diff options
| author | Guilhem Moulin <guilhem@fripost.org> | 2016-12-01 00:16:18 +0100 |
|---|---|---|
| committer | Guilhem Moulin <guilhem@fripost.org> | 2016-12-01 00:16:18 +0100 |
| commit | 27788fd4a399642eddbdb1934ccaa13f7fd00124 (patch) | |
| tree | 80ac319fdaec806a82dfc04e1453054ca199683a /config/lacme.conf | |
| parent | dd1da2ac44a7eab89e9a17135367aa0915efad0b (diff) | |
Make lacme able to spawn lacme-accountd.
Diffstat (limited to 'config/lacme.conf')
| -rw-r--r-- | config/lacme.conf | 41 |
1 files changed, 37 insertions, 4 deletions
diff --git a/config/lacme.conf b/config/lacme.conf index d64276c..23313c7 100644 --- a/config/lacme.conf +++ b/config/lacme.conf @@ -4,12 +4,15 @@ #config-certs = /etc/lacme/lacme-certs.conf [client] -# The value of "socket" specifies the lacme-accountd(1) UNIX-domain -# socket to connect to for signature requests from the ACME client. -# lacme(1) aborts if the socket is readable or writable by other users, -# or if its parent directory is writable by other users. +# The value of "socket" specifies the path to the lacme-accountd(1) +# UNIX-domain socket to connect to for signature requests from the ACME +# client. lacme(1) aborts if the socket is readable or writable by +# other users, or if its parent directory is writable by other users. # Default: "$XDG_RUNTIME_DIR/S.lacme" if the XDG_RUNTIME_DIR environment # variable is set. +# This option is ignored when lacme-accountd(1) is spawned by lacme(1), +# since the two processes communicate through a socket pair. See the +# "accountd" section below for details. # #socket = /run/user/1000/S.lacme @@ -83,4 +86,34 @@ # #iptables = Yes + +# lacme-accound(1) section. Comment out the following section to make +# lacme(1) connect to an existing UNIX-domain socket bound by a running +# acme-accountd(1). +[accountd] + +# username to drop privileges to (setting both effective and real uid). +# Preserve root privileges if the value is empty. +# +#user = root + +# groupname to drop privileges to (setting both effective and real gid, +# and also setting the list of supplementary gids to that single group). +# Preserve root privileges if the value is empty. +# +#group = root + +# Path to the lacme-accountd(1) executable. +#command = /usr/bin/lacme-accountd + +# Path to the lacme-accountd(1) configuration file. +#config = /etc/lacme/lacme-accountd.conf + +# The (private) account key to use for signing requests. See +# lacme-accountd(1) for details. +#privkey = file:/path/to/account.key + +# Be quiet. +#quiet = Yes + ; vim:ft=dosini |