Date: Sun, 16 Nov 2003 12:10:12 +0200 From: Kostyuk Oleg <cub@cub.org.ua> To: Hajimu UMEMOTO <ume@mahoroba.org> Cc: freebsd-current@freebsd.org Subject: Re: /etc/rc.d/ipsec starts not in time Message-ID: <3FB74D04.1000602@cub.org.ua> In-Reply-To: <ygeekw8pvop.wl%ume@mahoroba.org> References: <E1AGIbn-0001Ux-7o@cub.org.ua> <ygefzgpq508.wl%ume@mahoroba.org> <3FB6B4FE.4C1AF03C@mindspring.com> <ygeekw8pvop.wl%ume@mahoroba.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi >>It is not sufficient. There is setkey(8) in /usr/sbin. It means that >>we cannot protect NFS exported /usr by IPsec. If there is no >>objection, I wish to move setkey(8) into /sbin like NetBSD did. > > tlambert2> This type of order inversion is common. > tlambert2> Can we simply delay exportation until later in the boot process? > tlambert2> Wouldn't this have the same effect? > > Oops, I should explain the situation clearly. The client which mounts > /usr by NFS cannot use IPsec due to lack of setkey(8). I think, you not exactly understand my problem. I not export anything, not protect NFS exported /usr and have ordinary workstation with 40G HD and /usr on it. Using IPSec - hostorical behavior :), and i live without problems on 4.x . But I use NFS exports from others. And, in case if IPSec used between my mashine and NFS server, I can't boot smoothly - booting hold up on mounting NFS until I press Ctrl+C . Patch, which I send, resolve my problem. But I not sure - applicable this patch for diskless ?.... I can't recall when problem appear. All life server runs on 4.8. My mashine will be 4.8 - 5.0 - 5.1 - 5 CURRENT. Now - kern.osreldate: 501113. -- With best wishes, DIGMA sysadmin Oleg Kostyuk aka Cub (OK5-UANIC) [BSD registered user #BSD050664]
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FB74D04.1000602>