On Mon, May 19, 2008 at 03:48:15PM -0700, Mark Fenwick wrote: > You can make stunnel work as a client and a server from the same > configuration file, running from SMF just makes it possible to create
Yeah, as a tunnel. What I meant is that a service could use stunnel with a config file to accept connections (or in inetd mode), then later start a separate instance of stunnel with a different config, but in the same service instance (or in the process of service the same inetd connection). > a system wide service which can be started automatically when the > system boots. This does not prevent a unprivileged user from creating > their own service using their own config as well (obviously on > non-privileged ports). Of course. I was wondering if it'd be sane to key off of the presence of $SMF_FMRI. > I don't understand what your suggesting in the last sentance, stunnel > will take the config file as a command line arg, the problem is if you > don't it will look for /usr/local/etc/stunnel/stunnel.conf which > won't exist and cause an error. I was wondering why an SMF/inetd service using stunnel would start a separate instance of stunnel without naming a config file on the command-line. But I see why now: the config file can configure multiple services. (Why is there no command-line argument for naming which service to use? Or is the manpage just deficient here?) But we should drop this idea (of keying off of $SMF_FMRI). > My question is, if I create a manifest which has a config_file > property, what should that default as ? IMO, do as Jyri said: investigate what others do and emulate. The ARC may have a different opinion, but I'm guessing it will let you do whatever you choose to.
