|
7 | 7 |
|
8 | 8 | # This file is in systemd EnvironmentFile format - see man systemd.exec |
9 | 9 |
|
10 | | -# In order to make more file descriptors available |
11 | | -# to the directory server, first make sure the system |
12 | | -# hard limits are raised, then use ulimit - uncomment |
13 | | -# out the following line and change the value to the |
14 | | -# desired value |
15 | | -# ulimit -n 8192 |
16 | | -# note - if using systemd, ulimit won't work - you must edit |
17 | | -# the systemd unit file for directory server to add the |
18 | | -# LimitNOFILE option - see man systemd.exec for more info |
19 | | - |
20 | | -# A per instance keytab does not make much sense for servers. |
21 | | -# Kerberos clients use the machine FQDN to obtain a ticket like ldap/FQDN, there |
22 | | -# is nothing that can make a client understand how to get a per-instance ticket. |
23 | | -# Therefore by default a keytab should be considered a per server option. |
24 | | - |
25 | | -# Also this file is sourced for all instances, so again all |
26 | | -# instances would ultimately get the same keytab. |
| 10 | +# In order to make more file descriptors available to the directory server, |
| 11 | +# first make sure the system hard limits are raised, then use ulimit - |
| 12 | +# uncomment out the following line and change the value to the desired value |
| 13 | +#ulimit -n 8192 |
| 14 | +# note - if using systemd, ulimit won't work - you must edit the systemd unit |
| 15 | +# file for directory server to add the LimitNOFILE option - see "man |
| 16 | +# systemd.exec" for more info |
27 | 17 |
|
| 18 | +# A per instance keytab does not make much sense for servers. Kerberos clients |
| 19 | +# use the machine FQDN to obtain a ticket like ldap/FQDN, there is nothing that |
| 20 | +# can make a client understand how to get a per-instance ticket. Therefore by |
| 21 | +# default a keytab should be considered a per server option. |
| 22 | +# |
| 23 | +# Also this file is sourced for all instances, so again all instances would |
| 24 | +# ultimately get the same keytab. |
| 25 | +# |
28 | 26 | # Finally a keytab is normally named either krb5.keytab or <service>.keytab |
| 27 | +# |
| 28 | +# In order to use SASL/GSSAPI (Kerberos) the directory server needs to know |
| 29 | +# where to find its keytab file - uncomment the following line and set the |
| 30 | +# path and filename appropriately. |
| 31 | +# If using systemd, omit the "; export VARNAME" at the end. |
| 32 | +#KRB5_KTNAME=/etc/dirsrv/myname.keytab ; export KRB5_KTNAME |
29 | 33 |
|
30 | | -# In order to use SASL/GSSAPI (Kerberos) the directory |
31 | | -# server needs to know where to find its keytab |
32 | | -# file - uncomment the following line and set |
33 | | -# the path and filename appropriately |
34 | | -# if using systemd, omit the "; export VARNAME" at the end |
35 | | -# KRB5_KTNAME=/etc/dirsrv/myname.keytab ; export KRB5_KTNAME |
36 | | - |
37 | | -# how many seconds to wait for the startpid file to show |
38 | | -# up before we assume there is a problem and fail to start |
39 | | -# if using systemd, omit the "; export VARNAME" at the end |
| 34 | +# How many seconds to wait for the startpid file to show up before we assume |
| 35 | +# there is a problem and fail to start. |
| 36 | +# If using systemd, omit the "; export STARTPID_TIME" at the end. |
40 | 37 | #STARTPID_TIME=10 ; export STARTPID_TIME |
41 | | -# how many seconds to wait for the pid file to show |
42 | | -# up before we assume there is a problem and fail to start |
43 | | -# if using systemd, omit the "; export VARNAME" at the end |
| 38 | + |
| 39 | +# How many seconds to wait for the pid file to show up before we assume there |
| 40 | +# is a problem and fail to start. |
| 41 | +# If using systemd, omit the "; export PID_TIME" at the end. |
44 | 42 | #PID_TIME=600 ; export PID_TIME |
0 commit comments