Imported Upstream version 2.7.1
This commit is contained in:
parent
a1fa151fc7
commit
0121794af9
451 changed files with 41339 additions and 10887 deletions
|
|
@ -165,7 +165,7 @@ Note that this is only called for NOTIFY events that have EXEC set with
|
|||
NOTIFYFLAG. See NOTIFYFLAG below for more details.
|
||||
+
|
||||
Making this some sort of shell script might not be a bad idea. For
|
||||
more information and ideas, see pager.txt in the docs directory.
|
||||
more information and ideas, see docs/scheduling.txt
|
||||
+
|
||||
Remember, this command also needs to be one element in the configuration file,
|
||||
so if your command has spaces, then wrap it in quotes.
|
||||
|
|
@ -322,6 +322,61 @@ together, i.e.:
|
|||
|
||||
SHUTDOWNCMD "/sbin/shutdown -h +0"
|
||||
|
||||
*CERTPATH* 'certificate file or database'::
|
||||
|
||||
When compiled with SSL support, you can enter the certificate path here.
|
||||
+
|
||||
With NSS:;;
|
||||
Certificates are stored in a dedicated database (splitted in 3 files).
|
||||
Specify the path of the database directory.
|
||||
With OpenSSL:;;
|
||||
Directory containing CA certificates in PEM format, used to verify
|
||||
the server certificate presented by the upsd server. The files each
|
||||
contain one CA certificate. The files are looked up by the CA subject
|
||||
name hash value, which must hence be available.
|
||||
|
||||
*CERTIDENT* 'certificate name' 'database password'::
|
||||
|
||||
When compiled with SSL support with NSS, you can specify the certificate
|
||||
name to retrieve from database to authenticate itself and the password
|
||||
required to access certificate related private key.
|
||||
|
||||
*CERTHOST* 'hostname' 'certificate name' 'certverify' 'forcessl'::
|
||||
|
||||
When compiled with SSL support with NSS, you can specify security directive
|
||||
for each server you can contact.
|
||||
+
|
||||
Each entry maps server name with the expected certificate name and flags
|
||||
indicating if the server certificate is verified and if the connection
|
||||
must be secure.
|
||||
|
||||
*CERTVERIFY* '0 | 1'::
|
||||
|
||||
When compiled with SSL support, make upsmon verify all connections with
|
||||
certificates.
|
||||
+
|
||||
Without this, there is no guarantee that the upsd is the right host.
|
||||
Enabling this greatly reduces the risk of man-in-the-middle attacks.
|
||||
This effectively forces the use of SSL, so don't use this unless
|
||||
all of your upsd hosts are ready for SSL and have their certificates
|
||||
in order.
|
||||
+
|
||||
When compiled with NSS support of SSL, can be overriden for host
|
||||
specified with a CERTHOST directive.
|
||||
|
||||
*FORCESSL* '0 | 1'::
|
||||
|
||||
When compiled with SSL, specify that a secured connection must be used
|
||||
to communicate with upsd.
|
||||
+
|
||||
If you don't use 'CERTVERIFY 1', then this will at least make sure
|
||||
that nobody can sniff your sessions without a large effort. Setting
|
||||
this will make upsmon drop connections if the remote upsd doesn't
|
||||
support SSL, so don't use it unless all of them have it running.
|
||||
+
|
||||
When compiled with NSS support of SSL, can be overriden for host
|
||||
specified with a CERTHOST directive.
|
||||
|
||||
SEE ALSO
|
||||
--------
|
||||
linkman:upsmon[8], linkman:upsd[8], linkman:nutupsdrv[8].
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue