Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 1 | client.conf |
| 2 | =========== |
| 3 | |
| 4 | System configuration of NDN platform is specified in ``client.conf``. |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 5 | |
| 6 | The configuration file ``client.conf`` is looked up in several directories in the following order: |
| 7 | |
| 8 | - ``$HOME/.ndn/``: user-specific settings |
| 9 | - ``@SYSCONFDIR@/ndn/`` (``/usr/local/etc/ndn``, ``/opt/local/etc/ndn``, or other, depending how the library is configured): system-wide settings |
| 10 | - ``/etc/ndn``: default system-wide settings |
| 11 | |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 12 | Here is an example of ``client.conf`` for current ndn-cxx package: |
| 13 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 14 | .. literalinclude:: ../../client.conf.sample |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 15 | |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 16 | |
| 17 | NFD |
| 18 | --- |
| 19 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 20 | transport |
| 21 | FaceUri for default connection toward local NDN forwarder. Only ``unix`` and ``tcp4`` FaceUri |
| 22 | can be specified here. |
| 23 | |
| 24 | By default, ``unix:///var/run/nfd.sock`` is used. |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 25 | |
Alexander Afanasyev | 57e0036 | 2016-06-23 13:22:54 -0700 | [diff] [blame] | 26 | ..note:: |
| 27 | This value can be overriden using `NDN_CLIENT_TRANSPORT` environment variable. |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 28 | |
| 29 | Key Management |
| 30 | -------------- |
| 31 | |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 32 | pib |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 33 | The public key information for each private key stored in TPM. The format for this setting is:: |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 34 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 35 | pib=[scheme]:[location] |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 36 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 37 | Possible values for ``[scheme]``: |
Yingdi Yu | 4e99f53 | 2014-08-25 19:40:57 -0700 | [diff] [blame] | 38 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 39 | * ``pib-sqlite3``: local PIB implementation with SQLite3 storage engine |
| 40 | |
| 41 | Possible values for ``[location]``: |
| 42 | |
| 43 | * absolute path where SQLite3 database will be stored |
| 44 | * relative path (relative to ``config.conf``) |
| 45 | * empty: default path ``$HOME/.ndn`` will be used |
| 46 | |
| 47 | When ``[location]`` is empty, trailing ``:`` can be omitted. For example:: |
| 48 | |
| 49 | pib=pib-sqlite3 |
| 50 | |
| 51 | Changing PIB scheme without changing location is **not** allowed. If such change is |
| 52 | necessary, the whole backend storage must be destroyed. For example, when default location |
| 53 | is used:: |
| 54 | |
| 55 | rm -rf ~/.ndn/ndnsec-* |
| 56 | |
Junxiao Shi | 67fba7f | 2016-09-09 13:40:05 +0000 | [diff] [blame] | 57 | It's not recommended to share the same directory between machines, e.g. via NFS. |
| 58 | Simultaneous access from multiple machines may cause errors. |
| 59 | |
Alexander Afanasyev | 57e0036 | 2016-06-23 13:22:54 -0700 | [diff] [blame] | 60 | ..note:: |
| 61 | This value can be overriden using `NDN_CLIENT_PIB` environment variable. |
| 62 | |
Alexander Afanasyev | 5208d0e | 2015-06-03 16:42:09 -0700 | [diff] [blame] | 63 | tpm |
| 64 | Trusted Platform Module (TPM) where the private keys are stored. The format for this setting |
| 65 | is:: |
| 66 | |
| 67 | tpm=[scheme]:[location] |
| 68 | |
| 69 | Possible values for ``[scheme]``: |
| 70 | |
| 71 | * ``tpm-osx-keychain`` (default on OS X platform): secure storage of private keys in OS X |
| 72 | Keychain with OS-provided access restrictions. |
| 73 | |
| 74 | ``[location]`` parameter is ignored. |
| 75 | |
| 76 | May not work for daemon applications, as user interaction may be required to access OS X |
| 77 | Keychain. |
| 78 | |
| 79 | * ``tpm-file`` (default on all other platforms): file-based storage of private keys |
| 80 | |
| 81 | Possible values for ``[location]``: |
| 82 | |
| 83 | * absolute path to directory that will store private/public key files (unencrypted with |
| 84 | ``0700`` permission) |
| 85 | * relative path (relative to ``config.conf``) |
| 86 | * empty: default path ``$HOME/.ndn/ndnsec-tpm-file`` will be used |
| 87 | |
| 88 | When ``[location]`` is empty, trailing ``:`` can be omitted. For example:: |
| 89 | |
| 90 | tpm=tpm-file |
| 91 | |
| 92 | **Change of ``tpm`` setting is only possible together with ``pib`` setting. Otherwise, an |
| 93 | error will be generated during PIB/TPM access** |
Alexander Afanasyev | 57e0036 | 2016-06-23 13:22:54 -0700 | [diff] [blame] | 94 | |
Junxiao Shi | 67fba7f | 2016-09-09 13:40:05 +0000 | [diff] [blame] | 95 | It's not recommended to share the same directory between machines, e.g. via NFS. |
| 96 | Simultaneous access from multiple machines may cause errors. |
| 97 | |
Alexander Afanasyev | 57e0036 | 2016-06-23 13:22:54 -0700 | [diff] [blame] | 98 | ..note:: |
| 99 | This value can be overriden using `NDN_CLIENT_TPM` environment variable. |