0
|
1 |
=begin text
|
|
2 |
|
11
|
3 |
#ident "@(#)solaris_manpage.pod 1.2 10/03/16 SMI"
|
0
|
4 |
|
|
5 |
=end text
|
|
6 |
|
|
7 |
=head1 SOLARIS CONFIGURATION
|
|
8 |
|
|
9 |
Solaris has a service management facility to start processes and daemons
|
|
10 |
at system boot. This facility replaces the more traditional runtime
|
|
11 |
configuration scripts used by other Unix operating systems.
|
|
12 |
The Solaris service management facility is also used to implement inetd(1M).
|
|
13 |
|
|
14 |
To configure stunnel to listen on one or more ports, create the stunnel
|
|
15 |
configuration file /etc/stunnel/stunnel.conf. The configuration tokens are
|
|
16 |
explained elsewhere in this manual. A sample configuration file delivered
|
|
17 |
in /etc/stunnel can be used as a reference.
|
|
18 |
|
|
19 |
Now activate the stunnel smf(5) service using svcadm(1M).
|
|
20 |
|
|
21 |
=over 4
|
|
22 |
=item
|
|
23 |
|
|
24 |
# svcadm enable svc:/network/ssl/stunnel:default
|
|
25 |
|
|
26 |
=back
|
|
27 |
|
|
28 |
Note that the smf(5) FMRI can be abbreviated to stunnel, so following
|
|
29 |
command is also valid:
|
|
30 |
|
|
31 |
=over 4
|
|
32 |
=item
|
|
33 |
|
|
34 |
# svcadm enable stunnel
|
|
35 |
|
|
36 |
=back
|
|
37 |
|
|
38 |
Check that the service is running with the svcs(1M) command. If the stunnel
|
|
39 |
service is not online, use svcs -xv to find out why. This command will show the
|
|
40 |
name of the log file used to record any startup errors.
|
|
41 |
|
|
42 |
The stunnel smf(5) service is defined by a manifest which is part of the
|
11
|
43 |
service/security/stunnel package. The properties of the service can be
|
|
44 |
viewed or changed with the svcprop(1M) command.
|
0
|
45 |
|
|
46 |
The stunnel smf(5) service starts stunnel process(es) which listen for
|
|
47 |
incoming connections. An alternative way of achieving this is to use
|
|
48 |
INETD MODE described elsewhere in this manual. This method is advantageous
|
|
49 |
if the service useage is intermittant, or when many services need to use
|
|
50 |
stunnel because each service can be enabled or disabled independently.
|
|
51 |
|
|
52 |
When configuring inetd(1M) to listen on the required ports, the
|
|
53 |
stunnel process(es) are started only when a connection is established.
|
|
54 |
|
|
55 |
The INETD MODE section of this manual describes editing /etc/inetd.conf
|
|
56 |
to configure inetd(1M), although this file exists in Solaris, the services
|
|
57 |
controlled by inetd(1M) are in fact configured using smf(5) manifests.
|
|
58 |
|
|
59 |
To configure inetd(1M) on Solaris to start a stunnel process:
|
|
60 |
|
|
61 |
=over 4
|
|
62 |
=item *
|
|
63 |
|
|
64 |
Check that the service has an entry in /etc/services.
|
|
65 |
|
|
66 |
=item *
|
|
67 |
|
|
68 |
Check to see if there is already a smf(5) service running on this port
|
|
69 |
using svcs(1M) and disable any existing service with svcadm(1M).
|
|
70 |
|
|
71 |
=item *
|
|
72 |
|
|
73 |
Create a stunnel configuration file, for example:
|
|
74 |
|
|
75 |
/etc/stunnel/stunnel_imap.conf
|
|
76 |
|
|
77 |
=item *
|
|
78 |
|
|
79 |
Create a scratch template file and add the /etc/inetd.conf entry to
|
|
80 |
this file (see INETD MODE).
|
|
81 |
|
|
82 |
=item *
|
|
83 |
|
|
84 |
Use the inetconv(1M) command to create a inetd(1M) service manifest and
|
|
85 |
register the service with smf(5), for example:
|
|
86 |
|
|
87 |
# inetconv -i /tmp/inetd_scratch.conf -o /var/svc/manifest/network/ssl
|
|
88 |
|
|
89 |
=item *
|
|
90 |
|
|
91 |
The newly created service can be managed with svcadm(1M).
|
|
92 |
|
|
93 |
=back
|
|
94 |
|
|
95 |
=head1 ATTRIBUTES
|
|
96 |
|
|
97 |
See attributes(5) for descriptions of the following attributes:
|
|
98 |
|
|
99 |
___________________________________________________________
|
|
100 |
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|
|
101 |
|_____________________________|___________________________|
|
11
|
102 |
| Availability | service/security/stunnel |
|
0
|
103 |
|_____________________________|___________________________|
|
|
104 |
| Interface Stability | Uncommitted |
|
|
105 |
|_____________________________|___________________________|
|
|
106 |
|
|
107 |
|
|
108 |
=head1 SOURCE CODE
|
|
109 |
|
|
110 |
Source for stunnel is available on http://opensolaris.org.
|
|
111 |
|
|
112 |
|