aboutsummaryrefslogtreecommitdiffstats
path: root/lacme.md
diff options
context:
space:
mode:
Diffstat (limited to 'lacme.md')
-rw-r--r--lacme.md42
1 files changed, 41 insertions, 1 deletions
diff --git a/lacme.md b/lacme.md
index f29f24f..93f348c 100644
--- a/lacme.md
+++ b/lacme.md
@@ -26,7 +26,9 @@ with its own executable:
the [ACME] client.)
One can use the UNIX-domain socket forwarding facility of OpenSSH
6.7 and later to run [`lacme-accountd`(1)] and `lacme` on different
- hosts.
+ hosts. Alternatively, the [`lacme-accountd`(1)] process can be
+ spawned by the “master” `lacme` process below; the communication
+ between the two then goes through a socket pair.
2. A “master” `lacme` process, which runs as root and is the only
component with access to the private key material of the server
@@ -249,6 +251,44 @@ This section is used for configuring the [ACME] webserver.
automatically removed once `lacme` exits.
Default: `Yes`.
+`[accountd]` section
+---------------------
+
+This section is used for configuring the [`lacme-accountd`(1)] process.
+If the section (including its header) is absent or commented out,
+`lacme` connects to an existing UNIX-domain socket bound by a running
+[`lacme-accountd`(1)].
+
+*user*
+
+: The username to drop privileges to (setting both effective and real
+ uid). Preserve root privileges if the value is empty.
+
+*group*
+
+: The groupname to drop privileges to (setting both effective and real
+ gid, and also setting the list of supplementary gids to that single
+ group).
+
+*command*
+
+: Path to the [`lacme-accountd`(1)] executable.
+ Default: `/usr/bin/lacme-accountd`.
+
+*config*
+
+: Path to the [`lacme-accountd`(1)] configuration file.
+ Default: `/etc/lacme/lacme-accountd.conf`.
+
+*privkey*
+
+: The (private) account key to use for signing requests. See
+ [`lacme-accountd`(1)] for details.
+
+*quiet*
+
+: Be quiet. Possible values: `Yes`/`No`.
+
Certificate configuration file
==============================