diff --git a/doc/rrdcached.txt b/doc/rrdcached.txt
index f2091de9c0309936b43c3af8437be656f4b806a7..2caaacd31b64c7448d05d2ae4a298e8e192bb5d6 100644 (file)
--- a/doc/rrdcached.txt
+++ b/doc/rrdcached.txt
"[\b[_\ba_\bd_\bd_\br_\be_\bs_\bs]\b]:\b:_\bp_\bo_\br_\bt_\b". If the address is an IPv4 address or a fully
qualified domain name (i. e. the address contains at least one dot
(".")), the square brackets can be omitted, resulting in the
- (simpler) "_\ba_\bd_\bd_\br_\be_\bs_\bs:\b:_\bp_\bo_\br_\bt_\b" pattern. The default port is 4\b42\b22\b21\b17\b7/\b/u\bud\bdp\bp. If
+ (simpler) "_\ba_\bd_\bd_\br_\be_\bs_\bs:\b:_\bp_\bo_\br_\bt_\b" pattern. The default port is 4\b42\b22\b21\b17\b7/\b/t\btc\bcp\bp. If
you specify a network socket, it is mandatory to read the "SECURITY
CONSIDERATIONS" section.
permission context of the web server).
This option affects the _\bf_\bo_\bl_\bl_\bo_\bw_\bi_\bn_\bg UNIX socket addresses (the
- following -\b-l\bl options), i.e., you may specify different settings for
+ following -\b-l\bl options) or the default socket (if no -\b-l\bl options have
+ been specified), i.e., you may specify different settings for
different sockets.
The default is not to change ownership or permissions of the socket
sockets. See _\bu_\bn_\bi_\bx(7) for details.
This option affects the _\bf_\bo_\bl_\bl_\bo_\bw_\bi_\bn_\bg UNIX socket addresses (the
- following -\b-l\bl options), i.e., you may specify different settings for
+ following -\b-l\bl options) or the default socket (if no -\b-l\bl options have
+ been specified), i.e., you may specify different settings for
different sockets.
The default is not to change ownership or permissions of the socket
rrdcached -P FLUSH,PENDING $MORE_ARGUMENTS
The -\b-P\bP option affects the _\bf_\bo_\bl_\bl_\bo_\bw_\bi_\bn_\bg socket addresses (the following
- -\b-l\bl options). In the following example, only the IPv4 network socket
+ -\b-l\bl options) or the default socket (if no -\b-l\bl options have been
+ specified). In the following example, only the IPv4 network socket
(address 10.0.0.1) will be restricted to the "FLUSH" and "PENDING"
commands:
S\bSE\bEC\bCU\bUR\bRI\bIT\bTY\bY C\bCO\bON\bNS\bSI\bID\bDE\bER\bRA\bAT\bTI\bIO\bON\bNS\bS
A\bAu\but\bth\bhe\ben\bnt\bti\bic\bca\bat\bti\bio\bon\bn
- There is no authentication.
+ If your rrdtool installation was built without libwrap there is no form
+ of authentication for clients connecting to the rrdcache daemon!
- The client/server protocol does not yet have any authentication
- mechanism. It is likely that authentication and encryption will be
- added in a future version, but for the time being it is the
- administrator's responsibility to secure the traffic from/to the
- daemon!
+ If your rrdtool installation was built with libwrap then you can use
+ hosts_access to restrict client access to the rrdcache daemon
+ (rrdcached). For more information on how to use hosts_access to
+ restrict access to the rrdcache daemon you should read the
+ _\bh_\bo_\bs_\bt_\bs_\b__\ba_\bc_\bc_\be_\bs_\bs(5) man pages.
- It is highly recommended to install a packet filter or similar
+ It is still highly recommended to install a packet filter or similar
mechanism to prevent unauthorized connections. Unless you have a
dedicated VLAN or VPN for this, using network sockets is probably a bad
idea!
-1.4.3 2010-03-22 RRDCACHED(1)
+1.4.8 2013-05-23 RRDCACHED(1)