UPGRADE GUIDE 2.2.x -> 2.4
The version number of the statistics file has changed, so all
accumulated statistics will reset. If you need to access to the
accumulated statistics to date, you should save a copy of the
web-generated stats.
For those systems without proper anonymous shared memory memory
support, notable linux, the `cache.mmap' and `cache.base' files should
be deleted before starting the shiny new nntpcached -- indeed,
nntpcache doesn't create the aforementioned files if anonymous memory
maps are working correctly, so their presence tells you that you need
to nuke them, regardless of what your prior views were on whether your
OS was correctly supporting anonymous shared memory maps!
Both `nntpcache.servers' and `nntpcaches.access' should be backwards
compatible with previous versions, although you will need to study the
new versions to take advantage of any new 2.4 features (primarily
AUTHINFO related). The 2.4 `nntpcache.config' has heartlessly
eliminated or deliberately mangled a couple of variable names (to
force people to take note of subtle changes in the functionality they
control), and several more have arrived on the scene. non-trivial
nntpcache config changes are introduced below:
-# $Id: nnconf.cf.in,v 1.1.1.1 1998/08/19 12:55:17 proff Exp $
+# $Id: nnconf.cf.in,v 1.7 1999/12/27 06:27:10 proff Exp $
# server configuration file
@@ -90,8 +92,17 @@
# (a) performed at least one server update pass (normally initiated on
# the first invocation) and (b) have at least minActive entries in
# our collated active file. This is designed to avoid handing clients
-# an access file that has been debilitated by upstream server failure
-# at start up.
+# an active file that has been debilitated by upstream server failure
+# at startup. Until this value is reached, clients will see something
+# like the following:
+#
+# 503 initial server rebuild in progress (321 groups complete),
+# please try again later.
+#
+# If this message never ends, then your nntpcache.servers group pattern
+# list has been been incorrectly specified in some manner (or the
+# news-servers nntpcache has been instructed to chew upon don't have
+# the required number of groups in total)
int minActive 3000
# IHAVE servers. If an IHAVE command is issued, then it will be passed
@@ -153,13 +164,31 @@
# maximum number of concurrent readers
# this must be smaller than MAX_CHILDREN in cf/nconf.h
+# if you are serving a large reader population, please adjust both these
+# values.
+# each additional nntpcache child uses around 3-10 file descriptors for
+# itself and an additional fd in the master process.
+# you need to keep in mind any OS imposed limitation. On *BSD the
+# limit can be modified via:
+#
+# sysctl -w kern.maxfiles=n
+#
+# FreeBSD also supports:
+#
+# sysctl -w kern.maxfilesperproc=m
+#
+# where m and n are numerical limits.
+#
+# your system may also impose ulimit style resource limitations.
+# it is possible to support at least several thousand readers
+# with enough resources. see also maxXoverNodes
int maxReaders 200
@@ -214,7 +243,9 @@
# NoCem - auto-spam killer
# see http://www.nocem.org for more information about nocem
-bool nocem on
+# this is off by default as nocem uses a sizeable amount
+# of bandwidth
+bool nocem off
# initial scan - what is the maximum number of articles
# we will read in one session?
@@ -245,11 +276,12 @@
# nocem action regex
string nocemAction "hide"
-# require PGP signed nocem messages this is turned off if nntpcache's
+# require PGP signed nocem messages. this is turned off if nntpcache's
# configure script couldn't find PGP on the file-system. If turned off
# net kooks(tm) can forge nocem advisories. No worse than news-server
# that accepts cancel control messages, but ideally you should have
-# signature verification turned on.
+# signature verification turned on. note that the cpu power involved
+# in RSA verification of thousands of nocem messages is not insignificant
bool nocemPGP @PGPlocated@
@@ -314,9 +346,6 @@
# remove headers matching the following regex
string postStripHeader "^X-foo:"
-# expire if there are under this number of blocks in the cache partition
-int minBlocksFree 1000
-
# address:port to listen for connections on (can be changed with
# -b at run time). nb. DEFAULT:119 = all interfaces, port 119.
# if you do not have root, you will need to make the port a
@@ -327,11 +356,11 @@
# things) accordingly
string bindAddr "DEFAULT:119"
-# max mmap data size. a 15,000 group newsfeed takes around 4Mb for our
-# internal cache structures. we set the data space here to 16Mb
+# max mmap data size. a 15,000 group newsfeed takes around 8Mb for our
+# internal cache structures. we set the data space here to 32Mb
# as there is almost no overhead for the unused portion.
# if this figure runs out, BAD juju will happen.
-int maxMmap 16M
+int maxMmap 32M
# if set, we don't use a memory mapped file for our cache structures,
# but rather store the lot in an "anonymous memory" region. this means
@@ -339,14 +368,17 @@
# run expire if there are under this number of inodes in the cache partition
-int minFilesFree 1000
+int minFilesFreePercent 30
+
+# expire if there are under this number of blocks free in the cache partition
+int minBlocksFreePercent 30
# don't let the history file grow larger than this (bytes)
int hisHighWater 60M
@@ -354,11 +386,6 @@
# when it does, trim it back to this (bytes)
int hisLowWater 40M
-# as above, but for the newsgroups list. usually
-# not as important, as it is fetched with less
-# frequency
-bool secondaryNewsgroupsCache false
-
# When we do an expire, kill articles older than this
time maxArtAge 2w
@@ -375,6 +402,9 @@
# perform identd lookups
bool rfc931 yes
+# timeout waiting for ident lookups
+time rfc931Timeout 5
+
# hide the name of the current group from ps(1)
bool taskInfoPrivacy no
@@ -409,17 +439,11 @@
-# a magic article id is used to serve up a magic article containing
-# nntpcache statistics. if you don't want users reading your cache
-# statistics then set this to something obscure
-
-string statsArticleID "stats@nntpcache"
-
bool httpServer yes
# address to bind the nntpcache web-server to
@@ -480,6 +504,35 @@
# its way into your life
int maxXoverNodes 20
+# default NNTP AUTHINFO support; we only do:
+# "none", "user/pass" or "sasl" (not supported)
+string authinfoDefaultType "none"
+
+# default placee to get authinfo information, supported authenticators:
+# passwd, ldap, radius, pipe
+string authinfoDefaultSource "passwd"
+
+# LDAP configuration:
+string ldapServer "your.ldap.server.here"
+int ldapPort 389
+# this is added to the username when finding an ldap server
+string ldapBase "dc=yourdomain, dc=com"
+
+# RADIUS configuration:
+string radiusAuthServer "your.radius.server.here"
+string radiusAuthSecret "this is a sekret"
+int radiusAuthPort 1645
+# seconds to wait for an answer
+int radiusAuthTimeout 5
+# number of times to retry the authentication
+int radiusAuthRetries 1
+# or use radius.conf(5)-style configuration file
+string radiusConfig "/etc/radius.conf"
+
+# pipe configuration:
+string pipeProgram "@libexecDir@/unixauth"
+int pipeTimeout 20
+
# you probably do not need to change anything here on in
string statsFile "nntpcache.stats"
LocalWords: Exp proff minActive nntpcache int IHAVE fd sysctl maxfiles ulimit
LocalWords: FreeBSD maxfilesperproc maxXoverNodes maxReaders NoCem nocem
--
Stefan Kahrs in [Kah96] discusses the
notion of completeness--programs which never go wrong can be
type-checked--which complements Milner's notion of
soundness--type-checked programs never go wrong [Mil78].
