This sounds like a documentation bug. The man page makes tnd sound like it's the same as Trusted Solaris 8, so I had the same confusion (except I had the confusion without the man page, since I'm a TS8 person....)
File a man page bug? >Date: Mon, 01 Oct 2007 09:26:10 -0700 >From: Glenn Faden <Glenn.Faden at sun.com> >Subject: Re: [security-discuss] tnd dependency of ldap-client >To: David Lamkin <drl at metanate.com> >Cc: security-discuss at opensolaris.org >Delivered-to: security-discuss at opensolaris.org >X-Original-To: security-discuss at opensolaris.org >List-Unsubscribe: <http://mail.opensolaris.org/mailman/listinfo/security-discuss>, <mailto:security-discuss-request at opensolaris.org?subject=unsubscribe> >List-Id: OpenSolaris Security Discussions <security-discuss.opensolaris.org> > >There is another service, tnctl, that loads the local trusted networking >configuration into the kernel. > >--Glenn > >David Lamkin wrote: >> I'm confused - I read in tnd(1M): >> >> "The tnd (trusted network daemon) initializes the kernel with >> trusted network databases and also reloads the databases on >> demand from an LDAP server and local files." >> >> and >> >> "SIGHUP Causes svcadm refresh svc:/network/tnd to be run. >> >> Initiates a rescan of the local and LDAP tnrhdb and >> tnrhtp databases. tnd updates the kernel database >> with any changes found." >> >> I assumed these to mean that tnd is responsible for loading the >> kernel tables with information the local files as well as (if >> configured) ldap sources. Thus I thought : no tnd -> no setup of >> trusted network data in the kernel. >> >> regards, David >> >> >> >> On 1 Oct 2007, at 15:16, Glenn Faden wrote: >> >> >>> The purpose of tnd is to synchronize your local and LDAP entries >>> for the trusted networking databases. You don't need it if you >>> aren't using LDAP, so the dependency is correct. >>> >>> --Glenn >>> >>> David Lamkin wrote: >>> >>> >>>> I am using Solaris 10 u4 >>>> >>>> I notice that there is a dependency in /var/svc/manifest/network/ >>>> tnd.xml: >>>> >>>> <dependency >>>> name='network-ldap-client' >>>> type='service' >>>> grouping='require_all' >>>> restart_on='none'> >>>> <service_fmri value='svc:/network/ldap/client' /> >>>> </dependency> >>>> >>>> Thus tnd will not start in a file-only based setup, which I >>>> believe is a valid configuration. >>>> Or is working LDAP a requirement for the correct functioning of tnd? >>>> >>>> >>>> >>>> >> >> >> >> > >_______________________________________________ >security-discuss mailing list >security-discuss at opensolaris.org
