From 923ac74f5de23d3a583ac3f0ba4a5e516947c259 Mon Sep 17 00:00:00 2001
From: Art Cancro
-
-
+
+
-
+
+
An example for inetd (put the following line in /etc/inetd.conf, @@ -663,14 +674,17 @@ replacing any existing telnet configuration line already there):
An example for xinetd (if you have a file called /etc/xinetd.d/telnet then simply replace that file with this one):
service telnet-
{
flags = REUSE
socket_type = stream
wait = no
user = root
server = /usr/sbin/in.telnetd
server_args = -L /usr/local/citadel/citadel
log_on_failure += USERID
disable = no
}
Please make sure you know what you're doing before you install this! If +
Please make sure you know what you're doing before you install this!
+If
you are going to put Citadel somewhere other than /usr/local/citadel
then change the directory name accordingly. If you know of any other
local peculiarities which need to be observed, edit the above
configuration
accordingly as well. And, of course, if you're working remotely, make
-sure you can successfully log in using SSH before you start making
-changes to telnet, because if you accidentally break telnet and don't have
+sure you can successfully log in using SSH before you start
+making
+changes to telnet, because if you accidentally break telnet and don't
+have
SSH running, you'll have effectively locked yourself out of your system
until you can get physical access to the console.
@@ -844,14 +858,19 @@ program against to set up some data files. If a directory is not
specified, the directory
name which was specified in the Makefile will be used.
-xDebugLevel - Set the verbosity of trace messages printed. -When -x is used, it will suppress messages sent to syslog (see below). In -other words, syslog will never see certain messages if -x is used. Normally -you should configure logging through syslog, but -x may still be useful in -some circumstances. The available debugging levels are:
+When -x is used, it will suppress messages sent to syslog (see below). +In +other words, syslog will never see certain messages if -x is used. +Normally +you should configure logging through syslog, but -x may still be useful +in +some circumstances. The available debugging levels are:-tTraceFile - Tell the server where to send its debug/trace output. Normally it is sent to stdout.
--lLogFacility - Tell the server to send its debug/trace output -to the syslog service on the host system instead of to a -trace file. LogFacility must be one of: kern, user, mail, +
-lLogFacility - Tell the server to send its debug/trace +output +to the syslog service on the host system instead of +to a +trace file. LogFacility must be one of: kern, user, +mail, daemon, auth, syslog, lpr, news, uucp, local0, local1, local2, local3, -local4, local5, local6, local7. Please note that use of the --l option will cancel any use of the -t option; that is, -if you specify a trace file and a syslog facility, log output will +local4, local5, local6, local7. Please note that use of the +-l option will cancel any use of the -t option; that +is, +if you specify a trace file and a syslog facility, log output +will only go to the syslog facility. +
-d - Run as a daemon; i.e. in the background. This switch would be necessary if you were starting the Citadel server, for example, from an rc.local script (which is not recommended, because @@ -1616,12 +1641,7 @@ headers will never be altered.
The final set of options configures system-wide defaults for the auto-purger:
-Default user purge time (days) [120]:+
-Default room purge time (days) [30]:
-System default message expire policy (? for list) [2]:
-Keep how many messages online? [150]:
-Mailbox default message expire policy (? for list) [1]:
-
Default user purge time (days) [120]:
Default room purge time (days) [30]:
System default message expire policy (? for list) [2]:
Keep how many messages online? [150]:
Mailbox default message expire policy (? for list) [1]:
Any user who does not log in for the period specified in 'Default user purge time' will be deleted the next time a purge is run. This setting may be modified on a per-user basis.
@@ -1635,10 +1655,12 @@ messages are expired (purged) off the system. You can specify any of:Again, this setting may be overridden on a per-floor basis, and the -floor setting may be overridden on a per-room basis. You'll also notice -that you can set a different default for mailbox rooms if you want -to. This can allow you, for example, to set a policy under which old -messages scroll out of public rooms, but private mail stays online indefinitely +floor setting may be overridden on a per-room basis. You'll also notice +that you can set a different default for mailbox rooms if you +want +to. This can allow you, for example, to set a policy under which old +messages scroll out of public rooms, but private mail stays online +indefinitely until deleted by the mailbox owners.
Save this configuration? No
When you're done, enter 'Yes' to confirm the changes, or 'No' to
@@ -1848,7 +1870,7 @@ points of the configuration of Postfix or any other mailer, so refer to
the documentation to those programs and keep in mind that Citadel has
LMTP support.
For outbound mail, you +
For outbound mail, you
can either allow Citadel to perform
deliveries directly
(this won't affect your other mail system because outbound mail doesn't
@@ -2208,54 +2230,139 @@ From the command line, you can do it with a command like:
exported.dat at this time, or you might want to save it somewhere as a
sort of pseudo-backup.
-
Citadel provides built-in support for encryption using Transport -Layer Security (TLS) for ESMTP, IMAP, POP3, and the Citadel client protocol. -A simple cryptographic configuration is installed automatically when you -bring the system online. The remainder of this section describes how this +Layer Security (TLS) for ESMTP, IMAP, POP3, and the Citadel client +protocol. +A simple cryptographic configuration is installed automatically when +you +bring the system online. The remainder of this section describes how +this configuration is built, and what you can do to make changes to it.
-Encryption files are kept in the keys/ directory. The three -files used by Citadel are:
Encryption files are kept in the keys/ directory. The +three +files used by Citadel are:
+If you wish to interact with 3rd party clients -that have hard coded lists of acceptable Certificate Authorities, and you -do not want annoying dialog boxes popping up for the user on the first (or +that have hard coded lists of acceptable Certificate Authorities, and +you +do not want annoying dialog boxes popping up for the user on the first +(or all) connections, then you will have to have your key signed by a valid Certificate Authority.
-It is beyond the scope of this document to provide a complete tutorial -on SSL certificates. Here are the general rules to follow:
It is beyond the scope of this document to provide a complete +tutorial +on SSL certificates. Here are the general rules to follow:
+ The most widely accepted and standardized object for storing
+personal data
+clearly is "inetOrgPerson". Citadel therefore attempts to follow
+this type of schema.
+
If you are using OpenLDAP as your directory server, you should
+choose options similar to the following:
+
database ldbm+
schemacheck off
allow bind_v2
suffix "dc=servername,dc=domain,dc=org"
rootdn "cn=manager,dc=servername,dc=domain,dc=org"
rootpw secret