acronym> protocol is fully described in <ulink - url="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</ulink>. - Informational resources are also available at <ulink - url="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</ulink>.</para> + <acronym>DHCP</acronym> protocol is fully described in <link xlink:href="http://www.freesoft.org/CIE/RFC/2131/">RFC 2131</link>. + Informational resources are also available at <link xlink:href="http://www.isc.org/downloads/dhcp/">isc.org/downloads/dhcp/</link>.</para> <para>This section describes how to use the built-in <acronym>DHCP</acronym> client. It then describes how to @@ -2655,7 +2647,7 @@ result: 0 Success &os;. Users who prefer to create a custom kernel need to keep this device if <acronym>DHCP</acronym> is used.</para> - <para>It should be noted that <devicename>bpf</devicename> also + <para>It should be noted that <filename>bpf</filename> also allows privileged users to run network packet sniffers on that system.</para> </note> @@ -2762,7 +2754,7 @@ result: 0 Success </listitem> <listitem> - <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para> + <para><filename>/var/db/dhclient.leases.interface</filename></para> <para>The <acronym>DHCP</acronym> client keeps a database of valid leases in this file, which is written as a log and @@ -2771,7 +2763,7 @@ result: 0 Success </itemizedlist> </sect2> - <sect2 id="network-dhcp-server"> + <sect2 xml:id="network-dhcp-server"> <title>Installing and Configuring a <acronym>DHCP</acronym> Server</title> @@ -2779,8 +2771,7 @@ result: 0 Success to act as a <acronym>DHCP</acronym> server using the Internet Systems Consortium (<acronym>ISC</acronym>) implementation of the <acronym>DHCP</acronym> server. This implementation and - its documentation can be installed using the <filename - role="package">net/isc-dhcp42-server</filename> package or + its documentation can be installed using the <package>net/isc-dhcp42-server</package> package or port.</para> <indexterm> @@ -2793,8 +2784,7 @@ result: 0 Success <secondary>installation</secondary> </indexterm> - <para>The installation of <filename - role="package">net/isc-dhcp42-server</filename> installs a + <para>The installation of <package>net/isc-dhcp42-server</package> installs a sample configuration file. Copy <filename>/usr/local/etc/dhcpd.conf.example</filename> to <filename>/usr/local/etc/dhcpd.conf</filename> and make any @@ -2809,22 +2799,22 @@ result: 0 Success provided to <acronym>DHCP</acronym> clients. For example, these lines configure the following:</para> - <programlisting>option domain-name "example.org";<co id="domain-name"/> -option domain-name-servers ns1.example.org;<co id="domain-name-servers"/> -option subnet-mask 255.255.255.0;<co id="subnet-mask"/> + <programlisting>option domain-name "example.org";<co xml:id="domain-name"/> +option domain-name-servers ns1.example.org;<co xml:id="domain-name-servers"/> +option subnet-mask 255.255.255.0;<co xml:id="subnet-mask"/> -default-lease-time 600;<co id="default-lease-time"/> -max-lease-time 72400;<co id="max-lease-time"/> -ddns-update-style none;<co id="ddns-update-style"/> +default-lease-time 600;<co xml:id="default-lease-time"/> +max-lease-time 72400;<co xml:id="max-lease-time"/> +ddns-update-style none;<co xml:id="ddns-update-style"/> subnet 10.254.239.0 netmask 255.255.255.224 { - range 10.254.239.10 10.254.239.20;<co id="range"/> - option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;<co id="routers"/> + range 10.254.239.10 10.254.239.20;<co xml:id="range"/> + option routers rtr-239-0-1.example.org, rtr-239-0-2.example.org;<co xml:id="routers"/> } host fantasia { - hardware ethernet 08:00:07:26:c0:a5;<co id="hardware"/> - fixed-address fantasia.fugue.com;<co id="fixed-address"/> + hardware ethernet 08:00:07:26:c0:a5;<co xml:id="hardware"/> + fixed-address fantasia.fugue.com;<co xml:id="fixed-address"/> }</programlisting> <calloutlist> @@ -2973,8 +2963,7 @@ dhcpd_ifaces="dc0"</programlisting> one <acronym>DHCP</acronym> server forwards a request from a client to another <acronym>DHCP</acronym> server on a separate network. If this functionality is - required, install the <filename - role="package">net/isc-dhcp42-relay</filename> + required, install the <package>net/isc-dhcp42-relay</package> package or port. The installation includes dhcrelay(8) which provides more detail.</para> </listitem> @@ -2982,7 +2971,7 @@ dhcpd_ifaces="dc0"</programlisting> </sect2> </sect1> - <sect1 id="network-dns"> + <sect1 xml:id="network-dns"> <!-- <sect1info> <authorgroup> @@ -3015,8 +3004,7 @@ dhcpd_ifaces="dc0"</programlisting> is the most common implementation of the <acronym>DNS</acronym> protocol. The &os; version provides enhanced security features, a new file system layout, and automated &man.chroot.8; - configuration. BIND is maintained by the <ulink - url="https://www.isc.org/">isc.org</ulink>. It is not + configuration. BIND is maintained by the <link xlink:href="https://www.isc.org/">isc.org</link>. It is not necessary to run a name server to perform <acronym>DNS</acronym> lookups on a system.</para> @@ -3105,36 +3093,34 @@ dhcpd_ifaces="dc0"</programlisting> <itemizedlist> <listitem> - <para><hostid>.</hostid> is how the root zone is usually + <para><systemitem>.</systemitem> is how the root zone is usually referred to in documentation.</para> </listitem> <listitem> - <para><hostid>org.</hostid> is a Top Level Domain + <para><systemitem>org.</systemitem> is a Top Level Domain (<acronym>TLD</acronym>) under the root zone.</para> </listitem> <listitem> - <para><hostid role="domainname">example.org.</hostid> is a - zone under the <hostid>org.</hostid> + <para><systemitem class="fqdomainname">example.org.</systemitem> is a + zone under the <systemitem>org.</systemitem> <acronym>TLD</acronym>.</para> </listitem> <listitem> - <para><hostid>1.168.192.in-addr.arpa</hostid> is a zone + <para><systemitem>1.168.192.in-addr.arpa</systemitem> is a zone referencing all <acronym>IP</acronym> addresses which fall - under the <hostid role="ipaddr">192.168.1.*</hostid> + under the <systemitem class="ipaddress">192.168.1.*</systemitem> <acronym>IP</acronym> address space.</para> </listitem> </itemizedlist> <para>As one can see, the more specific part of a hostname - appears to its left. For example, <hostid - role="domainname">example.org.</hostid> is more specific than - <hostid>org.</hostid>, as <hostid>org.</hostid> is more specific + appears to its left. For example, <systemitem class="fqdomainname">example.org.</systemitem> is more specific than + <systemitem>org.</systemitem>, as <systemitem>org.</systemitem> is more specific than the root zone. The layout of each part of a hostname is - much like a file system: the <filename - class="directory">/dev</filename> directory falls within the + much like a file system: the <filename>/dev</filename> directory falls within the root, and so on.</para> <sect2> @@ -3154,7 +3140,7 @@ dhcpd_ifaces="dc0"</programlisting> <listitem> <para>A domain, such as - <hostid role="domainname">example.org</hostid>, is + <systemitem class="fqdomainname">example.org</systemitem>, is registered and <acronym>IP</acronym> addresses need to be assigned to hostnames under it.</para> </listitem> @@ -3182,7 +3168,7 @@ dhcpd_ifaces="dc0"</programlisting> </itemizedlist> <para>When one queries for - <hostid role="fqdn">www.FreeBSD.org</hostid>, the resolver + <systemitem class="fqdomainname">www.FreeBSD.org</systemitem>, the resolver usually queries the uplink <acronym>ISP</acronym>'s name server, and retrieves the reply. With a local, caching <acronym>DNS</acronym> server, the query only has to be made @@ -3219,8 +3205,7 @@ dhcpd_ifaces="dc0"</programlisting> </row> <row> - <entry><filename - class="directory">/etc/namedb</filename></entry> + <entry><filename>/etc/namedb</filename></entry> <entry>Directory where BIND zone information resides.</entry> </row> @@ -3235,10 +3220,10 @@ dhcpd_ifaces="dc0"</programlisting> <para>Depending on how a given zone is configured on the server, the files related to that zone can be found in the - <filename class="directory">master</filename>, - <filename class="directory">slave</filename>, or - <filename class="directory">dynamic</filename> subdirectories - of the <filename class="directory">/etc/namedb</filename> + <filename>master</filename>, + <filename>slave</filename>, or + <filename>dynamic</filename> subdirectories + of the <filename>/etc/namedb</filename> directory. These files contain the <acronym>DNS</acronym> information that will be given out by the name server in response to queries.</para> @@ -3274,7 +3259,7 @@ dhcpd_ifaces="dc0"</programlisting> <filename>/etc/namedb/named.conf</filename> that are beyond the scope of this document. Other startup options for <application>named</application> on &os; can be found in - the <literal>named_<replaceable>*</replaceable></literal> + the <literal>named_*</literal> flags in <filename>/etc/defaults/rc.conf</filename> and in &man.rc.conf.5;. The <xref linkend="configtuning-rcd"/> section is also a good @@ -3291,7 +3276,7 @@ dhcpd_ifaces="dc0"</programlisting> <para>Configuration files for <application>named</application> currently reside in - <filename class="directory">/etc/namedb</filename> directory + <filename>/etc/namedb</filename> directory and will need modification before use unless all that is needed is a simple resolver. This is where most of the configuration will be performed.</para> @@ -3366,7 +3351,7 @@ options { name server, enabling this may be worthwhile.</para> <warning> - <para><hostid role="ipaddr">127.0.0.1</hostid> will + <para><systemitem class="ipaddress">127.0.0.1</systemitem> will <emphasis>not</emphasis> work here. Change this <acronym>IP</acronym> address to a name server at the uplink.</para> @@ -3618,7 +3603,7 @@ zone "1.168.192.in-addr.arpa" { to <filename>named.conf</filename>.</para> <para>For example, the simplest zone entry for - <hostid role="domainname">example.org</hostid> can look + <systemitem class="fqdomainname">example.org</systemitem> can look like:</para> <programlisting>zone "example.org" { @@ -3654,7 +3639,7 @@ zone "1.168.192.in-addr.arpa" { </indexterm> <para>An example master zone file for - <hostid role="domainname">example.org</hostid> (existing + <systemitem class="fqdomainname">example.org</systemitem> (existing within <filename>/etc/namedb/master/example.org</filename>) is as follows:</para> @@ -3691,7 +3676,7 @@ www IN CNAME example.org.</programlisting> an exact hostname, whereas everything without a trailing <quote>.</quote> is relative to the origin. For example, <literal>ns1</literal> is translated into - <literal>ns1.<replaceable>example.org.</replaceable></literal></para> + <literal>ns1.example.org.</literal></para> <para>The format of a zone file follows:</para> @@ -3757,8 +3742,7 @@ www IN CNAME example.org.</programlisting> <variablelist> <varlistentry> - <term><hostid - role="domainname">example.org.</hostid></term> + <term><systemitem class="fqdomainname">example.org.</systemitem></term> <listitem> <para>the domain name, also the origin for this @@ -3767,7 +3751,7 @@ www IN CNAME example.org.</programlisting> </varlistentry> <varlistentry> - <term><hostid role="fqdn">ns1.example.org.</hostid></term> + <term><systemitem class="fqdomainname">ns1.example.org.</systemitem></term> <listitem> <para>the primary/authoritative name server for this @@ -3817,24 +3801,24 @@ mx IN A 192.168.1.4 mail IN A 192.168.1.5</programlisting> <para>The A record indicates machine names. As seen above, - <hostid role="fqdn">ns1.example.org</hostid> would resolve - to <hostid role="ipaddr">192.168.1.2</hostid>.</para> + <systemitem class="fqdomainname">ns1.example.org</systemitem> would resolve + to <systemitem class="ipaddress">192.168.1.2</systemitem>.</para> <programlisting> IN A 192.168.1.1</programlisting> <para>This line assigns <acronym>IP</acronym> address - <hostid role="ipaddr">192.168.1.1</hostid> to the current + <systemitem class="ipaddress">192.168.1.1</systemitem> to the current origin, in this case - <hostid role="domainname">example.org</hostid>.</para> + <systemitem class="fqdomainname">example.org</systemitem>.</para> <programlisting>www IN CNAME @</programlisting> <para>The canonical name record is usually used for giving - aliases to a machine. In the example, <hostid>www</hostid> + aliases to a machine. In the example, <systemitem>www</systemitem> is aliased to the <quote>master</quote> machine whose name happens to be the same as the domain name - <hostid role="domainname">example.org</hostid> - (<hostid role="ipaddr">192.168.1.1</hostid>). CNAMEs can + <systemitem class="fqdomainname">example.org</systemitem> + (<systemitem class="ipaddress">192.168.1.1</systemitem>). CNAMEs can never be used together with another kind of record for the same hostname.</para> @@ -3846,13 +3830,13 @@ mail IN A 192.168.1.5</programlisting> <para>The MX record indicates which mail servers are responsible for handling incoming mail for the zone. - <hostid role="fqdn">mail.example.org</hostid> is the + <systemitem class="fqdomainname">mail.example.org</systemitem> is the hostname of a mail server, and 10 is the priority of that mail server.</para> <para>One can have several mail servers, with priorities of 10, 20 and so on. A mail server attempting to deliver to - <hostid role="domainname">example.org</hostid> would first + <systemitem class="fqdomainname">example.org</systemitem> would first try the highest priority MX (the record with the lowest priority number), then the second highest, etc, until the mail can be properly delivered.</para> @@ -3902,9 +3886,7 @@ mail IN A 192.168.1.5</programlisting> </sect2> <sect2> - <title><acronym - role="Domain Name Security - Extensions">DNSSEC</acronym></title> + <title><acronym role="Domain Name Security Extensions">DNSSEC</acronym></title> <indexterm> <primary>BIND</primary> @@ -3912,20 +3894,17 @@ mail IN A 192.168.1.5</programlisting> extensions</secondary> </indexterm> - <para>Domain Name System Security Extensions, or <acronym - role="Domain Name Security Extensions">DNSSEC</acronym> for + <para>Domain Name System Security Extensions, or <acronym role="Domain Name Security Extensions">DNSSEC</acronym> for short, is a suite of specifications to protect resolving name servers from forged <acronym>DNS</acronym> data, such as spoofed <acronym>DNS</acronym> records. By using digital signatures, a resolver can verify the integrity of the record. - Note that <acronym role="Domain Name Security - Extensions">DNSSEC</acronym> only provides integrity via - digitally signing the Resource Records (<acronym - role="Resource Record">RR</acronym>s). It provides neither + Note that <acronym role="Domain Name Security Extensions">DNSSEC</acronym> only provides integrity via + digitally signing the Resource Records (<acronym role="Resource Record">RR</acronym>s). It provides neither confidentiality nor protection against false end-user assumptions. This means that it cannot protect against people - going to <hostid role="domainname">example.net</hostid> - instead of <hostid role="domainname">example.com</hostid>. + going to <systemitem class="fqdomainname">example.net</systemitem> + instead of <systemitem class="fqdomainname">example.com</systemitem>. The only thing <acronym>DNSSEC</acronym> does is authenticate that the data has not been compromised in transit. The security of <acronym>DNS</acronym> is an important step in @@ -4021,13 +4000,11 @@ mail IN A 192.168.1.5</programlisting> . IN DS 19036 8 2 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5</programlisting> <para>The SHA-256 <acronym>RR</acronym> can now be compared to - the digest in <ulink - url="https://data.iana.org/root-anchors/root-anchors.xml">https://data.iana.org/root-anchors/root-anchors.xml</ulink>. + the digest in <link xlink:href="https://data.iana.org/root-anchors/root-anchors.xml">https://data.iana.org/root-anchors/root-anchors.xml</link>. To be absolutely sure that the key has not been tampered with the data in the <acronym>XML</acronym> file can be verified using the <acronym>PGP</acronym> signature in - <ulink - url="https://data.iana.org/root-anchors/root-anchors.asc">https://data.iana.org/root-anchors/root-anchors.asc</ulink>.</para> + <link xlink:href="https://data.iana.org/root-anchors/root-anchors.asc">https://data.iana.org/root-anchors/root-anchors.asc</link>.</para> <para>Next, the key must be formatted properly. This differs a little between <acronym>BIND</acronym> versions 9.6.2 and @@ -4081,7 +4058,7 @@ dnssec-validation yes;</programlisting> will contain the <literal>AD</literal> flag to indicate the data was authenticated. Running a query such as</para> - <screen>&prompt.user; <userinput>dig @<replaceable>resolver</replaceable> +dnssec se ds </userinput></screen> + <screen>&prompt.user; <userinput>dig @resolver +dnssec se ds </userinput></screen> <para>should return the <acronym>DS</acronym> <acronym>RR</acronym> for the <literal>.se</literal> zone. @@ -4097,7 +4074,7 @@ dnssec-validation yes;</programlisting> <acronym>DNS</acronym> queries.</para> </sect3> - <sect3 id="dns-dnssec-auth"> + <sect3 xml:id="dns-dnssec-auth"> <title>Authoritative <acronym>DNS</acronym> Server Configuration</title> @@ -4111,17 +4088,14 @@ dnssec-validation yes;</programlisting> not rotated very often and a Zone Signing Key (<acronym role="Zone Signing Key">ZSK</acronym>) that is rotated more frequently. Information on recommended - operational practices can be found in <ulink - url="http://tools.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym> + operational practices can be found in <link xlink:href="http://tools.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym> 4641: <acronym>DNSSEC</acronym> Operational - Practices</ulink>. Practices regarding the root zone can - be found in <ulink - url="http://www.root-dnssec.org/wp-content/uploads/2010/06/icann-dps-00.txt"><acronym>DNSSEC</acronym> + Practices</link>. Practices regarding the root zone can + be found in <link xlink:href="http://www.root-dnssec.org/wp-content/uploads/2010/06/icann-dps-00.txt"><acronym>DNSSEC</acronym> Practice Statement for the Root Zone - <acronym>KSK</acronym> operator</ulink> and <ulink - url="http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt"><acronym>DNSSEC</acronym> + <acronym>KSK</acronym> operator</link> and <link xlink:href="http://www.root-dnssec.org/wp-content/uploads/2010/06/vrsn-dps-00.txt"><acronym>DNSSEC</acronym> Practice Statement for the Root Zone - <acronym>ZSK</acronym> operator</ulink>. The + <acronym>ZSK</acronym> operator</link>. The <acronym role="Key Signing Key">KSK</acronym> is used to build a chain of authority to the data in need of validation and as such is also called a Secure Entry Point @@ -4135,7 +4109,7 @@ dnssec-validation yes;</programlisting> there.</para> <para>To enable <acronym>DNSSEC</acronym> for the - <hostid role="domainname">example.com</hostid> zone depicted + <systemitem class="fqdomainname">example.com</systemitem> zone depicted in previous examples, the first step is to use <application>dnssec-keygen</application> to generate the <acronym>KSK</acronym> and <acronym>ZSK</acronym> key pair. @@ -4143,7 +4117,7 @@ dnssec-validation yes;</programlisting> algorithms. It is recommended to use RSA/SHA256 for the keys and 2048 bits key length should be enough. To generate the <acronym>KSK</acronym> for - <hostid role="domainname">example.com</hostid>, run</para> + <systemitem class="fqdomainname">example.com</systemitem>, run</para> <screen>&prompt.user; <userinput>dnssec-keygen -f KSK -a RSASHA256 -b 2048 -n ZONE example.com</userinput></screen> @@ -4179,7 +4153,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> to use the signed zone file. To sign a zone <application>dnssec-signzone</application> is used. The command to sign the zone - <hostid role="domainname">example.com</hostid>, located in + <systemitem class="fqdomainname">example.com</systemitem>, located in <filename>example.com.db</filename> would look similar to</para> @@ -4222,10 +4196,9 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> the new key has propagated through the <acronym>DNS</acronym> hierarchy. For more information on key rollovers and other <acronym>DNSSEC</acronym> - operational issues, see <ulink - url="http://www.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym> + operational issues, see <link xlink:href="http://www.ietf.org/rfc/rfc4641.txt"><acronym>RFC</acronym> 4641: <acronym>DNSSEC</acronym> Operational - practices</ulink>.</para> + practices</link>.</para> </sect3> <sect3> @@ -4247,7 +4220,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> option <option>sign</option>. To tell <acronym>BIND</acronym> to use this automatic signing and zone updating for - <hostid role="domainname">example.com</hostid>, add the + <systemitem class="fqdomainname">example.com</systemitem>, add the following to <filename>named.conf</filename>:</para> <programlisting>zone example.com { @@ -4286,7 +4259,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <acronym>DNS</acronym> service attacks.</para> <para>It is always good idea to read - <ulink url="http://www.cert.org/">CERT</ulink>'s security + <link xlink:href="http://www.cert.org/">CERT</link>'s security advisories and to subscribe to the &a.security-notifications; to stay up to date with the current Internet and &os; security issues.</para> @@ -4298,7 +4271,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> </tip> </sect2> - <sect2 id="dns-read"> + <sect2 xml:id="dns-read"> <title>Further Reading</title> <para>BIND/<application>named</application> manual pages: @@ -4307,89 +4280,77 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <itemizedlist> <listitem> - <para><ulink - url="https://www.isc.org/software/bind">Official ISC - BIND Page</ulink></para> + <para><link xlink:href="https://www.isc.org/software/bind">Official ISC + BIND Page</link></para> </listitem> <listitem> - <para><ulink - url="https://www.isc.org/software/guild">Official ISC - BIND Forum</ulink></para> + <para><link xlink:href="https://www.isc.org/software/guild">Official ISC + BIND Forum</link></para> </listitem> <listitem> - <para><ulink - url="http://www.oreilly.com/catalog/dns5/">O'Reilly + <para><link xlink:href="http://www.oreilly.com/catalog/dns5/">O'Reilly <acronym>DNS</acronym> and BIND 5th - Edition</ulink></para> + Edition</link></para> </listitem> <listitem> - <para><ulink - url="http://www.root-dnssec.org/documentation/">Root - <acronym>DNSSEC</acronym></ulink></para> + <para><link xlink:href="http://www.root-dnssec.org/documentation/">Root + <acronym>DNSSEC</acronym></link></para> </listitem> <listitem> - <para><ulink - url="http://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html"><acronym>DNSSEC</acronym> + <para><link xlink:href="http://data.iana.org/root-anchors/draft-icann-dnssec-trust-anchor.html"><acronym>DNSSEC</acronym> Trust Anchor Publication for the Root - Zone</ulink></para> + Zone</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc1034">RFC1034 - - Domain Names - Concepts and Facilities</ulink></para> + <para><link xlink:href="http://tools.ietf.org/html/rfc1034">RFC1034 + - Domain Names - Concepts and Facilities</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc1035">RFC1035 + <para><link xlink:href="http://tools.ietf.org/html/rfc1035">RFC1035 - Domain Names - Implementation and - Specification</ulink></para> + Specification</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc4033">RFC4033 + <para><link xlink:href="http://tools.ietf.org/html/rfc4033">RFC4033 - <acronym>DNS</acronym> Security Introduction and - Requirements</ulink></para> + Requirements</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc4034">RFC4034 + <para><link xlink:href="http://tools.ietf.org/html/rfc4034">RFC4034 - Resource Records for the <acronym>DNS</acronym> - Security Extensions</ulink></para> + Security Extensions</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc4035">RFC4035 + <para><link xlink:href="http://tools.ietf.org/html/rfc4035">RFC4035 - Protocol Modifications for the <acronym>DNS</acronym> - Security Extensions</ulink></para> + Security Extensions</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc4641">RFC4641 - - DNSSEC Operational Practices</ulink></para> + <para><link xlink:href="http://tools.ietf.org/html/rfc4641">RFC4641 + - DNSSEC Operational Practices</link></para> </listitem> <listitem> - <para><ulink - url="http://tools.ietf.org/html/rfc5011">RFC 5011 + <para><link xlink:href="http://tools.ietf.org/html/rfc5011">RFC 5011 - Automated Updates of <acronym>DNS</acronym> Security (<acronym>DNSSEC</acronym> - Trust Anchors</ulink></para> + Trust Anchors</link></para> </listitem> </itemizedlist> </sect2> </sect1> - <sect1 id="network-apache"> + <sect1 xml:id="network-apache"> <!-- <sect1info> <authorgroup> @@ -4410,16 +4371,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <para>The open source <application>Apache HTTP Server </application> is the most widely used web server. &os; does not install this web server by default, but it can be installed - from the <filename - role="package">www/apache24</filename> package or port.</para> + from the <package>www/apache24</package> package or port.</para> <para>This section summarizes how to configure and start version 2.<replaceable>x</replaceable> of the <application>Apache HTTP Server</application>, the most widely used version, on &os;. For more detailed information about <application>Apache</application> 2.X and its configuration - directives, refer to <ulink - url="http://httpd.apache.org/">httpd.apache.org</ulink>.</para> + directives, refer to <link xlink:href="http://httpd.apache.org/">httpd.apache.org</link>.</para> <sect2> <title>Configuring and Starting Apache</title> @@ -4429,7 +4388,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <para>In &os;, the main <application>Apache HTTP Server</application> configuration file is installed as - <filename>/usr/local/etc/apache2<replaceable>x</replaceable>/httpd.conf</filename>. + <filename>/usr/local/etc/apache2x/httpd.conf</filename>. This ASCII text file begins comment lines with the <literal>#</literal>. The most frequently modified directives are:</para> @@ -4442,11 +4401,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <para>Specifies the default directory hierarchy for the <application>Apache</application> installation. Binaries are stored in the - <filename class="directory">bin</filename> and - <filename class="directory">sbin</filename> + <filename>bin</filename> and + <filename>sbin</filename> subdirectories of the server root, and configuration - files are stored in <filename - class="directory">etc/apache2<replaceable>x</replaceable></filename>.</para> + files are stored in <filename>etc/apache2x</filename>.</para> </listitem> </varlistentry> @@ -4467,14 +4425,14 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <para>Allows an administrator to set a host name which is sent back to clients for the server. For example, - <hostid>www</hostid> can be used instead of the actual + <systemitem>www</systemitem> can be used instead of the actual host name.</para> </listitem> </varlistentry> <varlistentry> <term><literal>DocumentRoot - "/usr/local/www/apache2<replaceable>x</replaceable>/data"</literal></term> + "/usr/local/www/apache2x/data"</literal></term> <listitem> <para>The directory @@ -4497,11 +4455,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <indexterm><primary>Apache</primary> <secondary>starting or stopping</secondary></indexterm> - <para>The <filename role="package">www/apache24</filename> port + <para>The <package>www/apache24</package> port installs an &man.rc.8; script to aid in starting, stopping, and restarting <application>Apache</application>, which can be - found in <filename - class="directory">/usr/local/etc/rc.d/</filename>.</para> + found in <filename>/usr/local/etc/rc.d/</filename>.</para> <para>To launch <application>Apache</application> at system startup, add the following line to @@ -4539,8 +4496,7 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <screen>&prompt.root; <userinput>service apache24 start</userinput></screen> <para>The <command>httpd</command> service can be tested by - entering <literal>http://<hostid - role="fqdn"><replaceable>localhost</replaceable></hostid></literal> + entering <literal>http://localhost</literal> in a web browser, replacing <replaceable>localhost</replaceable> with the fully-qualified domain name of the machine running <command>httpd</command>, @@ -4566,9 +4522,9 @@ $include Kexample.com.+005+nnnnn.ZSK.key ; ZSK</programlisting> <programlisting>NameVirtualHost *</programlisting> <para>If the webserver was named - <hostid role="fqdn">www.domain.tld</hostid> and + <systemitem class="fqdomainname">www.domain.tld</systemitem> and a virtual domain for - <hostid role="fqdn">www.someotherdomain.tld</hostid> then + <systemitem class="fqdomainname">www.someotherdomain.tld</systemitem> then add the following entries to <filename>httpd.conf</filename>:</para> @@ -4587,8 +4543,7 @@ DocumentRoot /www/someotherdomain.tld <para>For more information about setting up virtual hosts, please consult the official <application>Apache</application> - documentation at: <ulink - url="http://httpd.apache.org/docs/vhosts/"></ulink>.</para> + documentation at: <uri xlink:href="http://httpd.apache.org/docs/vhosts/">http://httpd.apache.org/docs/vhosts/</uri>.</para> </sect2> <sect2> @@ -4680,7 +4635,7 @@ DocumentRoot /www/someotherdomain.tld these pre-requisites with the appropriate flags.</para> - <example id="network-www-django-install"> + <example xml:id="network-www-django-install"> <title>Installing Django with <application>Apache2</application>, <application>mod_python3</application>, and @@ -4695,7 +4650,7 @@ DocumentRoot /www/someotherdomain.tld interpreter. This will be the interpreter to call the application for specific URLs on the site.</para> - <example id="network-www-django-apache-config"> + <example xml:id="network-www-django-apache-config"> <title>Apache Configuration for Django/mod_python</title> <para>A line must be added to the apache @@ -4747,7 +4702,7 @@ DocumentRoot /www/someotherdomain.tld interpreter and the penalty of Perl start-up time.</para> <para><application>mod_perl2</application> is available in the - <filename role="package">www/mod_perl2</filename> + <package>www/mod_perl2</package> port.</para> </sect3> @@ -4780,14 +4735,13 @@ DocumentRoot /www/someotherdomain.tld <para>To gain support for <acronym>PHP</acronym>5 for the <application>Apache</application> web server, begin by - installing the <filename role="package">lang/php5</filename> + installing the <package>lang/php5</package> port.</para> - <para>If the <filename role="package">lang/php5</filename> + <para>If the <package>lang/php5</package> port is being installed for the first time, available <literal>OPTIONS</literal> will be displayed automatically. - If a menu is not displayed, i.e., because the <filename - role="package">lang/php5</filename> port has been installed + If a menu is not displayed, i.e., because the <package>lang/php5</package> port has been installed some time in the past, it is always possible to bring the options dialog up again by running:</para> @@ -4806,10 +4760,10 @@ DocumentRoot /www/someotherdomain.tld deployed web applications). If the <application>mod_php4</application> is needed instead of <application>mod_php5</application>, then please use the - <filename role="package">lang/php4</filename> port. The - <filename role="package">lang/php4</filename> port + <package>lang/php4</package> port. The + <package>lang/php4</package> port supports many of the configuration and build-time options - of the <filename role="package">lang/php5</filename> + of the <package>lang/php5</package> port.</para> </note> @@ -4844,7 +4798,7 @@ DocumentRoot /www/someotherdomain.tld <para>The <acronym>PHP</acronym> support in &os; is extremely modular so the base install is very limited. It is very easy to add support using the - <filename role="package">lang/php5-extensions</filename> + <package>lang/php5-extensions</package> port. This port provides a menu driven interface to <acronym>PHP</acronym> extension installation. Alternatively, individual extensions can be installed using @@ -4864,7 +4818,7 @@ DocumentRoot /www/someotherdomain.tld </sect2> </sect1> - <sect1 id="network-ftp"> + <sect1 xml:id="network-ftp"> <!-- <sect1info> <authorgroup> @@ -4917,16 +4871,16 @@ DocumentRoot /www/someotherdomain.tld </indexterm> <para>To enable anonymous <acronym>FTP</acronym> access to the - server, create a user named <username>ftp</username> on the + server, create a user named <systemitem class="username">ftp</systemitem> on the &os; system. Users will then be able to log on to the <acronym>FTP</acronym> server with a username of - <username>ftp</username> or <username>anonymous</username>. + <systemitem class="username">ftp</systemitem> or <systemitem class="username">anonymous</systemitem>. When prompted for the password, any input will be accepted, but by convention, an email address should be used as the password. The <acronym>FTP</acronym> server will call &man.chroot.2; when an anonymous user logs in, to restrict access to only the home directory of the - <username>ftp</username> user.</para> + <systemitem class="username">ftp</systemitem> user.</para> <para>There are two text files that can be created to specify welcome messages to be displayed to <acronym>FTP</acronym> @@ -4989,7 +4943,7 @@ DocumentRoot /www/someotherdomain.tld </sect2> </sect1> - <sect1 id="network-samba"> + <sect1 xml:id="network-samba"> <!-- <sect1info> <authorgroup> @@ -5024,8 +4978,7 @@ DocumentRoot /www/someotherdomain.tld <para><application>Samba</application> software packages should be included on the &os; installation media. If they were not installed when first installing &os;, then they may be - installed from the <filename - role="package">net/samba34</filename> port or + installed from the <package>net/samba34</package> port or package.</para> <!-- mention LDAP, Active Directory, WinBIND, ACL, Quotas, PAM, .. --> @@ -5069,8 +5022,8 @@ DocumentRoot /www/someotherdomain.tld <para>Once <application>swat</application> has been enabled in <filename>inetd.conf</filename>, a web browser may be used - to connect to <ulink url="http://localhost:901"></ulink>. - At first login, the system <username>root</username> account + to connect to <uri xlink:href="http://localhost:901">http://localhost:901</uri>. + At first login, the system <systemitem class="username">root</systemitem> account must be used.</para> <!-- XXX screenshots go here, loader is creating them @@ -5192,12 +5145,11 @@ DocumentRoot /www/someotherdomain.tld <literal>tdbsam</literal>, and the following command should be used to add user accounts:</para> - <screen>&prompt.root; <userinput><command>pdbedit <option>-a</option> <option>-u</option> <replaceable>username</replaceable></command></userinput></screen> + <screen>&prompt.root; <userinput>pdbedit -a -u username</userinput></screen> </note> - <para>Please see the <ulink - url="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official - Samba HOWTO</ulink> for additional information about + <para>Please see the <link xlink:href="http://www.samba.org/samba/docs/man/Samba-HOWTO-Collection/">Official + Samba HOWTO</link> for additional information about configuration options. With the basics outlined here, the minimal required start running <application>Samba</application> will be explained. Other @@ -5209,7 +5161,7 @@ DocumentRoot /www/someotherdomain.tld <sect2> <title>Starting <application>Samba</application></title> - <para>The <filename role="package">net/samba34</filename> port + <para>The <package>net/samba34</package> port adds a new startup script, which can be used to control <application>Samba</application>. To enable this script, so that it can be used for example to start, stop or restart @@ -5260,11 +5212,11 @@ Starting smbd.</screen> suite with functionality that allows broad integration with µsoft.windows; networks. For more information about functionality beyond the basic installation described here, - please see <ulink url="http://www.samba.org"></ulink>.</para> + please see <uri xlink:href="http://www.samba.org">http://www.samba.org</uri>.</para> </sect2> </sect1> - <sect1 id="network-ntp"> + <sect1 xml:id="network-ntp"> <!-- <sect1info> <authorgroup> @@ -5317,9 +5269,8 @@ Starting smbd.</screen> <acronym role="Network Time Protocol">NTP</acronym> servers must be defined. The network administrator or ISP may have set up an NTP server for this purpose—check their - documentation to see if this is the case. There is an <ulink - url="http://support.ntp.org/bin/view/Servers/WebHome">online - list of publicly accessible NTP servers</ulink> which may be + documentation to see if this is the case. There is an <link xlink:href="http://support.ntp.org/bin/view/Servers/WebHome">online + list of publicly accessible NTP servers</link> which may be referenced to find an NTP server nearest to the system. Take care to review the policy for any chosen servers, and ask for permission if required.</para> @@ -5386,7 +5337,7 @@ driftfile /var/db/ntp.drift</programlisting> servers are to be used, with one server listed on each line. If a server is specified with the <literal>prefer</literal> argument, as with - <hostid role="fqdn">ntplocal.example.com</hostid>, that + <systemitem class="fqdomainname">ntplocal.example.com</systemitem>, that server is preferred over other servers. A response from a preferred server will be discarded if it differs significantly from other servers' responses, otherwise it @@ -5439,9 +5390,9 @@ driftfile /var/db/ntp.drift</programlisting> <programlisting>restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap</programlisting> <para>instead, where - <hostid role="ipaddr">192.168.1.0</hostid> is an + <systemitem class="ipaddress">192.168.1.0</systemitem> is an <acronym>IP</acronym> address on the network and - <hostid role="netmask">255.255.255.0</hostid> is the + <systemitem class="netmask">255.255.255.0</systemitem> is the network's netmask.</para> <para>The <filename>/etc/ntp.conf</filename> file can contain @@ -5512,7 +5463,7 @@ driftfile /var/db/ntp.drift</programlisting> </sect2> </sect1> - <sect1 id="network-syslogd"> + <sect1 xml:id="network-syslogd"> <!-- <sect1info> <authorgroup> @@ -5540,11 +5491,11 @@ driftfile /var/db/ntp.drift</programlisting> Log file aggregation, merging and rotation may be configured in one location, using the native tools of &os;, such as &man.syslogd.8; and &man.newsyslog.8;. In the following example - configuration, host <hostid>A</hostid>, named - <hostid role="fqdn">logserv.example.com</hostid>, will collect + configuration, host <systemitem>A</systemitem>, named + <systemitem class="fqdomainname">logserv.example.com</systemitem>, will collect logging information for the local network. Host - <hostid>B</hostid>, named - <hostid role="fqdn">logclient.example.com</hostid> will pass + <systemitem>B</systemitem>, named + <systemitem class="fqdomainname">logclient.example.com</systemitem> will pass logging information to the server system. In live configurations, both hosts require proper forward and reverse <acronym>DNS</acronym> or entries in @@ -5625,14 +5576,14 @@ syslogd_flags="-a logclient.example.com -v -v"</programlisting> does not matter, but &man.touch.1; works great for situations such as this:</para> - <screen>&prompt.root; <userinput><command>touch</command> - <filename>/var/log/logclient.log</filename></userinput></screen> + <screen>&prompt.root; <userinput>touch + /var/log/logclient.log</userinput></screen> <para>At this point, the <command>syslogd</command> daemon should be restarted and verified:</para> - <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput> -&prompt.root; <userinput><command>pgrep</command> syslog</userinput></screen> + <screen>&prompt.root; <userinput>service syslogd restart</userinput> +&prompt.root; <userinput>pgrep syslog</userinput></screen> <para>If a <acronym>PID</acronym> is returned, the server has been restarted successfully, and client configuration may @@ -5707,14 +5658,14 @@ syslogd_flags="-s -v -v"</programlisting> <para>Once added, <command>syslogd</command> must be restarted for the changes to take effect:</para> - <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput></screen> + <screen>&prompt.root; <userinput>service syslogd restart</userinput></screen> <para>To test that log messages are being sent across the network, use &man.logger.1; on the client to send a message to <command>syslogd</command>:</para> - <screen>&prompt.root; <userinput><command>logger</command> - "<replaceable>Test message from logclient</replaceable>"</userinput></screen> + <screen>&prompt.root; <userinput>logger + "Test message from logclient"</userinput></screen> <para>This message should now exist both in <filename>/var/log/messages</filename> on the client, and @@ -5745,7 +5696,7 @@ syslogd_flags="-s -v -v"</programlisting> <programlisting>syslogd_flags="-d -a logclien.example.com -v -v"</programlisting> - <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput></screen> + <screen>&prompt.root; <userinput>service syslogd restart</userinput></screen> <para>Debugging data similar to the following will flash on the screen immediately after the restart:</para> @@ -5770,7 +5721,7 @@ rejected in rule 0 due to name mismatch.</screen> <literal>logclien</literal>. After the proper alterations are made, a restart is issued with expected results:</para> - <screen>&prompt.root; <userinput>service <command>syslogd</command> restart</userinput> + <screen>&prompt.root; <userinput>service syslogd restart</userinput> logmsg: pri 56, flags 4, from logserv.example.com, msg syslogd: restart syslogd: restarted logmsg: pri 6, flags 4, from logserv.example.com, msg syslogd: kernel boot file is /boot/kernel/kernel @@ -5798,7 +5749,7 @@ Logging to FILE /var/log/messages</screen> data. Network data sent from the client to the server will not be encrypted nor password protected. If a need for encryption exists, it might be possible to use - <filename role="package">security/stunnel</filename>, which + <package>security/stunnel</package>, which will transmit data over an encrypted tunnel.</para> <para>Local security is also an issue. Log files are not @@ -5813,7 +5764,7 @@ Logging to FILE /var/log/messages</screen> </sect2> </sect1> - <sect1 id="network-iscsi"> + <sect1 xml:id="network-iscsi"> <!-- <sect1info> <authorgroup> @@ -5837,13 +5788,13 @@ Logging to FILE /var/log/messages</screen> nodes appear in <filename>/dev/</filename>, and must be separately mounted.</para> - <sect2 id="network-iscsi-target"> + <sect2 xml:id="network-iscsi-target"> <title><acronym>iSCSI</acronym> Target</title> <para>Note: the native <acronym>iSCSI</acronym> target is supported starting with &os; 10.0-RELEASE. To use <acronym>iSCSI</acronym> in older versions of &os;, install a userspace target from the Ports Collection, such as - <filename role="package">net/istgt</filename>. + <package>net/istgt</package>. This chapter only describes the native target.</para> <sect3> @@ -5852,13 +5803,11 @@ Logging to FILE /var/log/messages</screen> <para>Configuring an <acronym>iSCSI</acronym> target is straightforward: create the <filename>/etc/ctl.conf</filename> configuration file, add an appropriate line to - <filename>/etc/rc.conf</filename> to make sure the <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> + <filename>/etc/rc.conf</filename> to make sure the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> daemon is automatically started at boot, and then start the daemon.</para> - <para>A simple <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&sektion=5&manpath=FreeBSD+10-current">ctl.conf(5)</ulink> + <para>A simple <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&sektion=5&manpath=FreeBSD+10-current">ctl.conf(5)</link> configuration file looks like this:</para> <programlisting>portal-group pg0 { @@ -5879,13 +5828,11 @@ target iqn.2012-06.com.example:target0 { <para>The first entry defines the <literal>pg0</literal> portal group. Portal groups define network addresses the - <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> + <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> daemon will listen on. <literal>discovery-auth-group no-authentication</literal> means that every initiator is allowed to perform <acronym>iSCSI</acronym> SendTargets discovery without any - authentication. The following two lines make <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> + authentication. The following two lines make <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> listen on all <acronym>IPv4</acronym> (<literal>listen 0.0.0.0</literal>) and <acronym>IPv6</acronym> (<literal>listen [::]</literal>) addresses on the default port (3560). It is not necessary to define @@ -5925,31 +5872,25 @@ target iqn.2012-06.com.example:target0 { line of <acronym>LUN</acronym> configuration (<literal>path /data/target0-0</literal>) defines the full path to a file or ZVOL backing the <acronym>LUN</acronym>. The file must - exist before starting <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink>. + exist before starting <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link>. The second line is optional and specifies the size.</para> - <para>To make sure <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> + <para>To make sure <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> daemon is started at boot, add this line to <filename>/etc/rc.conf</filename>:</para> <programlisting>ctld_enable="YES"</programlisting> <para>On a new server being configured as <acronym>iSCSI</acronym> target, - <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> - can be started by running this command as <username>root</username>:</para> + <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> + can be started by running this command as <systemitem class="username">root</systemitem>:</para> <screen>&prompt.root; <userinput>service ctld start</userinput></screen> - <para>The <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> - daemon reads <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&sektion=5&manpath=FreeBSD+10-current">ctl.conf(5)</ulink> + <para>The <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> + daemon reads <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctl.conf&sektion=5&manpath=FreeBSD+10-current">ctl.conf(5)</link> file when started. To make configuration changes take - effect immediately, force <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</ulink> + effect immediately, force <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=ctld&sektion=8&manpath=FreeBSD+10-current">ctld(8)</link> to reread it:</para> <screen>&prompt.root; <userinput>service ctld reload</userinput></screen> @@ -6007,20 +5948,18 @@ target iqn.2012-06.com.example:target0 { </sect3> </sect2> - <sect2 id="network-iscsi-initiator"> + <sect2 xml:id="network-iscsi-initiator"> <title><acronym>iSCSI</acronym> Initiator</title> <note> <para>The current <acronym>iSCSI</acronym> initiator is supported starting with &os; 10.0-RELEASE. To use the <acronym>iSCSI</acronym> initiator available in - older versions, refer to <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscontrol&sektion=8&manpath=FreeBSD+10-current">iscontrol(8)</ulink>. + older versions, refer to <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscontrol&sektion=8&manpath=FreeBSD+10-current">iscontrol(8)</link>. This chapter only applies to the new initiator.</para> </note> - <para>The <acronym>iSCSI</acronym> initiator requires the <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</ulink> + <para>The <acronym>iSCSI</acronym> initiator requires the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</link> daemon to run. It does not use a configuration file. To start it automatically at boot, add this line to @@ -6029,15 +5968,13 @@ target iqn.2012-06.com.example:target0 { <programlisting>iscsid_enable="YES"</programlisting> <para>On a new machine being configured as an <acronym>iSCSI</acronym> initiator, - <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</ulink> - can be started by running this command as <username>root</username>:</para> + <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</link> + can be started by running this command as <systemitem class="username">root</systemitem>:</para> <screen>&prompt.root; <userinput>service iscsid start</userinput></screen> <para>Connecting to a target can be done with or without an - <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsi.conf&sektion=5&manpath=FreeBSD+10-current">iscsi.conf(8)</ulink> + <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsi.conf&sektion=5&manpath=FreeBSD+10-current">iscsi.conf(8)</link> configuration file.</para> <sect3> @@ -6045,7 +5982,7 @@ target iqn.2012-06.com.example:target0 { File</title> <para>To make the initiator connect to a single target, run - this command as <username>root</username>:</para> + this command as <systemitem class="username">root</systemitem>:</para> <screen>&prompt.root; <userinput>iscsictl -A -p 10.10.10.10 -t iqn.2012-06.com.example:target0</userinput></screen> @@ -6059,16 +5996,13 @@ iqn.2012-06.com.example:target0 10.10.10.10 Connected: da0</ established, with <filename>/dev/da0</filename> representing the attached <acronym>LUN</acronym>. If the <literal>iqn.2012-06.com.example:target0</literal> target exports more than one - <acronym>LUN</acronym>, multiple device nodes will be shown in the <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&sektion=8&manpath=FreeBSD+10-current">iscictl(8)</ulink> + <acronym>LUN</acronym>, multiple device nodes will be shown in the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&sektion=8&manpath=FreeBSD+10-current">iscictl(8)</link> output:</para> <screen>Connected: da0 da1 da2.</screen> <para>Any errors are reported in the system logs, and also visible - in the <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&sektion=8&manpath=FreeBSD+10-current">iscictl(8)</ulink> - output. For example, this usually means the <ulink - url="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</ulink> + in the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsictl&sektion=8&manpath=FreeBSD+10-current">iscictl(8)</link> + output. For example, this usually means the <link xlink:href="http://www.freebsd.org/cgi/man.cgi?query=iscsid&sektion=8&manpath=FreeBSD+10-current">iscsid(8)</link> daemon is not running:</para> <programlisting>Target name Target portal State |