[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] docs: Add docs for new extra parameter pkipath



* docs/remote.html.in
---
 docs/remote.html.in |   30 ++++++++++++++++++++++++++++++
 1 files changed, 30 insertions(+), 0 deletions(-)

diff --git a/docs/remote.html.in b/docs/remote.html.in
index b0fdb7c..a68d0fa 100644
--- a/docs/remote.html.in
+++ b/docs/remote.html.in
@@ -308,6 +308,22 @@ Note that parameter values must be
         <td colspan="2"/>
         <td> Example: <code>no_tty=1</code> </td>
       </tr>
+      <tr>
+        <td>
+          <code>pkipath</code>
+        </td>
+        <td> tls</td>
+        <td>
+  Specifies x509 certificates path for client. As long as one of the
+  certificates (CA cerfificate, client key, client certificate) doesn't
+  exist in the specified path, the connection will fail with fatal
+  error.
+</td>
+      </tr>
+      <tr>
+        <td colspan="2"/>
+        <td> Example: <code>pkipath=/tmp/pki/client</code> </td>
+      </tr>
     </table>
     <h3>
       <a name="Remote_certificates">Generating TLS certificates</a>
@@ -372,6 +388,20 @@ next section.
   </td>
       </tr>
     </table>
+    <p>
+If 'pkipath' is specified in URI, then all the client certificates should
+be able to found in the path specified, otherwise, connection will fail
+with fatal error. And if 'pkipath' is not specified:
+</p>
+    <ul>
+      <li> For user who is non-root, libvirt trys to find the certificates
+in $HOME/.pki/libvirt, if one of the required certificates can not be found,
+global default locations(/etc/pki/CA/cacert.pem,
+/etc/pki/libvirt/private/clientkey, /etc/pki/libvirt/clientcert.pem) will be
+used.
+</li>
+      <li> For user who is root, global default location will be used. </li>
+    </ul>
     <h4>
       <a name="Remote_TLS_background">Background to TLS certificates</a>
     </h4>
--
1.7.3.2


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]