doc: improve ntsserverkey/cert description
The files are read after dropping root privileges. They need to be readable by the chrony user. The error message "Could not set credentials : Error while reading file." does not make this requirement very obvious.
This commit is contained in:
Miroslav Lichvar
parent
885e7774fd
commit
789817cd91
1 changed files with 5 additions and 2 deletions
|
|
@ -1604,7 +1604,8 @@ The port will be open only when a certificate and key is specified by the
|
|||
This directive specifies a file containing a certificate in the PEM format
|
||||
for *chronyd* to operate as an NTS server. The file should also include
|
||||
any intermediate certificates that the clients will need to validate the
|
||||
server's certificate.
|
||||
server's certificate. The file needs to be readable by the user under which
|
||||
*chronyd* is running after dropping root privileges.
|
||||
+
|
||||
This directive can be used multiple times to specify multiple certificates for
|
||||
different names of the server.
|
||||
|
|
@ -1616,7 +1617,9 @@ recommended for a near-seamless server operation.
|
|||
|
||||
[[ntsserverkey]]*ntsserverkey* _file_::
|
||||
This directive specifies a file containing a private key in the PEM format
|
||||
for *chronyd* to operate as an NTS server.
|
||||
for *chronyd* to operate as an NTS server. The file needs to be readable by
|
||||
the user under which *chronyd* is running after dropping root privileges. For
|
||||
security reasons, it should not be readable by other users.
|
||||
+
|
||||
This directive can be used multiple times to specify multiple keys. The number
|
||||
of keys must be the same as the number of certificates and the corresponding
|
||||
|
|
|
|||
Loading…
Reference in a new issue