| Current File : //lib/svc/manifest/system/rad.xml |
<?xml version='1.0'?>
<!DOCTYPE service_bundle SYSTEM "/usr/share/lib/xml/dtd/service_bundle.dtd.1">
<!--
Copyright (c) 2012, 2015, Oracle and/or its affiliates. All rights reserved.
NOTE: This service manifest is not editable; its contents will
be overwritten by package or patch operations, including
operating system upgrade. Make customizations in a different
file.
-->
<service_bundle type='manifest' name='system/management/rad'>
<service name='system/rad' type='service' version='1'>
<dependency
name='filesystem-minimal'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/system/filesystem/minimal:default' />
</dependency>
<method_context working_directory='/' />
<exec_method
type='method'
name='start'
exec='/usr/lib/rad/rad -sp'
timeout_seconds='0' >
</exec_method>
<exec_method
type='method'
name='stop'
exec=':kill'
timeout_seconds='0' >
</exec_method>
<property_group name='config' type='application'>
<property name='moduledir' type='astring'>
<astring_list>
<value_node value='/usr/lib/rad/transport' />
<value_node value='/usr/lib/rad/protocol' />
<value_node value='/usr/lib/rad/module' />
<value_node value='/usr/lib/rad/site-modules' />
</astring_list>
</property>
<propval name='debug' type='boolean' value='false' />
<propval name='timeout' type='integer' value='180' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
<property_group name='general' type='framework'>
<propval name='active' type='boolean' value='true' />
<propval name='action_authorization' type='astring'
value='solaris.smf.manage.rad' />
<propval name='value_authorization' type='astring'
value='solaris.smf.manage.rad' />
</property_group>
<instance name='local' enabled='true'>
<property_group name='local_port' type='xport_unix'>
<propval name='proto' type='astring' value='rad' />
<propval name='path' type='astring'
value='/system/volatile/rad/radsocket' />
<propval name='peercred' type='boolean' value='true' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
<property_group name='local_port_unauth' type='xport_unix'>
<propval name='proto' type='astring' value='rad' />
<propval name='path' type='astring'
value='/system/volatile/rad/radsocket-unauth' />
<propval name='peercred' type='boolean' value='false' />
<propval name='pam_service' type='astring' value='rad-unix' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
</instance>
<instance name='local-http' enabled='true'>
<property_group name='local_port' type='xport_unix'>
<propval name='proto' type='astring' value='rad_http' />
<propval name='path' type='astring'
value='/system/volatile/rad/radsocket-http' />
<propval name='peercred' type='boolean' value='true' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
<property_group name='local_port_unauth' type='xport_unix'>
<propval name='proto' type='astring' value='rad_http' />
<propval name='path' type='astring'
value='/system/volatile/rad/radsocket-unauth-http' />
<propval name='peercred' type='boolean' value='false' />
<propval name='pam_service' type='astring' value='rad-unix' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
</instance>
<instance name='remote' enabled='false'>
<dependency
name='multi-user'
grouping='require_all'
restart_on='none'
type='service'>
<service_fmri value='svc:/milestone/multi-user'/>
</dependency>
<property_group name='ssl_port' type='xport_tls'>
<propval name='proto' type='astring' value='rad' />
<propval name='port' type='integer' value='12302' />
<propval name='localonly' type='boolean'
value='false' />
<propval name='certificate' type='astring'
value='/etc/rad/cert.pem' />
<propval name='privatekey' type='astring'
value='/etc/rad/key.pem' />
<propval name='generate' type='boolean' value='true' />
<propval name='pam_service' type='astring' value='rad-tls' />
<propval name='value_authorization' type='astring'
value='solaris.smf.value.rad' />
</property_group>
</instance>
<stability value='Unstable' />
<template>
<common_name>
<loctext xml:lang='C'>
Remote Administration Daemon
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The Remote Administration Daemon, or rad, is a service that provides secure, remote administrative access to a Solaris system.
</loctext>
</description>
<documentation>
<manpage title='rad' section='1M'
manpath='/usr/share/man' />
</documentation>
<pg_pattern name='config' type='application' target='this'
required='true'>
<common_name>
<loctext xml:lang='C'>
Rad configuration
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
General configuration parameters for rad as described in rad(1M). In addition to the general configuration parameters, at least one transport must be configured for each instance of rad.
</loctext>
</description>
<prop_pattern name='moduledir' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
Module directory
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
List of directories to scan and load modules from. A module directory or a specific module must be specified.
</loctext>
</description>
<visibility value='readwrite'/>
</prop_pattern>
<prop_pattern name='modules' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
Module name
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
File names of specific modules to load. A specific module directory or module directory must be specified.
</loctext>
</description>
<visibility value='readwrite'/>
</prop_pattern>
<prop_pattern name='debug' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Verbose debug flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will emit verbose debugging output.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='timeout' type='integer'
required='false'>
<common_name>
<loctext xml:lang='C'>
Response timeout
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
Number of seconds to wait for an individual response from the client while authenticating.
</loctext>
</description>
<units>
<loctext xml:lang='C'>
seconds
</loctext>
</units>
<visibility value='readwrite'/>
<cardinality min='1' max='1'/>
</prop_pattern>
</pg_pattern>
<pg_pattern type='xport_unix' target='this' required='false'>
<common_name>
<loctext xml:lang='C'>
Rad AF_UNIX socket transport configuration
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The "unix" transport instance configuration parameters. The "unix" transport listens for connections on a unix-domain socket.
</loctext>
</description>
<prop_pattern name='proto' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
Protocol
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The protocol to use with the "unix" transport instance.
</loctext>
</description>
<visibility value='readonly'/>
<cardinality min='1' max='1' />
<choices>
<value name='rad'>
<description>
<loctext xml:lang='C'>
The rad protocol.
</loctext>
</description>
</value>
<value name='rad_http'>
<description>
<loctext xml:lang='C'>
The HTTP rad protocol.
</loctext>
</description>
</value>
</choices>
</prop_pattern>
<prop_pattern name='path' type='astring'
required='true'>
<common_name>
<loctext xml:lang='C'>
Path
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The path to listen on for connections.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='control' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Control port flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will accept connections on the control port.
</loctext>
</description>
<visibility value='hidden'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='peercred' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Authentication flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will attempt to automatically authenticate client connections using getpeerucred(3C).
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='pam_service' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
PAM service name
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
PAM service name to use when authenticating.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
</pg_pattern>
<pg_pattern type='xport_tcp' target='this' required='false'>
<common_name>
<loctext xml:lang='C'>
Rad TCP socket transport configuration
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The "tcp" transport instance configuration parameters. The "tcp" transport listens for clear-text connections on a TCP socket.
</loctext>
</description>
<prop_pattern name='proto' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
Protocol
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The protocol to use with the "tcp" transport instance.
</loctext>
</description>
<visibility value='readonly'/>
<cardinality min='1' max='1' />
<choices>
<value name='rad'>
<description>
<loctext xml:lang='C'>
The rad protocol.
</loctext>
</description>
</value>
</choices>
</prop_pattern>
<prop_pattern name='port' type='integer'
required='true'>
<common_name>
<loctext xml:lang='C'>
Port
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The port to listen on for connections.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
<constraints>
<range min='1024' max='65535'/>
</constraints>
</prop_pattern>
<prop_pattern name='localonly' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Local flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will only listen for connections from the local machine.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='noauth' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Noauth flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will not require connections to authenticate, and requests are run as the rad process's user.
</loctext>
</description>
<visibility value='hidden'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='pam_service' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
PAM service name
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
PAM service name to use when authenticating.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
</pg_pattern>
<pg_pattern type='xport_tls' target='this' required='false'>
<common_name>
<loctext xml:lang='C'>
Rad TLS transport configuration
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The "tls" transport instance configuration parameters. The "tls" transport listens for TLS connections on a TCP socket.
</loctext>
</description>
<prop_pattern name='proto' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
Protocol
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The protocol to use with the "tls" transport instance.
</loctext>
</description>
<visibility value='readonly'/>
<cardinality min='1' max='1' />
<choices>
<value name='rad'>
<description>
<loctext xml:lang='C'>
The rad protocol.
</loctext>
</description>
</value>
</choices>
</prop_pattern>
<prop_pattern name='port' type='integer'
required='true'>
<common_name>
<loctext xml:lang='C'>
Port
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The port to listen on for connections.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
<constraints>
<range min='1024' max='65535'/>
</constraints>
</prop_pattern>
<prop_pattern name='localonly' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Local flag
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, rad will only listen for connections from the local machine.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='certificate' type='astring'
required='true'>
<common_name>
<loctext xml:lang='C'>
Certificate location
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The location of the PEM-formatted x509 certificate to use for SSL.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='privatekey' type='astring'
required='true'>
<common_name>
<loctext xml:lang='C'>
Private key location
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
The location of the PEM-formatted private key to use for SSL.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='generate' type='boolean'
required='false'>
<common_name>
<loctext xml:lang='C'>
Generate key/certificate pair
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
If true, and if the specified certificate and privatekey do not exist, rad will generate a certificate and private key using openssl(aopenssl).
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
<prop_pattern name='pam_service' type='astring'
required='false'>
<common_name>
<loctext xml:lang='C'>
PAM service name
</loctext>
</common_name>
<description>
<loctext xml:lang='C'>
PAM service name to use when authenticating.
</loctext>
</description>
<visibility value='readwrite'/>
<cardinality min='1' max='1' />
</prop_pattern>
</pg_pattern>
</template>
</service>
</service_bundle>