X-Git-Url: https://git.tokkee.org/?a=blobdiff_plain;f=doc%2Frrdcached.txt;h=34262a0f475c8f13e49c90d7d2830d470e4ac6f0;hb=23a63bef251017be5fd4f09db2be10575e3df59e;hp=f2091de9c0309936b43c3af8437be656f4b806a7;hpb=fd248121a4d1324289fcb6d0429613c6708cd559;p=pkg-rrdtool.git diff --git a/doc/rrdcached.txt b/doc/rrdcached.txt index f2091de..34262a0 100644 --- a/doc/rrdcached.txt +++ b/doc/rrdcached.txt @@ -36,7 +36,7 @@ OOPPTTIIOONNSS "[[_a_d_d_r_e_s_s]]::_p_o_r_t_". If the address is an IPv4 address or a fully qualified domain name (i. e. the address contains at least one dot (".")), the square brackets can be omitted, resulting in the - (simpler) "_a_d_d_r_e_s_s::_p_o_r_t_" pattern. The default port is 4422221177//uuddpp. If + (simpler) "_a_d_d_r_e_s_s::_p_o_r_t_" pattern. The default port is 4422221177//ttccpp. If you specify a network socket, it is mandatory to read the "SECURITY CONSIDERATIONS" section. @@ -63,7 +63,8 @@ OOPPTTIIOONNSS permission context of the web server). This option affects the _f_o_l_l_o_w_i_n_g UNIX socket addresses (the - following --ll options), i.e., you may specify different settings for + following --ll options) or the default socket (if no --ll options have + been specified), i.e., you may specify different settings for different sockets. The default is not to change ownership or permissions of the socket @@ -80,7 +81,8 @@ OOPPTTIIOONNSS sockets. See _u_n_i_x(7) for details. This option affects the _f_o_l_l_o_w_i_n_g UNIX socket addresses (the - following --ll options), i.e., you may specify different settings for + following --ll options) or the default socket (if no --ll options have + been specified), i.e., you may specify different settings for different sockets. The default is not to change ownership or permissions of the socket @@ -98,7 +100,8 @@ OOPPTTIIOONNSS rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS The --PP option affects the _f_o_l_l_o_w_i_n_g socket addresses (the following - --ll options). In the following example, only the IPv4 network socket + --ll options) or the default socket (if no --ll options have been + specified). In the following example, only the IPv4 network socket (address 10.0.0.1) will be restricted to the "FLUSH" and "PENDING" commands: @@ -323,15 +326,16 @@ HHOOWW IITT WWOORRKKSS SSEECCUURRIITTYY CCOONNSSIIDDEERRAATTIIOONNSS AAuutthheennttiiccaattiioonn - There is no authentication. + If your rrdtool installation was built without libwrap there is no form + of authentication for clients connecting to the rrdcache daemon! - The client/server protocol does not yet have any authentication - mechanism. It is likely that authentication and encryption will be - added in a future version, but for the time being it is the - administrator's responsibility to secure the traffic from/to the - daemon! + If your rrdtool installation was built with libwrap then you can use + hosts_access to restrict client access to the rrdcache daemon + (rrdcached). For more information on how to use hosts_access to + restrict access to the rrdcache daemon you should read the + _h_o_s_t_s___a_c_c_e_s_s(5) man pages. - It is highly recommended to install a packet filter or similar + It is still highly recommended to install a packet filter or similar mechanism to prevent unauthorized connections. Unless you have a dedicated VLAN or VPN for this, using network sockets is probably a bad idea! @@ -577,4 +581,4 @@ CCOONNTTRRIIBBUUTTOORRSS -1.4.3 2010-03-22 RRDCACHED(1) +1.4.7 2011-03-15 RRDCACHED(1)