NAME
gfarm2.conf - Gfarm configuration file
DESCRIPTION
gfarm2.conf is a text file that contains a Gfarm configuration. Gfarm
server processes gfmd and gfsd refer to %%SYSCONFDIR%%/gfmd.conf and
%%SYSCONFDIR%%/gfarm2.conf, respectively, by default. Since this
configuration file is only read at startup, it is necessary to restart
servers when the contents of the configuration file are updated.
Application programs, such as gfls and gfhost, refer to both
%%SYSCONFDIR%%/gfarm2.conf, and a file specified by an environment
variable, GFARM_CONFIG_FILE. If both configuration files exist, the
file specified by the environment variable, GFARM_CONFIG_FILE, is read
first. Both files have the same grammar. If the environment variable
GFARM_CONFIG_FILE doesn’t exist, ~/.gfarm2rc in a user’s home directory
is used instead.
Each line of gfarm2.conf consists of one statement. When the line ends
with the character ‘‘\’’, the line continues for the next line. A word
beginning with ‘‘#’’ causes that word and all remaining characters on
that line to be ignored.
HOST_SPECIFICATION
Host_specification has the following forms.
III.JJJ.KKK.LLL
Specifies an IP address with four octets from 0 to 255,
separated by ".".
III.JJJ.KKK.LLL/MM
Specifies a network address with an IP address and a netmask
from 0 to 31 separated by "/".
domain.name
Specifies a host name.
.domain.name
Specifies all hosts which belong to the domain.name.
* Specifies all hosts.
STATEMENT
The following statements are supported.
spool directory
The spool statement specifies a spool directory for a Gfarm
filesystem on this filesystem node.
For example,
spool /var/spool/gfarm
spool_server_listen_address IP-address
The spool_server_listen_address statement specifies the IP
address at which the gfsd accepts TCP and UDP requests. The
default address is all IP addresses of the host. This option is
useful when one wants to invoke multiple gfsd to provide
multiple spool directories on the host.
For example,
spool_server_listen_address 192.168.121.1
spool_server_cred_type cred_type
This statement specifies the type of credential used by gfsd for
GSI authentication. This is ignored when you are using
sharedsecret authentication.
If this statement isn’t used on the server side, the server uses
a host certificate, if the server is invoked with root
privileges. Or, if the server is invoked as a non-privileged
user, the server uses the user’s certificate.
If this statement isn’t used on the client side, the client
assumes that the server that the client is going to connect is
using a host certificate of the server host. Thus, if the server
is not invoked with root privileges, but invoked with user
privileges where the user is the same as the user who invoked
the client, the client side needs to specify the following one
line.
Example:
spool_server_cred_type self
The possible types of cred_type are ‘‘self’’, ‘‘host’’, ‘‘user’’
and ‘‘mechanism-specific’’. And those are used with the
spool_server_cred_service and spool_server_cred_name statements
as follows:
self This keyword specifies that the certificate that the user
currently has is used. You must not use either the
spool_server_cred_service or spool_server_cred_name
statement, if you are using this type.
host This keyword specifies that a host certificate or a
service certificate is used. To choose a service
certificate, the name of the service may be specified by
the spool_server_cred_service statement. If ‘‘host’’ is
specified as the service name, a host certificate in the
file ‘‘/etc/grid-security/hostcert.pem’’ will be used.
If any server name other than ‘‘host’’ is specified, a
service certificate in the file ‘‘/etc/grid-
security/SERVICE/SERVICEcert.pem’’ will be used. If the
service name is omitted, ‘‘host’’ will be used as the
service name by default. Only the Common Name field of a
certificate will be used to check the server’s identity
for both a host certificate and a service certificate.
And the Common Name field must be in the
‘‘CN=SERVERNAME/HOSTNAME’’ format. Also, the hostname
must match the canonical name configured by the gfhost
command exactly. Alias hostnames are not allowed.
This feature corresponds to the
GSS_C_NT_HOSTBASED_SERVICE feature in GSSAPI
(RFC2743/RFC2744).
Example:
spool_server_cred_type host
spool_server_cred_service host
user This keyword specifies that a user certificate is used.
The account name of the user may be specified by the
spool_server_cred_name statement. If the account name is
omitted, the user who invoked the command will be used by
default. You must not specify a service name using the
spool_server_cred_service statement, if you are using a
user certificate.
To map from the account name to a Distinguished Name of a
certificate, file ‘‘/etc/grid-security/grid-mapfile’’ is
used. Thus, if there isn’t such a file, or if the user
isn’t specified in this file, this feature cannot be
used.
This feature corresponds to the GSS_C_NT_USER_NAME
feature in GSSAPI (RFC2743/RFC2744).
Example:
spool_server_cred_type user
spool_server_cred_name guest
mechanism-specific
This keyword specifies that spool_server_cred_name is
treated as a raw X.509 Distinguished Name serving as a
server’s certificate. You must not specify a service
name using a spool_server_cred_service statement, if you
are using this type.
This feature corresponds to a case where GSS_C_NO_OID is
specified as a Name Type in GSSAPI (RFC2743/RFC2744).
Example:
spool_server_cred_type mechanism-specific
spool_server_cred_name "/O=Grid/O=Globus/OU=example.com/CN=John Smith"
spool_server_cred_service cred_service
This statement specifies the service name of a service
certificate used by gfsd for GSI authentication, when ‘‘host’’
is specified in spool_server_cred_type statement. This is
ignored when you are using sharedsecret authentication. Please
read the description of the spool_server_cred_type statement for
details.
spool_server_cred_name cred_name
This statement specifies the setting of a certificate used by
gfsd for GSI authentication. What this setting means depends on
the type specified in the spool_server_cred_type statement.
This is ignored when you are using sharedsecret authentication.
Please read the description of the spool_server_cred_type
statement for details.
metadb_server_host hostname
The metadb_server_host statement specifies the host name on
which gfmd is running.
This statement cannot be omitted.
For example,
metadb_server_host ldap.example.com
metadb_server_port port
The metadb_server_port statement specifies the tcp port number
the gfmd is listening on. The default port number is 601.
For example,
metadb_server_port 601
metadb_server_cred_type cred_type
This statement specifies the type of credential used by gfmd for
GSI authentication. This is ignored when you are using
sharedsecret authentication. Please read the description of the
spool_server_cred_type statement on the configuration of this
statement.
metadb_server_cred_service cred_service
This statement specifies the service name of a service
certificate used by gfmd for GSI authentication, when ‘‘host’’
is specified in metadb_server_cred_type statement. This is
ignored when you are using sharedsecret authentication. Please
read the description of the spool_server_cred_type statement on
the configuration of this statement.
metadb_server_cred_name cred_name
This statement specifies the setting of a certificate used by
gfmd for GSI authentication. What this setting means depends on
the type specified in the metadb_server_cred_type statement.
This is ignored when you are using sharedsecret authentication.
Please read the description of the spool_server_cred_type
statement on the configuration of this statement.
metadb_server_stack_size bytes
This directive specifies the size of each thread in the gfmd
metadata server process. If not specified, the default size of
the OS is used. This parameter is used to cut down the size of
virtual memory space used by gfmd.
For example, the default stack size on CentOS 5/i386 is 10MB,
thus, you can decrease the size of the virtual memory space of
gfmd to 1/40, by specifying 256KB as this parameter.
This parameter is only available in gfmd.conf, and ignored in
gfarm2.conf.
For example,
metadb_server_stack_size 262144
metadb_server_thread_pool_size size
This directive specifies the maximum number of threads in a
thread pool in the gfmd. It is effective to specify around the
number of CPU cores of the metadata server node. Default is 16.
This parameter is only available in gfmd.conf, and ignored in
gfarm2.conf.
For example,
metadb_server_thread_pool_size 16
metadb_server_job_queue_length length
This directive specifies the length of job queue in the gfmd.
It is effective to specify around the maximum number of clients
that access the Gfarm file system at the same time. Default is
160.
This parameter is only available in gfmd.conf, and ignored in
gfarm2.conf.
For example,
metadb_server_job_queue_length 160
metadb_server_heartbeat_interval seconds
This directive specifies the interval of heartbeat in seconds
for gfmd to check availability of each gfsd. Default is 180
seconds.
Until gfarm-2.3.0, this parameter was only available in
gfmd.conf, and ignored in gfarm2.conf. But since gfarm-2.3.1,
gfsd also uses this parameter to detect whether gfmd is down or
not, this parameter has to be specified in both gfarm2.conf and
gfmd.conf.
For example,
metadb_server_heartbeat_interval 180
metadb_server_dbq_size size
This directive specifies the queue length of metadata updates
for a backend database in gfmd. Longer queue length may avoid
slow down due to waiting backend database updates in case of
frequent metadata operations. Default is 65536.
This parameter is only available in gfmd.conf, and ignored in
gfarm2.conf.
For example,
metadb_server_dbq_size 65536
ldap_server_host hostname
The ldap_server_host statement specifies the host name on which
an LDAP server is running. This statement is required when the
LDAP server is used for a backend database of gfmd. This
statement is used in gfmd.conf not gfarm2.conf.
For example,
ldap_server_host ldap.example.com
ldap_server_port port
The ldap_server_port statement specifies the tcp port number of
the LDAP server.
This statement cannot be omitted if ldap_server_host is
specified.
For example,
ldap_server_port 602
ldap_base_dn LDAP_base_distinguished_name
The ldap_base_dn statement specifies the base-distinguished name
of the LDAP database.
This statement cannot be omitted if ldap_server_host is
specified.
For example,
ldap_base_dn "dc=example, dc=com"
ldap_bind_dn LDAP_bind_distinguished_name
The ldap_bind_dn statement specifies the distinguished name for
the bind operation which is used for authentication to the LDAP
database.
For example,
ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"
ldap_bind_password password
The ldap_bind_password statement specifies the password for the
bind operation which is used for authentication to the LDAP
database.
For example,
ldap_bind_password "secret-ldap-password"
postgresql_server_host hostname
The postgresql_server_host statement specifies the host name on
which a PostgreSQL server is running. This statement is
required when the PostgreSQL server is used for a backend
database of gfmd. This statement is used in gfmd.conf not
gfarm2.conf.
For example,
postgresql_server_host postgresql.example.com
postgresql_server_port port
The postgresql_server_port statement specifies the tcp port
number of the PostgreSQL server.
This statement cannot be omitted if postgresql_server_host is
specified.
For example,
postgresql_server_port 602
postgresql_dbname dbname
The postgresql_dbname statement specifies the database name of
the PostgreSQL database.
This statement cannot be omitted if postgresql_server_host is
specified.
For example,
postgresql_dbname gfarm
postgresql_user user
The postgresql_user statement specifies the username used to
connect the PostgreSQL database.
For example,
postgresql_user gfarm
postgresql_password password
The postgresql_password statement specifies the password used to
connect the PostgreSQL database.
For example,
postgresql_password gfarm
postgresql_conninfo connection_info
The postgresql_conninfo statement specifies the connection
option used to connect the PostgreSQL database.
For example,
postgresql_conninfo "sslmode=require connect_timeout=30"
auth validity method Host_specification
This statement specifies the authentication method when
communicating with the host(s) specified by the third argument.
The first argument should be either the enable or disable
keyword. The second argument, auth method, should be the gsi,
gsi_auth, or sharedsecret keyword. The third argument specifies
the host(s) by using Host specification.
The auth statement may be specified any number of times. For
each authentication method, it becomes a candidate when the
first entry whose host_specification matches the target host has
the enable keyword. When there is no corresponding entry, or
when the first corresponding entry has the disable keyword, the
authentication method does not become a candidate.
This process takes place on both client and server sides.
Candidates for authentication method on both sides will be
tried.
The order of statements with different authentication methods is
not relevant. When there are several candidates for the
authentication method for the host, the order of the
authentication trial is sharedsecret, gsi_auth, and then gsi.
The GSI methods are available if and only if the --with-globus
option is specified at configuration. When the methods are not
available, an auth statement with gsi or gsi_auth will be
ignored.
This statement cannot be omitted.
For example,
auth disable sharedsecret 192.168.0.100
auth disable sharedsecret 192.168.0.101
auth enable sharedsecret 192.168.0.0/24
auth enable gsi_auth 10.0.0.0/8
auth enable gsi *
In this example, all hosts which belong to the network address
192.168.0.0/24, except for two hosts, 192.168.0.100 and
192.168.0.101, will be tested for authenticated by both
sharedsecret and gsi; all hosts which belong to the network
address 10.0.0.0/8 will be tested for authentication by both
gsi_auth and gsi; and all other hosts will be authenticated by
gsi. Note that two hosts, 192.168.0.100 and 192.168.0.101, will
be tested for authentication by gsi only.
sockopt option[=value] [LISTENER | Host_specification]
The sockopt parameter specifies the socket option option via the
setsockopt(2) system call.
When LISTENER (all capital letters) is specified by the second
argument, the socket option is applied to any socket on the
server side (accepting side).
When the host_specification is specified by the second argument,
the socket option is applied to sockets that connect to the
specified host(s). If the second argument is "*", the socket
option is applied to any hosts on the client side (connecting
side).
If the second argument is omitted, the socket option is applied
to every socket.
The following socket options can be specified.
debug. The SO_DEBUG socket option is specified. A value is not
necessary.
keepalive. The SO_KEEPALIVE socket option is specified. A
value is not necessary.
sndbuf. The SO_SNDBUF socket option is specified with a value.
rcvbuf. The SO_RCVBUF socket option is specified with a value.
tcp_nodelay. The TCP_NODELAY socket option is specified. A
value is not necessary.
For example,
sockopt tcp_nodelay 192.168.0.0/24
sockopt sndbuf=1048576 10.0.0.0/8
sockopt sndbuf=1048576 LISTENER
sockopt rcvbuf=1048576 10.0.0.0/8
sockopt rcvbuf=1048576 LISTENER
admin_user user
This directive specifies an administrator user name, which is
specified in gfmd.conf.
admin_user_gsi_dn user_gsi_dn
This directive specifies a subject DN of an administrator, which
is specified in gfmd.conf.
local_user_map user-map-file
This directive specifies a file name user-map-file for mapping
local user names to global user names. This map file is used
only for sharedsecret authentication. When this file is not
specified, a global user name is assumed to be same as the local
user name.
user-map-file is needed when you have to use the sharedsecret
authentication method in the case where you have different unix
account names on different filesystem nodes. In such a case,
the user-map-file on each filesystem node should have an entry
from each local user name to a unique global user name.
Example:
local_user_map /etc/gfarm/gfarm-usermap
Each line of the user-map-file consists of two fields separated
by spaces; the first field is a global user name, and the second
field is a local user name.
Example of the user mapping file:
foobar foo
quux baz
According to the first line of this mapping file, a global user
name, "foobar", is mapped to a local user name, "foo", on this
node.
local_group_map group-map-file
This directive specifies a file name group-map-file for mapping
global group names to local group names. This map file is used
by legacy clients that use local group id such as gfarm2fs and
gfarm dsi for Globus GridFTP to display mapped local groups.
When this file is not specified, a local group name is assumed
to be same as the global group name.
Example:
local_group_map /etc/gfarm/gfarm-groupmap
Each line of the group-map-file consists of two fields separated
by spaces; the first field is a global group name, and the
second field is a local group name.
schedule_cache_timeout seconds
This directive specifies the time (in seconds) until the cache
used for filesystem node scheduling expires. The cache holds
information on each filesystem node, e.g. load average, disk
free space, and whether authentication succeeds or not. The
default time is 600 seconds, i.e. ten minutes.
For example,
schedule_cache_timeout 60
schedule_idle_load_thresh load-average
This directive specifies the threshold of CPU load average to be
considered idle. The file system nodes whose CPU load average
is equal to or below the specified CPU load average are to be
scheduled at first. The default load average is 0.1.
For example,
schedule_idle_load_thresh 0.1
schedule_busy_load_thresh load-average
This directive specifies the threshold of CPU load average to be
considered busy. The file system nodes whose CPU load average
is above the specified CPU load average are to be scheduled
lastly. The default load average is 0.5.
For example,
schedule_busy_load_thresh 0.5
schedule_virtual_load load-average
This directive specifies the virtual CPU load average. The
virtual CPU load is added when the host is scheduled to avoid
scheduling the same host multiple times. The default load
average is 0.3.
For example,
schedule_virtual_load 0.3
minimum_free_disk_space bytes
This directive specifies free disk space (in bytes) which is
required on filesystem nodes. The Gfarm scheduler excludes
filesystem nodes which have less free space than this parameter,
when it schedules nodes for jobs which may write files. The
free space value may have a suffix like ‘‘k’’ (kilo bytes),
‘‘M’’ (mega bytes), ‘‘G’’ (giga bytes) and ‘‘T’’ (tera bytes).
The default size is 128M bytes.
For example,
minimum_free_disk_space 1G
gfsd_connection_cache number
This directive specifies maximum number of cached gfsd
connections. The default is 16.
For example,
gfsd_connection_cache 32
attr_cache_limit number
This directive specifies maximum number of cached attributes in
gfarm library. The default is 40000.
For example,
attr_cache_limit 100000
attr_cache_timeout milliseconds
This directive specifies maximum time until cached attributes
expire in milliseconds. The default is 1000, i.e. 1 second.
For example,
attr_cache_timeout 3600000
log_level priority_level
This directive specifies a level of log priority. The log
output, which priority is inferior to this level, will not be
sent to syslog or standard error. The priority levels are
"emerg", "alert", "crit", "err", "warning", "notice", "info" and
"debug" in highest first order. The default level is "info".
It’s not recommended to specify a level higher or equal to
"crit".
For example,
log_level debug
log_message_verbose_level level
This directive specifies how verbose the log message is. The
default value is 0, which outputs the log message id. The level
1 additionally outputs the file name and the line of source
code. The level 2 additionally outputs the function name.
For example,
log_message_verbose_level 1
GRAMMAR
This is a grammar of gfarm2.conf described by the BNF notation.
<statement> ::=
<spool_statement> |
<spool_server_listen_address_statement> |
<spool_server_cred_type_statement> |
<spool_server_cred_service_statement> |
<spool_server_cred_name_statement> |
<metadb_server_host_statement> |
<metadb_server_port_statement> |
<metadb_server_cred_type_statement> |
<metadb_server_cred_service_statement> |
<metadb_server_cred_name_statement> |
<metadb_server_stack_size_statement> |
<metadb_server_thread_pool_size_statement> |
<metadb_server_job_queue_length_statement> |
<metadb_server_heartbeat_interval_statement> |
<metadb_server_dbq_size_statement> |
<ldap_server_host_statement> |
<ldap_server_port_statement> |
<ldap_base_dn_statement> |
<ldap_bind_dn_statement> |
<ldap_bind_password_statement> |
<postgresql_server_host_statement> |
<postgresql_server_port_statement> |
<postgresql_dbname_statement> |
<postgresql_user_statement> |
<postgresql_password_statement> |
<postgresql_conninfo_statement> |
<auth_statement> |
<sockopt_statement> |
<admin_user_statement> |
<admin_user_gsi_dn_statement> |
<local_user_map_statement> |
<local_group_map_statement> |
<schedule_cache_timeout_statement> |
<schedule_idle_load_thresh_statement> |
<schedule_busy_load_thresh_statement> |
<schedule_virtual_load_statement> |
<minimum_free_disk_space_statement> |
<gfsd_connection_cache_statement> |
<attr_cache_limit_statement> |
<attr_cache_timeout_statement> |
<log_level_statement> |
<log_message_verbose_level_statement>
<spool_statement> ::= "spool" <pathname>
<spool_server_listen_address_statement> ::=
"spool_server_listen_address" <ipv4_address>
<spool_server_cred_type_statement> ::=
"spool_server_cred_type" <cred_type>
<spool_server_cred_service_statement> ::=
"spool_server_cred_service" <cred_service>
<spool_server_cred_name_statement> ::=
"spool_server_cred_name" <cred_name>
<metadb_server_host_statement> ::= "metadb_server_host" <hostname>
<metadb_server_port_statement> ::= "metadb_server_port" <portnumber>
<metadb_server_cred_type_statement> ::=
"metadb_server_cred_type" <cred_type>
<metadb_server_cred_service_statement> ::=
"metadb_server_cred_service" <cred_service>
<metadb_server_cred_name_statement> ::=
"metadb_server_cred_name" <cred_name>
<metadb_server_stack_size_statement> ::=
"metadb_server_stack_size" <number>
<metadb_server_thread_pool_size_statement> ::=
"metadb_server_thread_pool_size" <number>
<metadb_server_job_queue_length_statement> ::=
"metadb_server_job_queue_length" <number>
<metadb_server_heartbeat_interval_statement> ::=
"metadb_server_heartbeat_interval" <number>
<metadb_server_dbq_size_statement> ::=
"metadb_server_dbq_size" <number>
<ldap_server_host_statement> ::= "ldap_server_host" <hostname>
<ldap_server_port_statement> ::= "ldap_server_port" <portnumber>
<ldap_base_dn_statement> ::= "ldap_base_dn" <string>
<ldap_bind_dn_statement> ::= "ldap_bind_dn" <string>
<ldap_bind_password_statement> ::= "ldap_bind_password" <string>
<postgresql_server_host_statement> ::= "postgresql_server_host" <hostname>
<postgresql_server_port_statement> ::= "postgresql_server_port" <portnumber>
<postgresql_dbname_statement> ::= "postgresql_dbname" <string>
<postgresql_user_statement> ::= "postgresql_user" <string>
<postgresql_password_statement> ::= "postgresql_password" <string>
<postgresql_conninfo_statement> ::= "postgresql_conninfo" <string>
<auth_statement> ::=
"auth" <validity> <auth_method> <hostspec>
<auth_command> ::= "enable" | "disable"
<auth_method> ::= "gsi" | "gsi_auth" | "sharedsecret"
<sockopt_statement> ::=
"sockopt" <socket_option>[=<number>] [""LISTENER" | <hostspec>]
<socket_option> = "debug" | "keepalive" | "sndbuf" | "rcvbuf" |
"tcp_nodelay"
<admin_user_statement> ::= "admin_user" <string>
<admin_user_gsi_dn_statement> ::= "admin_user_gsi_dn" <string>
<local_user_map_statement> ::= "local_user_map" <pathname>
<local_group_map_statement> ::= "local_group_map" <pathname>
<schedule_cache_timeout_statement> ::= "schedule_cache_timeout" <number>
<schedule_idle_load_thresh_statement> ::= "schedule_idle_load_thresh" <load>
<schedule_busy_load_thresh_statement> ::= "schedule_busy_load_thresh" <load>
<schedule_virtual_load_statement> ::= "schedule_virtual_load" <load>
<minimum_free_disk_space_statement> ::=
"minimum_free_disk_space" <size>
<gfsd_connection_cache_statement> ::= "gfsd_connection_cache" <number>
<attr_cache_limit_statement> ::= "attr_cache_limit" <number>
<attr_cache_timeout_statement> ::= "attr_cache_timeout" <number>
<log_level_statement> ::= "log_level" <log_priority>
<log_message_verbose_level_statement> ::= "log_message_verbose_level" <number>
<hostspec> ::= <ipv4_address> | <ipv4_address> "/" <address_mask> |
<hostname> | "." <domain_name> | "*"
<pathname> ::= <pathname_character> <pathname_character>*
<pathname_character> ::= <hostname_character> | "," | "/" | "_"
<hostname> ::= <hostname_character> <hostname_character>*
<hostname_character> ::= <alphabet> | <digit> | "-" | "."
<portnumber> ::= <number>
<size> ::= <number> [ "k" | "M" | "G" | "T" ]
<number> ::= <digit> [<digit>*]
<digit> ::= "0" | "1" | "2" | "3" | "4" | "5" | "6" | "7" | "8" | "9"
<string> ::= """ <double_quoted_character>* """
<double_quoted_character> ::=
<any_character_except_backslash_and_double_quotation> |
"\\" | "\""
<validity> ::= "enable" | "disable"
<log_priority> ::= "emerg" | "alert" | "crit" | "err" | "warning" |
"notice" | "info" | "debug"
EXAMPLES
The following is an example usin PostgreSQL to store the metadata, and
to allow access from filesystem nodes and clients at IP address
192.168.0.0/24, via sharedsecret authentication.
spool /var/spool/gfarm
metadb_server_host metadb.example.org
metadb_server_port 601
postgresql_server_host metadb.example.org
postgresql_server_port 5432
postgresql_dbname gfarm
postgresql_user gfarm
postgresql_password "secret-postgresql-password"
auth enable sharedsecret 192.168.0.0/24
sockopt keepalive
The following is an example using LDAP to store the metadata, and to
allow access from filesystem nodes and clients at any IP address, via
GSI authentication.
spool /var/spool/gfarm
metadb_server_host metadb.example.com
metadb_server_port 601
ldap_server_host metadb.example.com
ldap_server_port 602
ldap_base_dn "dc=example, dc=com"
ldap_bind_dn "cn=gfarmuser, dc=example, dc=com"
ldap_bind_password "secret-ldap-password"
auth enable gsi *
sockopt keepalive
FILES
%%SYSCONFDIR%%/gfarm2.conf
$HOME/.gfarm2rc
SEE ALSO
gfmd(8), gfsd(8), setsockopt(2)