1 Dolda Connect - Installation
3 Three main steps are required in order to get Dolda Connect up and
6 1. Compile and install the sources
7 2. Customize the configuration file
10 Each of these steps are detailed below. However, it is first necessary
11 to understand that Dolda Connect can be run in either single-user mode
12 or multi-user mode, and that the chosen mode fundamentally changes how
13 each step should be carried out. The differences between these modes
14 will be described right away. If you have read them and are still in
15 doubt which to choose, go with the single-user mode.
17 In multi-user mode, the daemon runs as root and can serve multiple
18 users simultaneously. The primary advantage is that if you know that
19 several people will be using Dolda Connect, there will be no need to
20 run several instances for each of them, and that they will all benefit
21 from being connected to the same hubs. The primary disadvantages are
22 that there may be unknown security issues with running the server as
23 root, and that, since the hubs are shared, searches will have to be
24 arbitrated by the server, which may be annoying for large values of
25 simultaneous searches. Indirect advantages are mostly that it is
26 easier to start the server at boot time when running as root.
28 In single-user mode, the daemon runs as the user who will be using
29 it. The primary advantages is that no root privileges are required for
30 running the server in single-user mode -- including for tasks such as
31 editing the configuration file -- and that any unknown security issues
32 will at least be restricted to the user running the server. When only
33 one user is using Dolda Connect, there are no known significant
34 disadvantages to running in single-user mode.
36 Compiling and installing the sources
38 Compiling the sources involve the ordinary GNU autotools steps:
39 ./configure, make, and make install, where the last step normally
40 needs to be carried out as root (unless you are installing in your own
41 home directory). You are assumed to be familiar with these steps.
43 However, there are special notes that deserve attention regarding the
44 configure script. Some optional features can be enabled through the
45 use of command-line parameters:
47 * --with-guile enables the Guile extension library, necessary for any
48 clients written in Scheme (such as the automatic downloader).
49 * --enable-gtk2pbar enables graphical progress bars in the Gtk2 GUI
50 client, instead of textual percent indicators. However, these
51 progress bars have proven to be unstable with certain Gtk2 themes,
52 so if the GUI crashes with them enabled, try turning them off
53 before reporting a bug.
54 * --enable-gnomeapplet selects the GNOME panel applet for
56 * --enable-gaimplugin selects the Gaim chat plugin for compilation.
58 Gtk2 and Kerberos V support are detected automatically by the
59 configure script. Make sure to check the output at the end so that all
60 features that you want are selected. In particular, Gtk2 support
61 requires that the Gtk2 headers can be found, and many Linux
62 distributions ship without these. The author cannot possibly give
63 support for all Linux distributions, so make sure to check this
64 thoroughly. Almost all Linux distributions support installing these as
65 optional packages through its package manager.
67 To use PAM authentication (see below), you also need to install a PAM
68 configuration file. On most Linux distributions, the file
69 pam.d-doldacond in the contrib directory can be installed as
70 /etc/pam.d/doldacond and work perfectly.
72 The GNOME applet and GAIM plugin are marked as experimental not so
73 much because there is anything wrong with them, but because it is
74 tricky to install them. Please see the seperate `INSTALL.applet' and
75 `INSTALL.gaim' files for instructions.
77 Customizing the configuration file
79 When installing Dolda Connect, the configuration file is normally
80 named /usr/local/etc/doldacond.conf, but it depends on the
81 installation prefixes that are chosen. If Dolda Connect will be
82 running in multi-user mode, it should remain there, but if it will be
83 running in single-user mode, it is recommended that you make a copy of
84 it named ~/.doldacond.conf (if ~/.doldacond.conf does not exist, the
85 server will still read the system-wide file, but it will be easier to
86 edit a local copy, as you need not be root to do so).
88 Edit the configuration file. If you do no other changes, make sure to
89 at least change the "cli.defnick" and "share". Most directives are
90 explained in comments in the shipped file and need no further
91 explanation here. However, there are a few points to note.
93 If the computer running the daemon is connected directly to the
94 Internet, no network configuration will be necessary. However, if it
95 is behind a NAT router or similar, some configuration has to be done
96 since Direct Connect requires clients to be able to connect to each
97 other. There are currently two options available:
99 * Running in passive mode. No other clients will attempt to connect
100 to a client in passive mode, which makes Direct Connect work, but
101 with rather severe limitations. Obviously, no two passive mode
102 clients can connect to one another. Also, search results are
103 proxied through the hub, which drains a hub's bandwidth horribly,
104 and is therefore frowned upon by hub owners. Indeed, many hubs do
105 not even allow clients in passive mode. If you even so wish to use
106 passive mode, set the "net.mode" setting to "1" in the
108 * Tunnel a port through the NAT router and set up Dolda Connect to
109 listen specifically to that port. The port to use is set in the
110 configuration file using the "dc.udpport" and "dc.tcpport"
111 settings (evidently, both UDP and TCP need to be tunneled through
112 the NAT router). The daemon also needs to be told of the public
113 IPv4 address of the NAT router, by way of the "net.visibleipv4"
116 There is a large number of configuration directives not covered in
117 this file, nor in the default configuration file. Please see the
118 doldacond.conf(5) manual page for information on the rest.
120 Running clients over the network
122 For convenience of setup, the default configuration file disables
123 running clients over the network. Using the default configuration
124 file, the daemon will only enable clients to connect over a local Unix
125 socket. They will use Unix socket credentials passing for
126 authentication, for maximum security. It is also likely that many will
127 want to keep it that way. However, for those who want to be able to
128 run clients over the network, just follow the instructions in this
129 section to enable UIs over TCP.
131 First, you need to choose how you will authenticate to the server. If
132 you are an administrator of a Kerberos-enabled network using the MIT
133 Kerberos libraries, you can use Kerberos V authentication and get
134 secure single sign-on, which gives the best of all worlds, but for
135 normal users, there are two choices:
137 * PAM based password authentication -- The clients will ask for your
138 password every time they connect to the server. This option can be
139 somewhat cumbersome, but should be perfectly secure. Note, however,
140 that the password is transmitted to the server unencrypted.
141 * Password-less authentication -- The server will simply trust the
142 clients not to lie. This option is completely insecure, but may be
143 a better option where all users are trusted and/or Kerberos is not
146 PAM authentication is always enabled. To enable password-less
147 authentication, set the "auth.authless" setting in the configuration
148 file to "1". If your network is not completely trusted (especially the
149 host running doldacond is globally accessible via the Internet), you
150 really should make sure to set up some firewalling rules.
152 Note that doldacond does *not* support tcp-wrappers, but it does
153 support very simple internal firewalling in the form of the
154 "ui.onlylocal" options. When "ui.onlylocal" is set to true, the daemon
155 will only accept UI connections over a loopback interface. That
156 includes 127.0.0.1, ::ffff:127.0.0.1, ::1 and Unix sockets.
160 To start the daemon, just run "doldacond" -- as root if you are
161 running in multi-user mode, and as your ordinary user if you are
162 running in single-user mode. See the doldacond(8) manual page for more
163 detailed information about command-line switches and related
166 If you are using the daemon in multi-user mode on Gentoo, you might
167 find contrib/gentoo-init.d-doldacond, an init script for Gentoo,
170 The first time you start the daemon, it will need to calculate the TTH
171 hashes on all the files you share (as required by the Direct Connect
172 protocol). The TTH calculation process runs with a higher nice value
173 (+10) than the server itself, and should therefore not conflict
174 terribly with the rest of the system CPU-wise, so that you should be
175 able to work normally meanwhile. However, if you have a fast enough
176 CPU, the I/O bandwidth required to read all files may slow down your
177 system (especially when sharing files from a network mount). The
178 server is usable while calculating TTH hashes, but some hubs may not
179 allow you in if not all TTH hashes are calculated.
183 This document was last updated 2007-04-11, reflecting release 0.3 of