X-Git-Url: http://git.dolda2000.com/gitweb/?a=blobdiff_plain;f=INSTALL;h=2cd26b6607f4cd96432861bed7ce1eedbf5f1aff;hb=175c86de77cd5e6d447cfba50dc8f755db87eb16;hp=329e30d3fbc7b1690f9b9a5b5ce4ab37e836413a;hpb=89ab1068bfbc217765f3791b72a26a3b8c94fdaf;p=doldaconnect.git

diff --git a/INSTALL b/INSTALL
index 329e30d..2cd26b6 100644
--- a/INSTALL
+++ b/INSTALL
@@ -64,6 +64,11 @@ support  for all  Linux  distributions,  so make  sure  to check  this
 thoroughly. Almost all Linux distributions support installing these as
 optional packages through its package manager.
 
+To use PAM authentication (see below),  you also need to install a PAM
+configuration   file.   On   most   Linux  distributions,   the   file
+pam.d-doldacond  in   the  contrib  directory  can   be  installed  as
+/etc/pam.d/doldacond and work perfectly.
+
 		  Customizing the configuration file
 
 When  installing Dolda  Connect,  the configuration  file is  normally
@@ -91,7 +96,8 @@ normal users, there are two choices:
    somewhat cumbersome, but should be perfectly secure.
  * Password-less authentication -- The server will simply trust the
    clients not to lie. This option is completely insecure, but may be
-   a better option where all users are trusted.
+   a better option where all users are trusted and/or Kerberos is not
+   available.
 
 PAM  authentication   is  always  enabled.   To  enable  password-less
 authentication, set  the "auth.authless" setting  in the configuration
@@ -101,6 +107,29 @@ connections are only accepted from localhost. If you use password-less
 authentication without turning on "ui.onlylocal", you should make sure
 that you *really* know what you are doing before proceeding.
 
+If  the computer  running  the  daemon is  connected  directly to  the
+Internet, no  network configuration will be necessary.  However, if it
+is behind a  NAT router or similar, some configuration  has to be done
+since Direct  Connect requires clients to  be able to  connect to each
+other. There are currently two options available:
+
+ * Running in passive mode. No other clients will attempt to connect
+   to a client in passive mode, which makes Direct Connect work, but
+   with rather severe limitations. Obviously, no two passive mode
+   clients can connect to one another. Also, search results are
+   proxied through the hub, which drains a hub's bandwidth horribly,
+   and is therefore frowned upon by hub owners. Indeed, many hubs do
+   not even allow clients in passive mode. If you even so wish to use
+   passive mode, set the "net.mode" setting to "1" in the
+   configuration file.
+ * Tunnel a port through the NAT router and set up Dolda Connect to
+   listen specifically to that port. The port to use is set in the
+   configuration file using the "dc.udpport" and "dc.tcpport"
+   settings (evidently, both UDP and TCP need to be tunneled through
+   the NAT router). The daemon also needs to be told of the public
+   IPv4 address of the NAT router, by way of the "net.visibleipv4"
+   setting.
+
 			 Starting the daemon
 
 To  start the  daemon, just  run  "doldacond" --  as root  if you  are
@@ -120,5 +149,5 @@ allow you in if not all TTH hashes are calculated.
 
 
 
-This documented was last updated 2006-06-24, reflecting release 0.1 of
+This documented was last updated 2006-10-27, reflecting release 0.3 of
 Dolda Connect.