option, but for all UDP mounts only.

option, but for all UDP mounts only.

.It Va nfs_retry_interval_tcp Pq numeric, default=8

.It Va nfs_retry_interval_tcp Pq numeric, default=8

Same as the

Same as the

option, but for all TCP mounts only.

option, but for all TCP mounts only.

.It Va nfs_retry_interval_toplvl Pq numeric, default=8

.It Va nfs_retry_interval_toplvl Pq numeric, default=8

Same as the

Same as the

option, but only for

option, but only for

.Nm amd Ns 's

.Nm amd Ns 's

top-level UDP mounts.

top-level UDP mounts.

.Xr kenv 1 ,

.Xr kenv 1 ,

.Xr loader.conf 5 ,

.Xr loader.conf 5 ,

.Xr loader 8 ,

.Xr loader 8 ,

.Sh HISTORY

.Sh HISTORY

The

The

.Nm

.Nm

.Xr hastd 8

.Xr hastd 8

daemon and the

daemon and the

.Xr hastctl 8

.Xr hastctl 8

.Sh DESCRIPTION

.Sh DESCRIPTION

The

The

.Nm

.Nm

.Xr gethostname 3 ,

.Xr gethostname 3 ,

.Xr geom 4 ,

.Xr geom 4 ,

.Xr hastctl 8 ,

.Xr hastctl 8 ,

.Sh AUTHORS

.Sh AUTHORS

The

The

.Nm

.Nm

used and the SSID is changed.

used and the SSID is changed.

.It Va wpa_psk_file

.It Va wpa_psk_file

Optionally, WPA PSKs can be read from a separate text file (containing a

Optionally, WPA PSKs can be read from a separate text file (containing a

.It Va wpa_key_mgmt

.It Va wpa_key_mgmt

Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both).

Set of accepted key management algorithms (WPA-PSK, WPA-EAP, or both).

.It Va wpa_pairwise

.It Va wpa_pairwise

When a pool is defined in the configuration file, it must have an associated

When a pool is defined in the configuration file, it must have an associated

role.  At present the only supported role is

role.  At present the only supported role is

.B ipf.

.B ipf.

of IPFilter code.

of IPFilter code.

.SH EXAMPLES

.SH EXAMPLES

The following examples show how the pool configuration file is used with

The following examples show how the pool configuration file is used with

is the name by which the target is known, not to be confused with

is the name by which the target is known, not to be confused with

target address, either obtained via the target administrator, or

target address, either obtained via the target administrator, or

from a

from a

.It Cm InitiatorName

.It Cm InitiatorName

if not specified, defaults to

if not specified, defaults to

.Sy iqn.2005-01.il.ac.huji.cs:

.Sy iqn.2005-01.il.ac.huji.cs:

This value can only be reduced.

This value can only be reduced.

.It Cm sockbufsize

.It Cm sockbufsize

sets the receiver and transmitter socket buffer size to

sets the receiver and transmitter socket buffer size to

in kilobytes.

in kilobytes.

The default is 128.

The default is 128.

.El

.El

configuration file consists of one or more jail definitions statements,

configuration file consists of one or more jail definitions statements,

and parameter or variable statements within those jail definitions.

and parameter or variable statements within those jail definitions.

A jail definition statement looks something like a C compound statement.

A jail definition statement looks something like a C compound statement.

including a terminating semicolon.

including a terminating semicolon.

.Pp

.Pp

The general syntax of a jail definition is:

The general syntax of a jail definition is:

the syntax of the configuration file (such as a semicolon or

the syntax of the configuration file (such as a semicolon or

whitespace).

whitespace).

If a value contains anything more than letters, numbers, dots, dashes

If a value contains anything more than letters, numbers, dots, dashes

Either single or double quotes may be used.

Either single or double quotes may be used.

.Pp

.Pp

Common C-style backslash character codes are also supported, including

Common C-style backslash character codes are also supported, including

control characters and octal or hex ASCII codes.

control characters and octal or hex ASCII codes.

A backslash at the end of a line will ignore the subsequent newline and

A backslash at the end of a line will ignore the subsequent newline and

continue the string at the start of the next line.

continue the string at the start of the next line.

.Ss Variables

.Ss Variables

A string may use shell-style variable substitution.

A string may use shell-style variable substitution.

enclosed in braces, will be replaced with the value of that parameter or

enclosed in braces, will be replaced with the value of that parameter or

variable.

variable.

For example, a jail's path may be defined in terms of its name or

For example, a jail's path may be defined in terms of its name or

path = "/var/jail/${host.hostname}";

path = "/var/jail/${host.hostname}";

.Ed

.Ed

.Pp

.Pp

strings, but not in single-quote strings.

strings, but not in single-quote strings.

.Pp

.Pp

A variable is defined in the same way a parameter is, except that the

A variable is defined in the same way a parameter is, except that the

	mount.nodevfs;

	mount.nodevfs;

	persist;	// Required because there are no processes

	persist;	// Required because there are no processes

}

}

.Sh SEE ALSO

.Sh SEE ALSO

.Xr jail_set 2

.Xr jail_set 2

.Xr jail 8

.Xr jail 8

the basic tar format.

the basic tar format.

These extensions are recognized automatically whenever they appear.

These extensions are recognized automatically whenever they appear.

.Bl -tag -width indent

.Bl -tag -width indent

The POSIX standards require fixed-length numeric fields to be written with

The POSIX standards require fixed-length numeric fields to be written with

some character position reserved for terminators.

some character position reserved for terminators.

Libarchive allows these fields to be written without terminator characters.

Libarchive allows these fields to be written without terminator characters.

.Xr mkdir 1 ,

.Xr mkdir 1 ,

and

and

.Xr sed 1 .

.Xr sed 1 .

However, it is not generally well-suited for large archives

However, it is not generally well-suited for large archives

(many implementations of

(many implementations of

.Xr sh 1

.Xr sh 1

The syntax is the same as for the

The syntax is the same as for the

.Fl l

.Fl l

argument of

argument of

.Ql default .

.Ql default .

If set to

If set to

.Ql default

.Ql default

The value should include the full path to the

The value should include the full path to the

.Pa .mc

.Pa .mc

file(s), e.g.,

file(s), e.g.,

.Pa /etc/mail/bar.mc .

.Pa /etc/mail/bar.mc .

.It Va SENDMAIL_ALIASES

.It Va SENDMAIL_ALIASES

.Pq Vt str

.Pq Vt str

.Bl -tag -width ".Pa /etc/nsmb.conf"

.Bl -tag -width ".Pa /etc/nsmb.conf"

.It Pa /etc/nsmb.conf

.It Pa /etc/nsmb.conf

The default remote mount-point configuration file.

The default remote mount-point configuration file.

.It Pa ~/nsmb.conf

.It Pa ~/nsmb.conf

The user specific remote mount-point configuration file.

The user specific remote mount-point configuration file.

.El

.El

All packets sent to and received from the server or peer are to

All packets sent to and received from the server or peer are to

include authentication fields encrypted using the autokey scheme

include authentication fields encrypted using the autokey scheme

described in

described in

.It Cm burst

.It Cm burst

when the server is reachable, send a burst of eight packets

when the server is reachable, send a burst of eight packets

instead of the usual one.

instead of the usual one.

.It Cm minpoll Ar minpoll

.It Cm minpoll Ar minpoll

.It Cm maxpoll Ar maxpoll

.It Cm maxpoll Ar maxpoll

These options specify the minimum and maximum poll intervals

These options specify the minimum and maximum poll intervals

The maximum poll

The maximum poll

interval defaults to 10 (1,024 s), but can be increased by the

interval defaults to 10 (1,024 s), but can be increased by the

.Cm maxpoll

.Cm maxpoll

to avoid accidental or malicious disruption in this mode, both the

to avoid accidental or malicious disruption in this mode, both the

server and client should operate using symmetric-key or public-key

server and client should operate using symmetric-key or public-key

authentication as described in

authentication as described in

.It Ic manycastserver Ar address ...

.It Ic manycastserver Ar address ...

This command enables reception of manycast client messages to

This command enables reception of manycast client messages to

the multicast group address(es) (type m) specified.

the multicast group address(es) (type m) specified.

accidental or malicious disruption in this mode, both the server

accidental or malicious disruption in this mode, both the server

and client should operate using symmetric-key or public-key

and client should operate using symmetric-key or public-key

authentication as described in

authentication as described in

.It Ic multicastclient Ar address ...

.It Ic multicastclient Ar address ...

This command enables reception of multicast server messages to

This command enables reception of multicast server messages to

the multicast group address(es) (type m) specified.

the multicast group address(es) (type m) specified.

in order to avoid accidental or malicious disruption in this mode,

in order to avoid accidental or malicious disruption in this mode,

both the server and client should operate using symmetric-key or

both the server and client should operate using symmetric-key or

public-key authentication as described in

public-key authentication as described in

.El

.El

.Sh Authentication Support

.Sh Authentication Support

Authentication support allows the NTP client to verify that the

Authentication support allows the NTP client to verify that the

Furthermore, the Autokey scheme requires a

Furthermore, the Autokey scheme requires a

preliminary protocol exchange to obtain

preliminary protocol exchange to obtain

the server certificate, verify its

the server certificate, verify its

.Pp

.Pp

The

The

.Cm auth

.Cm auth

all of which are bound together by the protocol specifically

all of which are bound together by the protocol specifically

to deflect masquerade attacks.

to deflect masquerade attacks.

For this reason Autokey

For this reason Autokey

computations and so the same addresses must be available

computations and so the same addresses must be available

at both the server and client.

at both the server and client.

For this reason operation

For this reason operation

a subject key identifier or a issuer key identifier field;

a subject key identifier or a issuer key identifier field;

however, an extended key usage field for a trusted host must

however, an extended key usage field for a trusted host must

contain the value

contain the value

Other extension fields are ignored.

Other extension fields are ignored.

.Ss Authentication Commands

.Ss Authentication Commands

.Bl -tag -width indent

.Bl -tag -width indent

The first two fields show the date (Modified Julian Day) and time

The first two fields show the date (Modified Julian Day) and time

(seconds and fraction past UTC midnight).

(seconds and fraction past UTC midnight).

The next field shows the peer

The next field shows the peer

message type and certain ancillary information.

message type and certain ancillary information.

See the

See the

section for further information.

section for further information.

.It Cm loopstats

.It Cm loopstats

Enables recording of loop filter statistics information.

Enables recording of loop filter statistics information.

.It Packets received Cm 81965

.It Packets received Cm 81965

Total number of packets received.

Total number of packets received.

.It Packets processed Cm 0

.It Packets processed Cm 0

.It Current version Cm 9546

.It Current version Cm 9546

Number of packets matching the current NTP version.

Number of packets matching the current NTP version.

.It Previous version Cm 56

.It Previous version Cm 56

spacing, while the

spacing, while the

.Cm minimum

.Cm minimum

subcommand specifies the minimum packet spacing.

subcommand specifies the minimum packet spacing.

and a kiss-o'-death packet returned if enabled.

and a kiss-o'-death packet returned if enabled.

The default

The default

minimum average and minimum are 5 and 2, respectively.

minimum average and minimum are 5 and 2, respectively.

servers which can be found by manycast client associations.

servers which can be found by manycast client associations.

Because manycast servers respond only when the client

Because manycast servers respond only when the client

stratum is equal to or greater than the server stratum,

stratum is equal to or greater than the server stratum,

in TTL range, which is probably the most common objective.

in TTL range, which is probably the most common objective.

However, unless configured otherwise, all manycast clients

However, unless configured otherwise, all manycast clients

in TTL range will eventually find all primary servers

in TTL range will eventually find all primary servers

This value defaults to 1, but can be changed

This value defaults to 1, but can be changed

to any number from 1 to 15.

to any number from 1 to 15.

.It Cm minclock Ar minclock

.It Cm minclock Ar minclock

associations until no more than

associations until no more than

.Cm minclock

.Cm minclock

associations remain.

associations remain.

.It Cm minsane Ar minsane

.It Cm minsane Ar minsane

This is the minimum number of candidates available

This is the minimum number of candidates available

to the clock selection algorithm in order to produce

to the clock selection algorithm in order to produce

If fewer than this number are available, the clock is

If fewer than this number are available, the clock is

undisciplined and allowed to run free.

undisciplined and allowed to run free.

The default is 1

The default is 1

.Ar group

.Ar group

and

and

.Ar user

.Ar user

can result in a deadlock.

can result in a deadlock.

A workaround is available under the

A workaround is available under the

.Va debug.pfugidhack

.Va debug.pfugidhack

This is equivalent to the

This is equivalent to the

.Fl s Ar server

.Fl s Ar server

option to

option to

option is used.

option is used.

.Pp

.Pp

A line of the form

A line of the form

This is equivalent to the

This is equivalent to the

.Fl k Ar KEY

.Fl k Ar KEY

option to

option to

option is used.

option is used.

.Pp

.Pp

A line of the form

A line of the form

This is equivalent to the

This is equivalent to the

.Fl d Ar workdir

.Fl d Ar workdir

option to

option to

is used.

is used.

.Pp

.Pp

A line of the form

A line of the form

This is equivalent to the

This is equivalent to the

.Fl p Ar portsdir

.Fl p Ar portsdir

option to

option to

is used.

is used.

.Pp

.Pp

If more than one line of any of the above forms is included in

If more than one line of any of the above forms is included in

this variable should be set to an empty string.

this variable should be set to an empty string.

If this value remains unset when the system is done booting

If this value remains unset when the system is done booting

your console login will display the default hostname of

your console login will display the default hostname of

.It Va nisdomainname

.It Va nisdomainname

.Pq Vt str

.Pq Vt str

The NIS domain name of this host, or

The NIS domain name of this host, or

ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"

ifconfig_net0="inet 192.0.2.1 netmask 0xffffff00"

.Ed

.Ed

.It Va ipv6_enable

.It Va ipv6_enable

This variable is deprecated.

This variable is deprecated.

Use

Use

.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6

.Va ifconfig_ Ns Ao Ar interface Ac Ns _ipv6

.Va ipv6_activate_all_interfaces

.Va ipv6_activate_all_interfaces

if necessary.

if necessary.

.Pp

.Pp

If the variable is

If the variable is

.Dq Li YES ,

.Dq Li YES ,

.Dq Li inet6 accept_rtadv

.Dq Li inet6 accept_rtadv

is defined as

is defined as

.Dq Li YES .

.Dq Li YES .

.It Va ipv6_prefer

.It Va ipv6_prefer

This variable is deprecated.

This variable is deprecated.

Use

Use

.Va ip6addrctl_policy

.Va ip6addrctl_policy

instead.

instead.

.Pp

.Pp

If the variable is

If the variable is

.Dq Li YES ,

.Dq Li YES ,

the default address selection policy table set by

the default address selection policy table set by

daemon is started for a non-default port, the

daemon is started for a non-default port, the

.Va "moused_" Ns Ar XXX Ns Va "_flags"

.Va "moused_" Ns Ar XXX Ns Va "_flags"

set of options has precedence over and replaces the default

set of options has precedence over and replaces the default

.Ar XXX

.Ar XXX

.Ar ums0 ) .

.Ar ums0 ) .

By setting

By setting

.Va "moused_" Ns Ar XXX Ns Va "_flags"

.Va "moused_" Ns Ar XXX Ns Va "_flags"

.It Va WITHOUT_BINUTILS

.It Va WITHOUT_BINUTILS

.\" from FreeBSD: head/tools/build/options/WITHOUT_BINUTILS 222090 2011-05-19 05:13:25Z imp

.\" from FreeBSD: head/tools/build/options/WITHOUT_BINUTILS 222090 2011-05-19 05:13:25Z imp

Set to not install binutils (as, c++-filt, gconv, gnu-ar, gnu-randlib,

Set to not install binutils (as, c++-filt, gconv, gnu-ar, gnu-randlib,

.Bf -symbolic

.Bf -symbolic

The option does not generally work for build targets, unless some alternative

The option does not generally work for build targets, unless some alternative

toolchain is enabled.

toolchain is enabled.

.It Va WITH_CLANG_IS_CC

.It Va WITH_CLANG_IS_CC

.\" from FreeBSD: head/tools/build/options/WITH_CLANG_IS_CC 232322 2012-02-29 22:58:51Z dim

.\" from FreeBSD: head/tools/build/options/WITH_CLANG_IS_CC 232322 2012-02-29 22:58:51Z dim

Set to install the Clang C/C++ compiler as

Set to install the Clang C/C++ compiler as

.Pa /usr/bin/c++

.Pa /usr/bin/c++

and

and

.It Va WITHOUT_CPP

.It Va WITHOUT_CPP

.\" from FreeBSD: head/tools/build/options/WITHOUT_CPP 156932 2006-03-21 07:50:50Z ru

.\" from FreeBSD: head/tools/build/options/WITHOUT_CPP 156932 2006-03-21 07:50:50Z ru

Set to not build

Set to not build

The set includes

The set includes

.Xr cc 1 ,

.Xr cc 1 ,

.Xr make 1

.Xr make 1

.It Va WITHOUT_SOURCELESS

.It Va WITHOUT_SOURCELESS

.\" from FreeBSD: head/tools/build/options/WITHOUT_SOURCELESS 230972 2012-02-04 00:54:43Z rmh

.\" from FreeBSD: head/tools/build/options/WITHOUT_SOURCELESS 230972 2012-02-04 00:54:43Z rmh

Set to not build kernel modules that include sourceless code (either microcode or native code for host CPU).

Set to not build kernel modules that include sourceless code (either microcode or native code for host CPU).

Set to not build ZFS file system.

Set to not build ZFS file system.

.It Va WITHOUT_ZONEINFO

.It Va WITHOUT_ZONEINFO

.\" from FreeBSD: head/tools/build/options/WITHOUT_ZONEINFO 171994 2007-08-27 20:01:08Z remko

.\" from FreeBSD: head/tools/build/options/WITHOUT_ZONEINFO 171994 2007-08-27 20:01:08Z remko

.El

.El

.Sh FILES

.Sh FILES

.Bl -tag -compact

.Bl -tag -compact

be disclosed.

be disclosed.

The default is

The default is

.Dq no .

.Dq no .

will not be converted automatically,

will not be converted automatically,

but may be manually hashed using

but may be manually hashed using

.Xr ssh-keygen 1 .

.Xr ssh-keygen 1 .

.Dq no .

.Dq no .

.It Cm PKCS11Provider

.It Cm PKCS11Provider

Specifies which PKCS#11 provider to use.

Specifies which PKCS#11 provider to use.

.Xr ssh 1

.Xr ssh 1

should use to communicate with a PKCS#11 token providing the user's

should use to communicate with a PKCS#11 token providing the user's

private RSA key.

private RSA key.

is

is

.Dq yes ,

.Dq yes ,

the root user may be allowed in with its password even if

the root user may be allowed in with its password even if

.Dq without-password .

.Dq without-password .

.Pp

.Pp

If this option is set to

If this option is set to

.Sy \&ts

.Sy \&ts

and

and

.Sy \&fs .

.Sy \&fs .

must leave the cursor position in the same place that it was before

must leave the cursor position in the same place that it was before

.Sy \&ts .

.Sy \&ts .

If necessary, the

If necessary, the

.Pp

.Pp

Other specific terminal problems may be corrected by adding more

Other specific terminal problems may be corrected by adding more

capabilities of the form

capabilities of the form

.Ss Similar Terminals

.Ss Similar Terminals

If there are two very similar terminals,

If there are two very similar terminals,

one can be defined as being just like the other with certain exceptions.

one can be defined as being just like the other with certain exceptions.

If the

If the

.Va dh_file

.Va dh_file

is in DSA parameters format, it will be automatically converted

is in DSA parameters format, it will be automatically converted

.It Va subject_match

.It Va subject_match

Substring to be matched against the subject of the

Substring to be matched against the subject of the

authentication server certificate.

authentication server certificate.

fragmented.

fragmented.

.It Li sim_min_num_chal=3

.It Li sim_min_num_chal=3

can be used to configure EAP-SIM to require three

can be used to configure EAP-SIM to require three

.It Li fast_provisioning=1

.It Li fast_provisioning=1

option enables in-line provisioning of EAP-FAST

option enables in-line provisioning of EAP-FAST

credentials (PAC).

credentials (PAC).