On Sun, Jun 22, 2008 at 07:43:38PM +0200, Franck Joncourt wrote: > Hi, > > I have posted this message on debian-devel, but there is still no > answer. So I give it a try on debian mentors in the hope I can get more > audience :p! > > To make it short first, I would say I do not know how to handle the > install process of the fwknop server (fwknopd) and I am looking for some > suggestions. > > Here is a link to the fwknop description : > > http://www.cipherdyne.org/fwknop/index.html > > The context : > > Fwknop has a daemon : fwknopd, and it depends on configuration files, > and cannot be started without updating them. > > The user can choose two setups : > > - the simple one : three variables to change (the ethernet interface, a > key, and the machine hostname) > - the second one requires much more work, since he has to deal with gpg > key (create, sign, export) on both the client and the server sides, in > addition to the ethernet interface, the key and the machine hostname. > These settings are recommended. > > So, right now, I would choose to work this way : > > - not ask for any questions and not start fwknopd during the install > process ; a variable would be set to no in /etc/default/fwknop-server. > - let the user have a quick setup (the three simple questions), and > start the fwknopd daemon, by use of dpkg-reconfigure. Add a note about > the recommended settings. > > But what about starting the simple setup through the three questions, by > default, and mentionning that the user might want to configure gpg and > restart. > > What would you suggest ? Any idea is welcome. >
Due to the nature of the fwknop protocol and goals I would avoid to activate the daemon at all. The best thing to do is leaving it inactive and let user to configure as appropriate in his/her context. You can easily use a script that pre-check for a configured daemon and starts it up or terminates gently. You can eventually also add a debconf-based easy-setup with an initial question (which defaults to NO) about easy autoconfiguration. Consider that fwknop is also a non-system wide service which could be used in different terms, so auto-starting it in other way would be not appropriate. See for instance fetchmail: it works in system-wide fashion or not. -- Francesco P. Lovergine -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
