Hi, >>>>> On Sun, 16 Nov 2003 12:10:12 +0200 >>>>> Kostyuk Oleg <cub_at_cub.org.ua> said: >>It is not sufficient. There is setkey(8) in /usr/sbin. It means that >>we cannot protect NFS exported /usr by IPsec. If there is no >>objection, I wish to move setkey(8) into /sbin like NetBSD did. > > tlambert2> This type of order inversion is common. > tlambert2> Can we simply delay exportation until later in the boot process? > tlambert2> Wouldn't this have the same effect? > > Oops, I should explain the situation clearly. The client which mounts > /usr by NFS cannot use IPsec due to lack of setkey(8). cub> I think, you not exactly understand my problem. I don't think so. cub> I not export anything, not protect NFS exported /usr and cub> have ordinary workstation with 40G HD and /usr on it. cub> Using IPSec - hostorical behavior :), and i live without cub> problems on 4.x . cub> But I use NFS exports from others. cub> And, in case if IPSec used between my mashine and NFS server, cub> I can't boot smoothly - booting hold up on mounting NFS cub> until I press Ctrl+C . cub> Patch, which I send, resolve my problem. cub> But I not sure - applicable this patch for diskless ?.... setkey(8) is in /usr/sbin. Currently, ipsec is done after mountcritremote. So, the user who use NFS mounted /usr can use setkey(8). It seems your patch changes to invoke ipsec before networking. It means that the user who use NFS mounted /usr cannot use setkey(8), anymore. So, I believe that moving setkey(8) into /sbin is required to establish your needs. Sincerely, -- Hajimu UMEMOTO _at_ Internet Mutual Aid Society Yokohama, Japan ume_at_mahoroba.org ume_at_bisd.hitachi.co.jp ume_at_{,jp.}FreeBSD.org http://www.imasy.org/~ume/Received on Sun Nov 16 2003 - 06:28:55 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:37:29 UTC