FreeBSD Mail Archives

Date:      Mon, 9 Oct 2017 02:09:43 +0000 (UTC)
From:      Ryusuke SUZUKI <ryusuke@FreeBSD.org>
To:        doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org
Subject:   svn commit: r51084 - head/ja_JP.eucJP/books/handbook/security
Message-ID:  <201710090209.v9929hSb006532@repo.freebsd.org>

next in thread | raw e-mail | index | archive | help

Author: ryusuke
Date: Mon Oct  9 02:09:43 2017
New Revision: 51084
URL: https://svnweb.freebsd.org/changeset/doc/51084

Log:
  - Merge the following from the English version:
  
  	r28158 -> r29000	head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified:
  head/ja_JP.eucJP/books/handbook/security/chapter.xml

Modified: head/ja_JP.eucJP/books/handbook/security/chapter.xml
==============================================================================
--- head/ja_JP.eucJP/books/handbook/security/chapter.xml	Sun Oct  8 12:38:21 2017	(r51083)
+++ head/ja_JP.eucJP/books/handbook/security/chapter.xml	Mon Oct  9 02:09:43 2017	(r51084)
@@ -3,7 +3,7 @@
      The FreeBSD Documentation Project
      The FreeBSD Japanese Documentation Project
 
-     Original revision: r28158
+     Original revision: r29000
      $FreeBSD$
 -->
 <chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" version="5.0" xml:id="security">
@@ -131,26 +131,6 @@
       ¤µ¤é¤Ë¥³¥ó¥Ô¥å¡¼¥¿¤¬Áê¸ß¤ËÀÜÂ³¤µ¤ì¤¿¥Í¥Ã¥È¥ï¡¼¥¯¤ò·ÁÀ®¤¹¤ë¤è¤¦¤Ë¤Ê¤Ã¤¿º£Æü¡¢
       ¥»¥¥å¥ê¥Æ¥£¤Ï°ìÁØÂç¤¤Ê´Ø¿´»ö¤Ë¤Ê¤Ã¤Æ¤¤Æ¤¤¤Þ¤¹¡£</para>
 
-    <para>¥»¥¥å¥ê¥Æ¥£¤ò¼ÂÁõ¤¹¤ë¤Ë¤Ï¡¢
-      ¥¿¥Þ¥Í¥®¤Î¤è¤¦¤Ë³¬ÁØ²½¤¹¤ë¼êË¡
-      (a layered <quote>onion</quote> approach)
-      ¤¬ºÇÅ¬¤Ç¤¹¡£
-      ¤É¤¦¤¹¤ì¤ÐÎÉ¤¤¤Î¤«´ÊÃ±¤ËÀâÌÀ¤¹¤ë¤È¡¢
-      ÊØÍø¤Êµ¡Ç½¤ÈÆ±¤¸¿ô¤À¤±¥»¥¥å¥ê¥Æ¥£¤Î³¬ÁØ¤òºî¤ê¡¢
-      ¥·¥¹¥Æ¥à¤Ø¤Î¿¯Æþ¤òÃí°Õ¿¼¤¯´Æ»ë¤¹¤ë¤Î¤Ç¤¹¡£
-      ¤¢¤Ê¤¿¤Ï¥»¥¥å¥ê¥Æ¥£¤ò²áÅÙ¤Ë¸·½Å¤Ë¤·¤¿¤ê¡¢
-      ¿¯Æþ¤Î´Æ»ë¤Ë»þ´Ö¤ò¤È¤é¤ì¤¿¤¤¤È¤Ï»×¤ï¤Ê¤¤¤Ç¤·¤ç¤¦¡£
-      ¤³¤Î¿¯Æþ¤ÎÈ¯¸«¤È¤¤¤¦ÉôÊ¬¤Ï¡¢
-      ¤¢¤é¤æ¤ë¥»¥¥å¥ê¥Æ¥£µ¡¹½¤Ë¤ª¤¤¤ÆºÇ¤â½ÅÍ×¤ÊÉôÊ¬¤Î°ì¤Ä¤Ê¤Î¤Ç¤¹¡£
-      ¤¿¤È¤¨¤Ð¡¢¥·¥¹¥Æ¥à¤Î³Æ¥Ð¥¤¥Ê¥ê¤Ë
-      <literal>schg</literal> ¥Õ¥é¥° (&man.chflags.1; »²¾È)
-      ¤òÀßÄê¤¹¤ë¤Î¤Ï¡¢Âç¤·¤Æ°ÕÌ£¤¬¤¢¤ê¤Þ¤»¤ó¡£
-      ¥Õ¥é¥°¤òÀßÄê¤¹¤ë¤È°ì»þÅª¤Ë¥Ð¥¤¥Ê¥ê¤¬ÊÝ¸î¤µ¤ì¡¢
-      ¿¯Æþ¤·¤Æ¤¤¿¹¶·â¼Ô¤Ë¤è¤Ã¤Æ¥·¥¹¥Æ¥à¤Ë²Ã¤¨¤é¤ì¤ëÊÑ¹¹¤Î¤¦¤Á¡¢
-      ÍÆ°×¤Ë¸¡½Ð²ÄÇ½¤ÊÊÑ¹¹¤Ï¹Ô¤Ê¤¨¤Ê¤¯¤Ê¤ê¤Þ¤¹¡£
-      ¤·¤«¤·¤½¤Î·ë²Ì¤È¤·¤Æ¡¢¥»¥¥å¥ê¥Æ¥£µ¡¹½¤¬¤½¤Î¿¯Æþ¼Ô¤ò¸¡½Ð¤¹¤ë¤³¤È¤â
-      ¤Þ¤Ã¤¿¤¯¤Ç¤¤Ê¤¯¤Ê¤Ã¤Æ¤·¤Þ¤¦¤Ç¤·¤ç¤¦¡£</para>
-
     <para>¤Þ¤¿¡¢¥·¥¹¥Æ¥à¥»¥¥å¥ê¥Æ¥£¤Ë¤Ï¡¢
       ¤µ¤Þ¤¶¤Þ¤Ê·Á¤Ç¤Î¹¶·â¤ËÂÐ½è¤¹¤ë¤³¤È¤È¤â´Ø·¸¤·¤Æ¤¤¤Þ¤¹¡£
       ¹¶·â¤ÎÃæ¤Ë¤Ï <systemitem class="username">root</systemitem>
@@ -1950,7 +1930,7 @@ Edit O.K.
 	¤¹¤Ù¤Æ¤Î¥¤¥ó¥¹¥¿¥ó¥¹¤òÅ¸³«¤·¤Þ¤¹¡£
 	¤³¤ì¤Ë¤Ï <command>ext_srvtab</command> ¤È¤¤¤¦¥³¥Þ¥ó¥É¤ò»ÈÍÑ¤·¤Þ¤¹¡£
 	¤³¤Î¥³¥Þ¥ó¥É¤ÇºîÀ®¤µ¤ì¤ë¥Õ¥¡¥¤¥ë¤Ï¡¢Kerberos
-	¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename>/etc/kerberosIV</filename>
+	¤Î³Æ¥¯¥é¥¤¥¢¥ó¥È¤Î <filename>/etc</filename>
 	¥Ç¥£¥ì¥¯¥È¥ê¤Ë<emphasis>°ÂÁ´¤ÊÊýË¡¤Ç</emphasis>
 	¥³¥Ô¡¼¤Þ¤¿¤Ï°ÜÆ°¤¹¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£
 	¤³¤Î¥Õ¥¡¥¤¥ë¤Ï¤½¤ì¤¾¤ì¤Î¥µ¡¼¥Ð¤È¥¯¥é¥¤¥¢¥ó¥È¤ËÂ¸ºß¤·¤Ê¤±¤ì¤Ð¤Ê¤é¤º¡¢
@@ -1979,7 +1959,7 @@ Generating 'grunt-new-srvtab'....</screen>
 	¤ò°ÜÆ°
 	²ÄÇ½¤Ê¥á¥Ç¥£¥¢¤Ë¥³¥Ô¡¼¤·¤ÆÊªÍýÅª¤Ë°ÂÁ´¤ÊÊýË¡¤Ç±¿¤ó¤Ç¤¯¤À¤µ¤¤¡£
 	¥¯¥é
-	¥¤¥¢¥ó¥È¤Î<filename>/etc/kerberosIV</filename>¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
+	¥¤¥¢¥ó¥È¤Î<filename>/etc</filename>¥Ç¥£¥ì¥¯¥È¥ê¤Ç¡¢
 	Ì¾Á°¤ò <filename>srvtab</filename>¤ËÊÑ¹¹¤·¡¢
 	mode¤ò600¤Ë¤¹¤ë¤Î¤òËº¤ì¤Ê¤¤¤Ç¤¯¤À¤µ¤¤¡£</para>
 
@@ -2514,16 +2494,19 @@ Verifying password - Password: <userinput>xxxxxxxx</us
 	¥×¥ê¥ó¥·¥Ñ¥ë¤Î¥Á¥±¥Ã¥È¤òÆþ¼ê¤·¤¿¤ê¡¢
 	°ìÍ÷¤òÉ½¼¨¤¹¤ë¤³¤È¤¬¤Ç¤¤ë¤³¤È¤ò³ÎÇ§¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
 
-      <screen>&prompt.user; <userinput>k5init <replaceable>tillman</replaceable></userinput>
+      <screen>&prompt.user; <userinput>kinit <replaceable>tillman</replaceable></userinput>
 tillman@EXAMPLE.ORG's Password:
 
-&prompt.user; <userinput>k5list</userinput>
+&prompt.user; <userinput>klist</userinput>
 Credentials cache: FILE:<filename>/tmp/krb5cc_500</filename>
 	Principal: tillman@EXAMPLE.ORG
 
   Issued           Expires          Principal
 Aug 27 15:37:58  Aug 28 01:37:58  krbtgt/EXAMPLE.ORG@EXAMPLE.ORG</screen>
 
+	<para>É¬Í×¤¬¤Ê¤¯¤Ê¤Ã¤¿»þ¤Ë¤Ï¡¢¥Á¥±¥Ã¥È¤òÇË´þ¤Ç¤¤Þ¤¹¡£</para>
+
+	<screen>&prompt.user; <userinput>k5destroy</userinput></screen>
       </sect2>
 
       <sect2>
@@ -2689,19 +2672,6 @@ kadmin><userinput> exit</userinput></screen>
 	  (<command>ssh</command> ¤Î¤è¤¦¤Ë)
 	  ¤¹¤Ù¤Æ¤Î¥Ç¡¼¥¿¥¹¥È¥ê¡¼¥à¤¬°Å¹æ²½¤µ¤ì¤Þ¤¹¡£</para>
 
-	<para><application>Kerberos</application>
-	  ¤Î¥³¥¢¤Î¥¯¥é¥¤¥¢¥ó¥È¥¢¥×¥ê¥±¡¼¥·¥ç¥ó
-	  (ÅÁÅýÅª¤Ë¡¢<command>kinit</command>,
-	  <command>klist</command>, <command>kdestroy</command> ¤ª¤è¤Ó
-	  <command>kpasswd</command> ¤È¤¤¤¦Ì¾Á°¤Ç¤¹) ¤Ï¡¢&os;
-	  ¤Î¥Ù¡¼¥¹¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
-	  5.0 °ÊÁ°¤Î &os; ¤Ç¤Ï¡¢
-	  <command>k5init</command>,
-	  <command>k5list</command>, <command>k5destroy</command>,
-	  <command>k5passwd</command> ¤ª¤è¤Ó <command>k5stash</command>
-	  ¤È¸À¤¦Ì¾Á°¤Ç¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤Æ¤¤¤Þ¤¹¡£
-	  ¤³¤ì¤é¤ÏÄÌ¾ï°ìÅÙ¤·¤«ÍÑ¤¤¤é¤ì¤Þ¤»¤ó¡£</para>
-
 	<para>¥Ç¥Õ¥©¥ë¥È¤Ç¤Ï¡¢Heimdal ¥¤¥ó¥¹¥È¡¼¥ë¤Î
 	  <quote>ºÇ¾®</quote> ¤È¹Í¤¨¤é¤ì¤ë¡¢¥³¥¢°Ê³°¤Î
 	  <application>Kerberos</application> 
@@ -2975,6 +2945,19 @@ jdoe@example.org</screen>
 	  ¥Õ¥©¥ï¡¼¥É¤µ¤ì¤¿¥¯¥ì¥Ç¥ó¥·¥ã¥ê¥ó¥°¤Î½êÍ¸¢¤òÅ¬ÀÚ¤ËÊÑ¹¹¤Ç¤¤ë¤è¤¦¤Ë¡¢
 	  <command>login.krb5</command>
 	  ¥Ð¥¤¥Ê¥ê¤¬Ç§¾Ú¤Ë»È¤ï¤ì¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£</para></note>
+
+	<para><filename>rc.conf</filename>
+	  ¤ò°Ê²¼¤ÎÀßÄê¤ò´Þ¤à¤è¤¦¤ËÊÑ¹¹¤¹¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£</para>
+
+	<programlisting>kerberos5_server="/usr/local/sbin/krb5kdc"
+kadmind5_server="/usr/local/sbin/kadmind"
+kerberos5_server_enable="YES"
+kadmind5_server_enable="YES"</programlisting>
+
+	<para>¤³¤ì¤ò¹Ô¤¦¤Î¤Ï¡¢
+	  <acronym>MIT</acronym> kerberos ¤Î¥¢¥×¥ê¥±¡¼¥·¥ç¥ó¤Ï¡¢
+	  <filename role="directory">/usr/local</filename>
+	  ¹½Â¤¤Î²¼¤Ë¥¤¥ó¥¹¥È¡¼¥ë¤µ¤ì¤ë¤¿¤á¤Ç¤¹¡£</para>
       </sect2>
 
       <sect2>
@@ -3441,6 +3424,17 @@ options	  FAST_IPSEC  # new IPsec (cannot define w/ IP
 	  ¤ò»²¾È¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
       </note>
 
+      <note>
+	<para>¥Õ¥¡¥¤¥¢¥¦¥©¡¼¥ë¤¬Å¬ÀÚ¤Ë &man.gif.4;
+	  ¤âÄÉÀ×¤Ç¤¤ë¤è¤¦¤Ë¤¹¤ë¤Ë¤Ï¡¢
+	  ¥«¡¼¥Í¥ë¥³¥ó¥Õ¥£¥°¥ì¡¼¥·¥ç¥ó¤Ë¤ª¤¤¤Æ¡¢
+	  <option>IPSEC_FILTERGIF</option> ¤òÍ¸ú¤Ë¤¹¤ëÉ¬Í×¤¬¤¢¤ê¤Þ¤¹¡£</para>
+
+	<screen>
+options   IPSEC_FILTERGIF  #filter ipsec packets from a tunnel
+	</screen>
+      </note>
+
       <indexterm>
 	<primary>IPsec</primary>
 	<secondary>ESP</secondary>
@@ -3758,20 +3752,22 @@ Network #2            [ Internal Hosts ]
 	¤½¤Î¸å¡¢¥×¥é¥¤¥Ù¡¼¥È IP ¥¢¥É¥ì¥¹¤ò
 	&man.ifconfig.8; ¤ò»È¤Ã¤ÆÀßÄê¤·¤Þ¤¹¡£</para>
 
-      <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1 ¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î
-        2 ¤Ä¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
+      <para>¥Í¥Ã¥È¥ï¡¼¥¯ #1
+	¤Ë¤¢¤ë¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç°Ê²¼¤Î¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Æ¥È¥ó¥Í¥ë¤òºîÀ®¤·¤Þ¤¹¡£</para>
  
-      <programlisting>ifconfig gif0 A.B.C.D W.X.Y.Z
-ifconfig gif0 inet 192.168.1.1 192.168.2.1 netmask 0xffffffff
-      </programlisting>
+      <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>A.B.C.D</replaceable> <replaceable>W.X.Y.Z</replaceable></userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.1.1</replaceable> <replaceable>192.168.2.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
+      </screen>
 
       <para>¤â¤¦ÊÒÊý¤Î¥²¡¼¥È¥¦¥§¥¤¥³¥ó¥Ô¥å¡¼¥¿¤Ç¡¢
         IP ¥¢¥É¥ì¥¹¤Î½ç¤òµÕ¤Ë¤·¤ÆÆ±¤¸¥³¥Þ¥ó¥É¤ò¼Â¹Ô¤·¤Þ¤¹¡£</para>
- 
-      <programlisting>ifconfig gif0 W.X.Y.Z A.B.C.D
-ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xffffffff
-      </programlisting>
 
+      <screen>&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> create</userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> tunnel <replaceable>W.X.Y.Z</replaceable> <replaceable>A.B.C.D</replaceable></userinput>
+&prompt.root; <userinput>ifconfig <replaceable>gif0</replaceable> inet <replaceable>192.168.2.1</replaceable> <replaceable>192.168.1.1</replaceable> netmask <replaceable>0xffffffff</replaceable></userinput>
+      </screen>
+
       <para>°Ê²¼¤ò¼Â¹Ô¤·¤Æ¡¢ÀßÄê¤ò³ÎÇ§¤ò¤·¤Æ¤¯¤À¤µ¤¤¡£</para>
  
       <programlisting>ifconfig gif0</programlisting>
@@ -3780,9 +3776,9 @@ ifconfig gif0 inet 192.168.2.1 192.168.1.1 netmask 0xf
         °Ê²¼¤Î¤è¤¦¤Ë³ÎÇ§¤Ç¤¤Þ¤¹¡£</para>
  
       <screen>&prompt.root; <userinput>ifconfig gif0</userinput>
-gif0: flags=8011&lt;UP,POINTTOPOINT,MULTICAST&gt; mtu 1280
-inet 192.168.1.1 --&gt; 192.168.2.1 netmask 0xffffffff
-physical address inet A.B.C.D --&gt; W.X.Y.Z
+gif0: flags=8051&lt;UP,POINTOPOINT,RUNNING,MULTICAST&gt; mtu 1280
+        tunnel inet A.B.C.D --&gt; W.X.Y.Z
+        inet 192.168.1.1 --&gt; 192.168.2.1 netmask 0xffffffff
       </screen>
 
       <para>½ÐÎÏ¤«¤é¤ï¤«¤ë¤è¤¦¤Ë¡¢
@@ -3914,7 +3910,8 @@ Destination      Gateway       Flags    Refs    Use   
           <para>¥²¡¼¥È¥¦¥§¥¤¥Û¥¹¥È #1 ¤Î <filename>/etc/rc.conf</filename>
 	    ¤òÊÔ½¸¤·¤Æ¡¢°Ê²¼¤Î¹Ô¤ò (É¬Í×¤Ë±þ¤¸¤Æ IP ¥¢¥É¥ì¥¹¤òÊÑ¹¹¤·¤Æ)
 	    ÄÉ²Ã¤·¤Þ¤¹¡£</para>
-          <programlisting>gifconfig_gif0="A.B.C.D W.X.Y.Z"
+          <programlisting>gif_interfaces="gif0"
+gifconfig_gif0="A.B.C.D W.X.Y.Z"
 ifconfig_gif0="inet 192.168.1.1 192.168.2.1 netmask 0xffffffff"
 static_routes="vpn"
 route_vpn="192.168.2.0 192.168.2.1 netmask 0xffffff00"

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201710090209.v9929hSb006532>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation