X-Git-Url: http://git.tuebingen.mpg.de/?a=blobdiff_plain;f=web%2Fmanual.m4;h=46a2cd62f58e4c25eada652b10a855a60be60f1e;hb=530f881a4e583dca22ba53eb6f8cd37fd7896d06;hp=037269568c289c9d6bec7684a299a68a08903f59;hpb=3fe80106bf0dc11987be660db2a39f2cc0a692a4;p=paraslash.git diff --git a/web/manual.m4 b/web/manual.m4 index 03726956..46a2cd62 100644 --- a/web/manual.m4 +++ b/web/manual.m4 @@ -315,7 +315,7 @@ following commands: user=bar target=~/.paraslash/server.users - key=~/.paraslash/key.pub.$user + key=~/.paraslash/id_rsa.pub.$user perms=AFS_READ,AFS_WRITE,VSS_READ,VSS_WRITE mkdir -p ~/.paraslash echo "user $user $key $perms" >> $target @@ -323,20 +323,25 @@ following commands: Next, change to the "bar" account on client_host and generate the key pair with the commands - key=~/.paraslash/key.$LOGNAME - mkdir -p ~/.paraslash - (umask 077 && openssl genrsa -out $key 2048) + ssh-keygen -t rsa -b 2048 + # hit enter twice to create a key with no passphrase -para_server only needs to know the public key of the key pair just -created. It can be extracted with +This generates the two files id_rsa and id_rsa.pub in ~/.ssh. Note +that paraslash can also read keys generated by the "openssl genrsa" +command. However, since keys created with ssh-keygen can also be used +for ssh, this method is recommended. - pubkey=~/.paraslash/key.pub.$LOGNAME - openssl rsa -in $key -pubout -out $pubkey +Note that para_server refuses to use a key if it is shorter than 2048 +bits. In particular, the RSA keys of paraslash 0.3.x will not work +with version 0.4.x. Moreover, para_client refuses to use a (private) +key which is world-readable. -Copy the public key just created to server_host (you may skip this step -for a single-user setup, i.e. if foo=bar and server_host=client_host): +para_server only needs to know the public key of the key pair just +created. Copy this public key to server_host: - scp $pubkey foo@server_host:.paraslash/ + src=~/.ssh/id_rsa.pub + dest=.paraslash/id_rsa.pub.$LOGNAME + scp $src foo@server_host:$dest Finally, tell para_client to connect to server_host: @@ -568,19 +573,6 @@ execute. The output of contains in the third column the permissions needed to execute the command. -A new RSA key can be created with - - openssl genrsa -out 2048 - -and the public part may be extracted with - - openssl rsa -in -pubout -out - -Note that para_server refuses to use a key if it is shorter than 2048 -bits. In particular, the RSA keys of paraslash 0.3.x will not work -with version 0.4.x. Moreover, para_client refuses to use a (private) -key which is world-readable. - It is possible to make para_server reread the user_list file by executing the paraslash "hup" command or by sending SIGHUP to the PID of para_server. @@ -1537,7 +1529,7 @@ From these observations it is clear that there are three different FEC parameters: The slice size, the number of data slices k, and the total number of slices n. It is crucial to choose the slice size such that no fragmentation of network packets takes place because -FEC only guards against losses and reodering but fails if slices are +FEC only guards against losses and reordering but fails if slices are received partially. FEC decoding in paralash is performed through the fecdec filter which @@ -2041,7 +2033,7 @@ detection of duplicate or reordered packets. Being a connectionless protocol, only minimal internal state about the connection is maintained, which means that there is no protection against packet loss or network congestion. Error checking and correction (if at all) -are performed in the application.' +are performed in the application. *DCCP*. The _Datagram Congestion Control Protocol_ combines the connection-oriented state maintenance known from TCP with the