shishi-commit
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

shishi shisa.conf.in

From: shishi-commit
Subject: shishi shisa.conf.in
Date: Sat, 29 Nov 2003 12:51:30 -0500 
CVSROOT:        /cvsroot/shishi
Module name:    shishi
Branch:         
Changes by:     Simon Josefsson <address@hidden>        03/11/29 12:51:30

Modified files:
        .              : shisa.conf.in 

Log message:
        Sync.

CVSWeb URLs:
http://savannah.gnu.org/cgi-bin/viewcvs/shishi/shishi/shisa.conf.in.diff?tr1=1.2&tr2=1.3&r1=text&r2=text

Patches:
Index: shishi/shisa.conf.in
diff -u shishi/shisa.conf.in:1.2 shishi/shisa.conf.in:1.3
--- shishi/shisa.conf.in:1.2    Fri Nov 28 16:47:00 2003
+++ shishi/shisa.conf.in        Sat Nov 29 12:51:30 2003
@@ -11,17 +11,47 @@
 #
 # See the manual for a list of options.
 
-# db <type> [location] [parameters ...]
-# Specifies the data sources for Kerberos 5 data.  Multiple entries,
-# even of the same data source type, are allowed.
-#
+# db [OPTIONS] <TYPE> [LOCATION] [PARAMETERS ...]
+
+# Specify the data sources for Kerberos 5 data.  Multiple entries,
+# even of the same data source type, are allowed.  The data sources
+# are accessed in the same sequence as they are defined here.  If an
+# entry is found in one data source, it will be used for the
+# operations, without searching the remaining data sources.  Valid
+# OPTIONS include:
+
+# --read-only       No data is written to this data source.
+# --ignore-errors   Ignore failures in this backend.
+
+# The default uses one "file" data source (see below) but for a larger
+# installation you may want to combine several data sources.  Here is
+# an example.
+
+# db --read-only file /var/local/master
+# db --ignore-errors ldap kdc.example.org ca=/etc/shisa/kdc-ca.pem
+# db --read-only file /var/cache/ldap-copy
+
+# This demonstrate how you can store critical principals on local disk
+# (the first entry, /var/local/master) that will always be found
+# without looking in the LDAP directory.  The critical principals
+# could be, e.g., krbtgt/EXAMPLE.ORG: The second entry denote a LDAP
+# server that could hold user principals.  As you can see, Shisa will
+# not let the caller know about errors with the LDAP source (they will
+# be logged, however).  Instead, if for instance the LDAP server has
+# crashed, Shisa would continue and read from the /var/cache/ldap-copy
+# file source.  That file source may have been set up to contain a
+# copy of the data in the LDAP server, perhaps made on an hourly
+# basis, so that your server will be able to serve recent data even in
+# case of a crash.  Any updates or passwords change requests will
+# however not be possible while the LDAP server is inaccessible, to
+# reduce the problem of synchronizing data back into the LDAP server
+# once it is online again.
+
 # Currently only the "file" data source is supported, and denote a
-# standard text file.
+# data source that use the standard file system for storage.
 #
 # Valid syntaxes for the "file" database:
 # db file FILENAME
-# db file FILENAME allow-create
-# db file FILENAME read-only
 #
 # Examples:
 # db file /var/shishi/local.db
reply via email to
[Prev in Thread] Current Thread [Next in Thread]