![[tokkee]](http://tokkee.org/images/avatar.png){kind=avatar}
diff --git a/doc/rrdcached.1 b/doc/rrdcached.1
index c3d2e4e6e204106c876c97b3fb4a7f794c219800..8c2324e8d9fa2bf90609e37ba13f6ce43a0a1509 100644 (file)
--- a/doc/rrdcached.1
+++ b/doc/rrdcached.1
-.\" Automatically generated by Pod::Man 2.1801 (Pod::Simple 3.05)
+.\" Automatically generated by Pod::Man 2.22 (Pod::Simple 3.07)
.\"
.\" Standard preamble:
.\" ========================================================================
.\"
.\" Standard preamble:
.\" ========================================================================
.\" ========================================================================
.\"
.IX Title "RRDCACHED 1"
.\" ========================================================================
.\"
.IX Title "RRDCACHED 1"
-.TH RRDCACHED 1 "2010-03-22" "1.4.3" "rrdtool"
+.TH RRDCACHED 1 "2011-03-15" "1.4.7" "rrdtool"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
\&\f(CW\*(C`\f(CB[\f(CW\f(CIaddress\f(CW\f(CB]:\f(CW\f(CIport\f(CW\*(C'\fR. If the address is an IPv4 address or a fully
qualified domain name (i.\ e. the address contains at least one dot
(\f(CW\*(C`.\*(C'\fR)), the square brackets can be omitted, resulting in the (simpler)
\&\f(CW\*(C`\f(CB[\f(CW\f(CIaddress\f(CW\f(CB]:\f(CW\f(CIport\f(CW\*(C'\fR. If the address is an IPv4 address or a fully
qualified domain name (i.\ e. the address contains at least one dot
(\f(CW\*(C`.\*(C'\fR)), the square brackets can be omitted, resulting in the (simpler)
-\&\f(CW\*(C`\f(CIaddress\f(CW\f(CB:\f(CW\f(CIport\f(CW\*(C'\fR pattern. The default port is \fB42217/udp\fR. If you
+\&\f(CW\*(C`\f(CIaddress\f(CW\f(CB:\f(CW\f(CIport\f(CW\*(C'\fR pattern. The default port is \fB42217/tcp\fR. If you
specify a network socket, it is mandatory to read the
\&\*(L"\s-1SECURITY\s0 \s-1CONSIDERATIONS\s0\*(R" section.
.Sp
specify a network socket, it is mandatory to read the
\&\*(L"\s-1SECURITY\s0 \s-1CONSIDERATIONS\s0\*(R" section.
.Sp
permission context of the web server).
.Sp
This option affects the \fIfollowing\fR \s-1UNIX\s0 socket addresses (the following
permission context of the web server).
.Sp
This option affects the \fIfollowing\fR \s-1UNIX\s0 socket addresses (the following
-\&\fB\-l\fR options), i.e., you may specify different settings for different
+\&\fB\-l\fR options) or the default socket (if no \fB\-l\fR options have been
+specified), i.e., you may specify different settings for different
sockets.
.Sp
The default is not to change ownership or permissions of the socket and, thus,
sockets.
.Sp
The default is not to change ownership or permissions of the socket and, thus,
@@ -218,7 +219,8 @@ BSD-derived systems ignore permissions for \s-1UNIX\s0 sockets. See \fIunix\fR\|
details.
.Sp
This option affects the \fIfollowing\fR \s-1UNIX\s0 socket addresses (the following
details.
.Sp
This option affects the \fIfollowing\fR \s-1UNIX\s0 socket addresses (the following
-\&\fB\-l\fR options), i.e., you may specify different settings for different
+\&\fB\-l\fR options) or the default socket (if no \fB\-l\fR options have been
+specified), i.e., you may specify different settings for different
sockets.
.Sp
The default is not to change ownership or permissions of the socket and, thus,
sockets.
.Sp
The default is not to change ownership or permissions of the socket and, thus,
.Ve
.Sp
The \fB\-P\fR option affects the \fIfollowing\fR socket addresses (the following \fB\-l\fR
.Ve
.Sp
The \fB\-P\fR option affects the \fIfollowing\fR socket addresses (the following \fB\-l\fR
-options). In the following example, only the IPv4 network socket (address
+options) or the default socket (if no \fB\-l\fR options have been
+specified). In the following example, only the IPv4 network socket (address
\&\f(CW10.0.0.1\fR) will be restricted to the \f(CW\*(C`FLUSH\*(C'\fR and \f(CW\*(C`PENDING\*(C'\fR commands:
.Sp
.Vb 1
\&\f(CW10.0.0.1\fR) will be restricted to the \f(CW\*(C`FLUSH\*(C'\fR and \f(CW\*(C`PENDING\*(C'\fR commands:
.Sp
.Vb 1
.IX Header "SECURITY CONSIDERATIONS"
.SS "Authentication"
.IX Subsection "Authentication"
.IX Header "SECURITY CONSIDERATIONS"
.SS "Authentication"
.IX Subsection "Authentication"
-There is no authentication.
+If your rrdtool installation was built without libwrap there is no form of
+authentication for clients connecting to the rrdcache daemon!
.PP
.PP
-The client/server protocol does not yet have any authentication mechanism. It
-is likely that authentication and encryption will be added in a future version,
-but for the time being it is the administrator's responsibility to secure the
-traffic from/to the daemon!
+If your rrdtool installation was built with libwrap then you can use
+hosts_access to restrict client access to the rrdcache daemon (rrdcached). For more
+information on how to use hosts_access to restrict access to the rrdcache
+daemon you should read the \fIhosts_access\fR\|(5) man pages.
.PP
.PP
-It is highly recommended to install a packet filter or similar mechanism to
+It is still highly recommended to install a packet filter or similar mechanism to
prevent unauthorized connections. Unless you have a dedicated \s-1VLAN\s0 or \s-1VPN\s0 for
this, using network sockets is probably a bad idea!
.SS "Authorization"
prevent unauthorized connections. Unless you have a dedicated \s-1VLAN\s0 or \s-1VPN\s0 for
this, using network sockets is probably a bad idea!
.SS "Authorization"