Whitespace-only fixes. Translators, please ignore.

svn path=/head/; revision=42603
2013-08-29 03:56:17 +00:00 · 2013-08-29 03:56:17 +00:00 · a79b58e9c6 · 2020-12-08 03:00:23 +00:00
commit a79b58e9c6
parent eda432163d
1 changed files with 389 additions and 404 deletions
--- a/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
+++ b/en_US.ISO8859-1/books/handbook/network-servers/chapter.xml
@ -22,12 +22,11 @@
  <sect1 id="network-servers-synopsis">
    <title>Synopsis</title>
-    <para>This chapter covers some of the more frequently used
+    <para>This chapter covers some of the more frequently used network
-      network services on &unix; systems.  This includes
+      services on &unix; systems.  This includes installing,
-      installing, configuring, testing, and maintaining
+      configuring, testing, and maintaining many different types of
-      many different types of network services.  Example
+      network services.  Example configuration files are included
-      configuration files are included throughout this
+      throughout this chapter for reference.</para>
      chapter for reference.</para>
    <para>By the end of this chapter, readers will know:</para>
@ -134,16 +133,15 @@
      <para>The &man.inetd.8; daemon is sometimes referred to as the
 	<quote>Internet Super-Server</quote> because it manages
-	connections for many services.  When a connection is
+	connections for many services.  When a connection is received
-	received by <application>inetd</application>, it determines
+	by <application>inetd</application>, it determines which
-	which program the connection is destined for, spawns the
+	program the connection is destined for, spawns the particular
-	particular process and delegates the socket to it (the program
+	process and delegates the socket to it (the program is invoked
-	is invoked with the service socket as its standard input,
+	with the service socket as its standard input, output and
-	output and error descriptors).  Running
+	error descriptors).  Running <application>inetd</application>
-	<application>inetd</application> for servers that are not
+	for servers that are not heavily used can reduce the overall
-	heavily used can reduce the overall system load, when compared
+	system load, when compared to running each daemon individually
-	to running each daemon individually in stand-alone
+	in stand-alone mode.</para>
 	mode.</para>
      <para>Primarily, <application>inetd</application> is used to
 	spawn other daemons, but several trivial protocols are handled
@ -413,8 +411,7 @@ server-program-arguments</programlisting>
 	      <option>nowait</option> is mandatory.
 	      <option>max-child</option>,
 	      <option>max-connections-per-ip-per-minute</option> and
-	      <option>max-child-per-ip</option> are
+	      <option>max-child-per-ip</option> are optional.</para>
 	      optional.</para>
 	    <para>A stream-type multi-threaded daemon without any
 	      <option>max-child</option>,
@ -560,8 +557,8 @@ server-program-arguments</programlisting>
    <para>&os; supports the Network File System
      (<acronym>NFS</acronym>), which allows a server to share
      directories and files with clients over a network.  With
-      <acronym>NFS</acronym>, users and programs can access files
+      <acronym>NFS</acronym>, users and programs can access files on
-      on remote systems as if they were stored locally.</para>
+      remote systems as if they were stored locally.</para>
    <para>The most notable benefits that
      <acronym>NFS</acronym> provides are:</para>
@ -690,15 +687,14 @@ mountd_flags="-r"</programlisting>
      <programlisting>nfs_client_enable="YES"</programlisting>
-      <para><filename>/etc/exports</filename> specifies which
+      <para><filename>/etc/exports</filename> specifies which file
-	file systems the <acronym>NFS</acronym> server will
+	systems the <acronym>NFS</acronym> server will export.  Each
-	export.  Each line in
+	line in <filename>/etc/exports</filename> specifies a file
-	<filename>/etc/exports</filename> specifies a file system to
+	system to be exported and which clients have access to that
-	be exported and which clients have access to that file system,
+	file system, as well as any access options.  There are many
-	as well as any access options.  There are many
+	such options that can be used in this file, but only a few
-	such options that can be used in this file, but only a few will
+	will be mentioned here.  See &man.exports.5; for the full list
-	be mentioned here.  See &man.exports.5; for the full list of
+	of options.</para>
 	options.</para>
      <indexterm>
 	<primary>NFS</primary>
@ -736,14 +732,14 @@ mountd_flags="-r"</programlisting>
      <para>This next line exports
 	<filename class="directory">/a</filename> so that two clients
-	from different domains may access the file system.
+	from different domains may access the file system.  The
-	The <option>-maproot=root</option> flag allows the
+	<option>-maproot=root</option> flag allows the
 	<username>root</username> user on the remote system to write
 	data on the exported file system as <username>root</username>.
 	If the <literal>-maproot=root</literal> flag is not specified,
-	the client's <username>root</username> user will be mapped
+	the client's <username>root</username> user will be mapped to
-	to the server's <username>nobody</username> account and will
+	the server's <username>nobody</username> account and will be
-	be subject to the access limitations defined for user,
+	subject to the access limitations defined for user,
 	<username>nobody</username>.</para>
      <programlisting>/a  -maproot=root  host.example.com box.example.org</programlisting>
@ -765,9 +761,9 @@ mountd_flags="-r"</programlisting>
 /usr/ports client</programlisting>
      <para>The <filename class="directory">/usr</filename> file
-	system has two lines
+	system has two lines specifying exports to the same host,
-	specifying exports to the same host, <hostid>client</hostid>.
+	<hostid>client</hostid>.  The correct format for this
-	The correct format for this situation is:</para>
+	situation is:</para>
      <programlisting>/usr/src /usr/ports  client</programlisting>
@ -802,9 +798,8 @@ mountd_flags="-r"</programlisting>
 	more information about using rc scripts.</para>
      <para>On a new server being configured with
-	<acronym>NFS</acronym> services, the server can be
+	<acronym>NFS</acronym> services, the server can be started by
-	started by running this command as
+	running this command as <username>root</username>:</para>
 	<username>root</username>:</para>
      <screen>&prompt.root; <userinput>service nfsd start</userinput></screen>
@ -816,9 +811,9 @@ mountd_flags="-r"</programlisting>
 	file system.  In these examples, the server's name is
 	<hostid>server</hostid> and the client's name is
 	<hostid>client</hostid>.  For testing or to temporarily mount
-	a remote file system, execute
+	a remote file system, execute <application>mount</application>
-	<application>mount</application> as
+	as <username>root</username> on
-	<username>root</username> on <hostid>client</hostid>:</para>
+	<hostid>client</hostid>:</para>
      <indexterm>
 	<primary>NFS</primary>
@ -826,14 +821,11 @@ mountd_flags="-r"</programlisting>
      </indexterm>
      <screen>&prompt.root; <userinput>mount server:/home /mnt</userinput></screen>
-      <para>This mounts the
+      <para>This mounts the <hostid>server</hostid>:
-	<hostid>server</hostid>:
+	<filename class="directory">/home</filename> file system to
-	<filename class="directory">/home</filename>
+	the <hostid>client</hostid>:
-	file system to the
+	<filename class="directory">/mnt</filename> mount point.  The
-	<hostid>client</hostid>:
+	files and directories in the <hostid>server</hostid>
 	<filename class="directory">/mnt</filename> mount
 	point.  The files and directories in the
 	<hostid>server</hostid>
 	<filename class="directory">/home</filename> file system will
 	now be available on <hostid>client</hostid>, in the
 	<filename class="directory">/mnt</filename> directory.</para>
@ -864,17 +856,17 @@ rpc_statd_enable="YES"</programlisting>
 	<acronym>NFS</acronym> client and server are already
 	configured.</para>
-      <para>Start the application, as
+      <para>Start the application, as <username>root</username>,
-	<username>root</username>, with:</para>
+	with:</para>
      <screen>&prompt.root; <userinput>service lockd start</userinput>
 &prompt.root; <userinput>service statd start</userinput></screen>
      <para>If locking is not required on the server, the
-	<acronym>NFS</acronym> client can be configured to
+	<acronym>NFS</acronym> client can be configured to lock
-	lock locally by passing <option>-L</option> to
+	locally by passing <option>-L</option> to &man.mount.nfs.8;.
-	&man.mount.nfs.8;.  Refer to the &man.mount.nfs.8;
+	Refer to the &man.mount.nfs.8; manual page for further
-	manual page for further details.</para>
+	details.</para>
    </sect2>
    <sect2>
@ -889,10 +881,10 @@ rpc_statd_enable="YES"</programlisting>
      </indexterm>
      <itemizedlist>
 	<listitem>
-	  <para>Share a <acronym>CD-ROM</acronym> or other media
+	  <para>Share a <acronym>CD-ROM</acronym> or other media with
-	    with any number of clients.  It is often more
+	    any number of clients.  It is often more convenient to
-	    convenient to install software on multiple
+	    install software on multiple machines from a single
-	    machines from a single location.</para>
+	    location.</para>
 	</listitem>
 	<listitem>
@ -904,8 +896,8 @@ rpc_statd_enable="YES"</programlisting>
 	</listitem>
 	<listitem>
-	  <para>Several clients may need access to the
+	  <para>Several clients may need access to the <filename
-	    <filename class="directory">/usr/ports/distfiles</filename>
+	      class="directory">/usr/ports/distfiles</filename>
 	    directory.  Sharing that directory allows for quick access
 	    to the source files without having to download them to
 	    each client.</para>
@ -949,19 +941,19 @@ rpc_statd_enable="YES"</programlisting>
      <para><application>amd</application> operates by attaching
 	itself as an NFS server to the
-	<filename class="directory">/host</filename>
+	<filename class="directory">/host</filename> and
-	and <filename class="directory">/net</filename> directories.  When a file is
+	<filename class="directory">/net</filename> directories.  When
-	accessed within one of these directories,
+	a file is accessed within one of these directories,
 	<application>amd</application> looks up the corresponding
 	remote mount and automatically mounts it.
-	<filename class="directory">/net</filename> is used to mount an exported file
+	<filename class="directory">/net</filename> is used to mount
-	system from an IP address, while
+	an exported file system from an IP address, while
-	<filename class="directory">/host</filename> is
+	<filename class="directory">/host</filename> is used to mount
-	used to mount an export from a remote hostname.</para>
+	an export from a remote hostname.</para>
      <para>For instance, an attempt to access a file within
-	<filename class="directory">/host/foobar/usr</filename> would tell
+	<filename class="directory">/host/foobar/usr</filename> would
-	<application>amd</application> to mount the
+	tell <application>amd</application> to mount the
 	<filename class="directory">/usr</filename> export on the host
 	<hostid>foobar</hostid>.</para>
@ -981,13 +973,13 @@ Exports list on foobar:
 &prompt.user; <userinput>cd /host/foobar/usr</userinput></screen>
      </example>
-      <para>The output from <command>showmount</command>
+      <para>The output from <command>showmount</command> shows
-	shows <filename class="directory">/usr</filename> as an
+	<filename class="directory">/usr</filename> as an export.
-	export.  When changing directories to
+	When changing directories to
 	<filename class="directory">/host/foobar/usr</filename>,
 	<application>amd</application> intercepts the request and
-	attempts to resolve the hostname <hostid>foobar</hostid>.
+	attempts to resolve the hostname <hostid>foobar</hostid>.  If
-	If successful, <application>amd</application> automatically
+	successful, <application>amd</application> automatically
 	mounts the desired export.</para>
      <para><application>amd</application> is enabled by placing
@ -1005,11 +997,10 @@ Exports list on foobar:
      <programlisting>amd_flags="-a /.amd_mnt -l syslog /host /etc/amd.map /net /etc/amd.map"</programlisting>
-      <para><filename>/etc/amd.map</filename> defines the
+      <para><filename>/etc/amd.map</filename> defines the default
-	default options with which exports are mounted.
+	options with which exports are mounted.
-	<filename>/etc/amd.conf</filename> defines some of the
+	<filename>/etc/amd.conf</filename> defines some of the more
-	more advanced features of
+	advanced features of <application>amd</application>.</para>
 	<application>amd</application>.</para>
      <para>Consult the &man.amd.8; and &man.amd.conf.5; manual pages
 	for more information.</para>
@ -1139,7 +1130,6 @@ Exports list on foobar:
 	    <row>
 	      <entry><application>ypbind</application></entry>
 	      <entry><quote>Binds</quote> an NIS client to its NIS
 		server.  It will take the NIS domainname from the
 		system, and using <acronym>RPC</acronym>, connect to
@ -1449,10 +1439,10 @@ Exports list on foobar:
 	  <note>
 	    <para>Depending on the NIS setup, additional entries may
-	      be required.  See the <link
+	      be required.  See the
-		linkend="network-nis-server-is-client">section about
+	      <link linkend="network-nis-server-is-client">section
-	      NIS servers that are also NIS clients</link>, below, for
+		about NIS servers that are also NIS clients</link>,
-	      details.</para>
+	      below, for details.</para>
 	  </note>
 	  <para>After setting up the above entries, run the command
@ -1481,8 +1471,8 @@ Exports list on foobar:
 	    good reason, never propagate passwords for
 	    <username>root</username> and other administrative
 	    accounts to all the servers in the NIS domain.  Therefore,
-	    before the NIS maps are initialized, configure the
+	    before the NIS maps are initialized, configure the primary
-	    primary password files:</para>
+	    password files:</para>
 	  <screen>&prompt.root; <userinput>cp /etc/master.passwd /var/yp/master.passwd</userinput>
 &prompt.root; <userinput>cd /var/yp</userinput>
@ -1541,12 +1531,11 @@ ellington has been setup as an YP master server without any errors.</screen>
 	  <para>At this point, <command>ypinit</command> should have
 	    created <filename>/var/yp/Makefile</filename> from
-	    <filename>/var/yp/Makefile.dist</filename>.
+	    <filename>/var/yp/Makefile.dist</filename>.  When created,
-	    When created, this file assumes that the operating
+	    this file assumes that the operating environment is a
-	    environment is a single server NIS system with only &os;
+	    single server NIS system with only &os; machines.  Since
-	    machines.  Since <literal>test-domain</literal> has
+	    <literal>test-domain</literal> has a slave server as well,
-	    a slave server as well, edit
+	    edit <filename>/var/yp/Makefile</filename> as well:</para>
 	    <filename>/var/yp/Makefile</filename> as well:</para>
 	  <screen>ellington&prompt.root; <userinput>vi /var/yp/Makefile</userinput></screen>
@ -2440,9 +2429,8 @@ nis_client_flags="-S <replaceable>NIS domain</replaceable>,<replaceable>server</
 	Blowfish and MD5 encrypted passwords, respectively).</para>
      <para>If any changes were made to
-	<filename>/etc/login.conf</filename>, the
+	<filename>/etc/login.conf</filename>, the login capability
-	login capability database must be rebuilt by
+	database must be rebuilt by running the following command as
 	running the following command as
 	<username>root</username>:</para>
      <screen>&prompt.root; <userinput>cap_mkdb /etc/login.conf</userinput></screen>
@ -2603,12 +2591,12 @@ result: 0 Success
 	during the certificate creation process below.</para>
      <para>The following commands must be executed in the
-	<filename class="directory">
+	<filename
-	  /usr/local/etc/openldap/private</filename> directory.  This
+	  class="directory">/usr/local/etc/openldap/private</filename>
-	is important as the file permissions will need to be
+	directory.  This is important as the file permissions will
-	restrictive and users should not have access to these files
+	need to be restrictive and users should not have access to
-	directly.  To create the certificates, issues the following
+	these files directly.  To create the certificates, issues the
-	commands.</para>
+	following commands.</para>
      <screen>&prompt.root; <userinput>openssl req -days 365 -nodes -new -x509 -keyout ca.key -out ../ca.crt</userinput></screen>
@ -2917,11 +2905,10 @@ result: 0 Success
 	<application>sysinstall</application>.  When configuring a
 	network interface within
 	<application>sysinstall</application>, the second question
-	  asked is: <quote>Do you want to try DHCP configuration of
+	asked is: <quote>Do you want to try DHCP configuration of the
-	  the interface?</quote>.  Answering affirmatively will
+	interface?</quote>.  Answering affirmatively will execute
-	  execute <command>dhclient</command>, and if successful, will
+	<command>dhclient</command>, and if successful, will fill in
-	  fill in the network configuration information
+	the network configuration information automatically.</para>
 	  automatically.</para>
      <para>There are two things required to have the system use
 	DHCP upon startup:</para>
@ -2931,33 +2918,33 @@ result: 0 Success
      </indexterm>
      <itemizedlist>
 	<listitem>
-	    <para>Make sure that the <devicename>bpf</devicename>
+	  <para>Make sure that the <devicename>bpf</devicename> device
-	      device is compiled into the kernel.  To do this, add
+	    is compiled into the kernel.  To do this, add
-	      <literal>device bpf</literal> to the kernel
+	    <literal>device bpf</literal> to the kernel configuration
-	      configuration file, and rebuild the kernel.  For more
+	    file, and rebuild the kernel.  For more information about
-	      information about building kernels, see
+	    building kernels, see
 	    <xref linkend="kernelconfig"/>.</para>
 	  <para>The <devicename>bpf</devicename> device is already
 	    part of the <filename>GENERIC</filename> kernel that is
 	    supplied with &os;, thus there is no need to build a
-	      custom kernel for <acronym>DHCP</acronym>.  In the case
+	    custom kernel for <acronym>DHCP</acronym>.  In the case of
-	      of a custom kernel configuration file, this device must
+	    a custom kernel configuration file, this device must be
-	      be present for <acronym>DHCP</acronym> to function
+	    present for <acronym>DHCP</acronym> to function
 	    properly.</para>
 	  <note>
 	    <para>For those who are particularly security conscious,
-		take note that <devicename>bpf</devicename>
+	      take note that <devicename>bpf</devicename> is also the
-		is also the device that allows packet sniffers to work
+	      device that allows packet sniffers to work correctly
-		correctly (although they still have to be run as
+	      (although they still have to be run as
 	      <username>root</username>).
 	      <devicename>bpf</devicename> <emphasis>is</emphasis>
 	      required to use DHCP; however, the security sensitive
 	      types should probably not add
-		<devicename>bpf</devicename> to the
+	      <devicename>bpf</devicename> to the kernel in the
-		kernel in the expectation that at some point in the
+	      expectation that at some point in the future the system
-		future the system will be using DHCP.</para>
+	      will be using DHCP.</para>
 	  </note>
 	</listitem>
@ -2969,12 +2956,12 @@ result: 0 Success
 	  <para>Background DHCP works well when the DHCP server
 	    responds quickly to requests and the DHCP configuration
-	      process goes quickly.  However, DHCP may take a long
+	    process goes quickly.  However, DHCP may take a long time
-	      time to complete on some systems.  If network services
+	    to complete on some systems.  If network services attempt
-	      attempt to run before DHCP has completed, they will
+	    to run before DHCP has completed, they will fail.  Using
-	      fail.  Using DHCP in <firstterm>synchronous</firstterm>
+	    DHCP in <firstterm>synchronous</firstterm> mode prevents
-	      mode prevents the problem, pausing startup until DHCP
+	    the problem, pausing startup until DHCP configuration has
-	      configuration has completed.</para>
+	    completed.</para>
 	  <para>To connect to a DHCP server in the background while
 	    other startup continues (asynchronous mode), use the
@ -2997,10 +2984,9 @@ result: 0 Success
 	  </note>
 	  <para>When using a different file system location for
-	      <command>dhclient</command>, or if
+	    <command>dhclient</command>, or if additional flags must
-	      additional flags must be passed to
+	    be passed to <command>dhclient</command>, include (editing
-	      <command>dhclient</command>,
+	    as necessary):</para>
 	      include (editing as necessary):</para>
 	  <programlisting>dhclient_program="/sbin/dhclient"
 dhclient_flags=""</programlisting>
@ -3013,9 +2999,9 @@ dhclient_flags=""</programlisting>
      </indexterm>
      <para>The DHCP server, <application>dhcpd</application>, is
 	included as part of the
-	  <filename role="package">net/isc-dhcp42-server</filename>
+	<filename role="package">net/isc-dhcp42-server</filename> port
-	  port in the ports collection.  This port contains the ISC
+	in the ports collection.  This port contains the ISC DHCP
-	  DHCP server and documentation.</para>
+	server and documentation.</para>
    </sect2>
    <sect2>
@ -3028,24 +3014,26 @@ dhclient_flags=""</programlisting>
      <itemizedlist>
 	<listitem>
 	  <para><filename>/etc/dhclient.conf</filename></para>
 	  <para><command>dhclient</command> requires a configuration
-	      file, <filename>/etc/dhclient.conf</filename>.
+	    file, <filename>/etc/dhclient.conf</filename>.  Typically
-	      Typically the file contains only comments, the defaults
+	    the file contains only comments, the defaults being
-	      being reasonably sane.  This configuration file is
+	    reasonably sane.  This configuration file is described by
-	      described by the &man.dhclient.conf.5; manual
+	    the &man.dhclient.conf.5; manual page.</para>
 	      page.</para>
 	</listitem>
 	<listitem>
 	  <para><filename>/sbin/dhclient</filename></para>
 	  <para><command>dhclient</command> is statically linked and
 	    resides in <filename>/sbin</filename>.  The
-	      &man.dhclient.8; manual page gives more information
+	    &man.dhclient.8; manual page gives more information about
-	      about <command>dhclient</command>.</para>
+	    <command>dhclient</command>.</para>
 	</listitem>
 	<listitem>
 	  <para><filename>/sbin/dhclient-script</filename></para>
 	  <para><command>dhclient-script</command> is the
 	    FreeBSD-specific DHCP client configuration script.  It
 	    is described in &man.dhclient-script.8;, but should not
@ -3054,8 +3042,9 @@ dhclient_flags=""</programlisting>
 	<listitem>
 	  <para><filename>/var/db/dhclient.leases.<replaceable>interface</replaceable></filename></para>
-	    <para>The DHCP client keeps a database of valid leases
+
-	      in this file, which is written as a log.
+	  <para>The DHCP client keeps a database of valid leases in
 	    this file, which is written as a log.
 	    &man.dhclient.leases.5; gives a slightly longer
 	    description.</para>
 	</listitem>
@ -3065,8 +3054,8 @@ dhclient_flags=""</programlisting>
    <sect2>
      <title>Further Reading</title>
-	<para>The DHCP protocol is fully described in <ulink
+      <para>The DHCP protocol is fully described in
-	    url="http://www.freesoft.org/CIE/RFC/2131/">RFC
+	<ulink url="http://www.freesoft.org/CIE/RFC/2131/">RFC
 	  2131</ulink>.  An informational resource has also been set
 	up at <ulink url="http://www.dhcp.org/"></ulink>.</para>
    </sect2>
@ -3077,8 +3066,8 @@ dhclient_flags=""</programlisting>
      <sect3>
 	<title>What This Section Covers</title>
-	  <para>This section provides information on how to configure
+	<para>This section provides information on how to configure a
-	    a FreeBSD system to act as a DHCP server using the ISC
+	  FreeBSD system to act as a DHCP server using the ISC
 	  (Internet Systems Consortium) implementation of the DHCP
 	  server.</para>
@ -3096,38 +3085,36 @@ dhclient_flags=""</programlisting>
 	  <primary>DHCP</primary>
 	  <secondary>installation</secondary>
 	</indexterm>
-	  <para>In order to configure the &os; system as a DHCP
+
-	    server, first ensure that the &man.bpf.4; device is
+	<para>In order to configure the &os; system as a DHCP server,
-	    compiled into the kernel.  To do this, add
+	  first ensure that the &man.bpf.4; device is compiled into
-	    <literal>device bpf</literal> to the kernel configuration
+	  the kernel.  To do this, add <literal>device bpf</literal>
-	    file, and rebuild the kernel.  For more information about
+	  to the kernel configuration file, and rebuild the kernel.
-	    building kernels, see
+	  For more information about building kernels, see
 	  <xref linkend="kernelconfig"/>.</para>
-	  <para>The <devicename>bpf</devicename> device is already
+	<para>The <devicename>bpf</devicename> device is already part
-	    part of the <filename>GENERIC</filename> kernel that is
+	  of the <filename>GENERIC</filename> kernel that is supplied
-	    supplied with &os;, so there is no need to create a
+	  with &os;, so there is no need to create a custom kernel in
-	    custom kernel in order to get <acronym>DHCP</acronym>
+	  order to get <acronym>DHCP</acronym> working.</para>
 	    working.</para>
 	<note>
-	    <para>Those who are particularly security conscious
+	  <para>Those who are particularly security conscious should
-	      should note that <devicename>bpf</devicename> is also
+	    note that <devicename>bpf</devicename> is also the device
-	      the device that allows packet sniffers to function
+	    that allows packet sniffers to function correctly
-	      correctly (although such programs still need
+	    (although such programs still need privileged access).
-	      privileged access).  The <devicename>bpf</devicename>
+	    The <devicename>bpf</devicename> device
-	      device <emphasis>is</emphasis> required to use DHCP, but
+	    <emphasis>is</emphasis> required to use DHCP, but if the
-	      if the sensitivity of the system's security is high,
+	    sensitivity of the system's security is high, this device
-	      this device should not be included in the kernel purely
+	    should not be included in the kernel purely because the
-	      because the use of <acronym>DHCP</acronym> may, at some
+	    use of <acronym>DHCP</acronym> may, at some point in the
-	      point in the future, be desired.</para>
+	    future, be desired.</para>
 	</note>
-	  <para>The next thing that is needed is to edit the
+	<para>The next thing that is needed is to edit the sample
-	    sample <filename>dhcpd.conf</filename> which was installed
+	  <filename>dhcpd.conf</filename> which was installed by the
-	    by the <filename
+	  <filename role="package">net/isc-dhcp42-server</filename>
-	      role="package">net/isc-dhcp42-server</filename> port.
+	  port.  By default, this will be
 	    By default, this will be
 	  <filename>/usr/local/etc/dhcpd.conf.sample</filename>, and
 	  you should copy this to
 	  <filename>/usr/local/etc/dhcpd.conf</filename> before
@ -3248,13 +3235,12 @@ dhcpd_ifaces="dc0"</programlisting>
 	<screen>&prompt.root; <userinput>service isc-dhcpd start</userinput></screen>
-	<para>Any future changes to the configuration
+	<para>Any future changes to the configuration of the server
-	  of the server will require the sending of a
+	  will require the sending of a <literal>SIGTERM</literal>
-	  <literal>SIGTERM</literal> signal to
+	  signal to <application>dhcpd</application> rather than a
-	  <application>dhcpd</application> rather than a
+	  <literal>SIGHUP</literal>.  It is definitely more simple to
-	  <literal>SIGHUP</literal>.  It is definitely more
+	  use &man.service.8; to completely restart the
-	  simple to use &man.service.8; to completely restart
+	  service.</para>
 	  the service.</para>
      </sect3>
      <sect3>
@ -3267,30 +3253,33 @@ dhcpd_ifaces="dc0"</programlisting>
 	<itemizedlist>
 	  <listitem>
 	    <para><filename>/usr/local/sbin/dhcpd</filename></para>
 	    <para><application>dhcpd</application> is statically
 	      linked and resides in
-	      <filename>/usr/local/sbin</filename>.  The
+	      <filename>/usr/local/sbin</filename>.  The &man.dhcpd.8;
-	      &man.dhcpd.8; manual page installed with the port
+	      manual page installed with the port gives more
-	      gives more information about
+	      information about
 	      <application>dhcpd</application>.</para>
 	  </listitem>
 	  <listitem>
 	    <para><filename>/usr/local/etc/dhcpd.conf</filename></para>
 	    <para><application>dhcpd</application> requires a
 	      configuration file,
-	      <filename>/usr/local/etc/dhcpd.conf</filename> before
+	      <filename>/usr/local/etc/dhcpd.conf</filename> before it
-	      it will start providing service to clients.  This file
+	      will start providing service to clients.  This file
 	      needs to contain all the information that should be
-	      provided to clients that are being serviced, along
+	      provided to clients that are being serviced, along with
-	      with information regarding the operation of the
+	      information regarding the operation of the server.  This
-	      server.  This configuration file is described
+	      configuration file is described by the
-	      by the &man.dhcpd.conf.5; manual page installed
+	      &man.dhcpd.conf.5; manual page installed by the
-	      by the port.</para>
+	      port.</para>
 	  </listitem>
 	  <listitem>
 	    <para><filename>/var/db/dhcpd.leases</filename></para>
 	    <para>The DHCP server keeps a database of leases it has
 	      issued in this file, which is written as a log.  The
 	      manual page &man.dhcpd.leases.5;, installed by the
@ -3299,14 +3288,15 @@ dhcpd_ifaces="dc0"</programlisting>
 	  <listitem>
 	    <para><filename>/usr/local/sbin/dhcrelay</filename></para>
 	    <para><application>dhcrelay</application> is used in
 	      advanced environments where one DHCP server forwards a
 	      request from a client to another DHCP server on a
 	      separate network.  If this functionality is required,
-	      then install the <filename
+	      then install the
-		role="package">net/isc-dhcp42-relay</filename> port.
+	      <filename role="package">net/isc-dhcp42-relay</filename>
-	      The &man.dhcrelay.8; manual page provided with the
+	      port.  The &man.dhcrelay.8; manual page provided with
-	      port contains more detail.</para>
+	      the port contains more detail.</para>
 	  </listitem>
 	</itemizedlist>
      </sect3>
@ -3345,11 +3335,11 @@ dhcpd_ifaces="dc0"</programlisting>
 	of the <acronym>DNS</acronym> protocol.
 	<acronym>DNS</acronym> is the protocol through which names are
 	mapped to <acronym>IP</acronym> addresses, and vice versa.
-	For example, a query for <hostid
+	For example, a query for
-	  role="fqdn">www.FreeBSD.org</hostid> will receive a reply
+	<hostid role="fqdn">www.FreeBSD.org</hostid> will receive a
-	with the <acronym>IP</acronym> address of The &os; Project's
+	reply with the <acronym>IP</acronym> address of The &os;
-	web server, whereas, a query for <hostid
+	Project's web server, whereas, a query for
-	  role="fqdn">ftp.FreeBSD.org</hostid> will return the
+	<hostid role="fqdn">ftp.FreeBSD.org</hostid> will return the
 	<acronym>IP</acronym> address of the corresponding
 	<acronym>FTP</acronym> machine.  Likewise, the opposite can
 	happen.  A query for an <acronym>IP</acronym> address can
@ -3479,12 +3469,11 @@ dhcpd_ifaces="dc0"</programlisting>
      </itemizedlist>
      <para>As one can see, the more specific part of a hostname
-	appears to its left.  For example, <hostid
+	appears to its left.  For example,
-	  role="domainname">example.org.</hostid> is more specific
+	<hostid role="domainname">example.org.</hostid> is more
-	than <hostid>org.</hostid>, as <hostid>org.</hostid> is more
+	specific than <hostid>org.</hostid>, as <hostid>org.</hostid>
-	specific than the root zone.  The layout of each part of a
+	is more specific than the root zone.  The layout of each part
-	hostname is
+	of a hostname is much like a file system: the
 	much like a file system: the
 	<filename class="directory">/dev</filename> directory falls
 	within the root, and so on.</para>
    </sect2>
@ -3493,8 +3482,8 @@ dhcpd_ifaces="dc0"</programlisting>
      <title>Reasons to Run a Name Server</title>
      <para>Name servers generally come in two forms: authoritative
-	name servers, and caching (also known as resolving)
+	name servers, and caching (also known as resolving) name
-	name servers.</para>
+	servers.</para>
      <para>An authoritative name server is needed when:</para>
@ -3505,10 +3494,10 @@ dhcpd_ifaces="dc0"</programlisting>
 	</listitem>
 	<listitem>
-	  <para>A domain, such as <hostid
+	  <para>A domain, such as
-	      role="domainname">example.org</hostid>, is registered
+	    <hostid role="domainname">example.org</hostid>, is
-	    and <acronym>IP</acronym> addresses need to be assigned
+	    registered and <acronym>IP</acronym> addresses need to be
-	    to hostnames under it.</para>
+	    assigned to hostnames under it.</para>
 	</listitem>
 	<listitem>
@ -4141,16 +4130,16 @@ www             IN      CNAME   example.org.</programlisting>
 	    <term><literal>2006051501</literal></term>
 	    <listitem>
-	      <para>the serial number of the file.  This
+	      <para>the serial number of the file.  This must be
-		must be incremented each time the zone file is
+		incremented each time the zone file is modified.
-		modified.  Nowadays, many admins prefer a
+		Nowadays, many admins prefer a
 		<literal>yyyymmddrr</literal> format for the serial
-		number.  <literal>2006051501</literal> would mean
+		number.  <literal>2006051501</literal> would mean last
-		last modified 05/15/2006, the latter
+		modified 05/15/2006, the latter <literal>01</literal>
-		<literal>01</literal> being the first time the zone
+		being the first time the zone file has been modified
-		file has been modified this day.  The serial number
+		this day.  The serial number is important as it alerts
-		is important as it alerts slave name servers for a
+		slave name servers for a zone when it is
-		zone when it is updated.</para>
+		updated.</para>
 	    </listitem>
 	  </varlistentry>
 	</variablelist>
@ -4263,12 +4252,12 @@ mail            IN      A       192.168.1.5</programlisting>
      </indexterm>
      <para>Domain Name System Security Extensions, or <acronym
-	  role="Domain Name Security Extensions">DNSSEC</acronym>
+	  role="Domain Name Security Extensions">DNSSEC</acronym> for
-	for short, is a suite of specifications to protect resolving
+	short, is a suite of specifications to protect resolving name
-	name servers from forged <acronym>DNS</acronym> data, such
+	servers from forged <acronym>DNS</acronym> data, such as
-	as spoofed <acronym>DNS</acronym> records.  By using digital
+	spoofed <acronym>DNS</acronym> records.  By using digital
-	signatures, a resolver can verify the integrity of the
+	signatures, a resolver can verify the integrity of the record.
-	record.  Note that <acronym role="Domain Name Security
+	Note that <acronym role="Domain Name Security
 	  Extensions">DNSSEC</acronym> only provides integrity via
 	digitally signing the Resource Records (<acronym
 	  role="Resource Record">RR</acronym>s).  It provides neither
@ -4929,10 +4918,10 @@ $include Kexample.com.+005+nnnnn.ZSK.key    ; ZSK</programlisting>
      <programlisting>NameVirtualHost *</programlisting>
-      <para>If the webserver was named <hostid
+      <para>If the webserver was named
-	  role="fqdn">www.domain.tld</hostid> and
+	<hostid role="fqdn">www.domain.tld</hostid> and
-	a virtual domain for <hostid
+	a virtual domain for
-	  role="fqdn">www.someotherdomain.tld</hostid> then
+	<hostid role="fqdn">www.someotherdomain.tld</hostid> then
 	add the following entries to
 	<filename>httpd.conf</filename>:</para>
@ -4946,8 +4935,8 @@ ServerName www.someotherdomain.tld
 DocumentRoot /www/someotherdomain.tld
 &lt;/VirtualHost&gt;</screen>
-      <para>Replace the addresses with the addresses needed
+      <para>Replace the addresses with the addresses needed and the
-	and the path to the documents with what are being used.</para>
+	path to the documents with what are being used.</para>
      <para>For more information about setting up virtual hosts,
 	please consult the official <application>Apache</application>
@ -4981,9 +4970,9 @@ DocumentRoot /www/someotherdomain.tld
 	  OpenSSL library to provide strong cryptography via the
 	  Secure Sockets Layer (SSL v2/v3) and Transport Layer
 	  Security (TLS v1) protocols.  This module provides
-	  everything necessary to request a signed certificate from
+	  everything necessary to request a signed certificate from a
-	  a trusted certificate signing authority to run
+	  trusted certificate signing authority to run a secure web
-	  a secure web server on &os;.</para>
+	  server on &os;.</para>
 	<para>The <application>mod_ssl</application> module is built
 	  by default, but can be enabled by specifying
@ -5132,18 +5121,17 @@ DocumentRoot /www/someotherdomain.tld
 	  <secondary>PHP</secondary>
 	</indexterm>
-	<para><acronym>PHP</acronym>, also known as <quote>PHP:
+	<para><acronym>PHP</acronym>, also known as
-	    Hypertext Preprocessor</quote> is a general-purpose
+	  <quote>PHP: Hypertext Preprocessor</quote> is a
-	  scripting language that is especially suited for Web
+	  general-purpose scripting language that is especially suited
-	  development.  Capable of being embedded into
+	  for Web development.  Capable of being embedded into
-	  <acronym>HTML</acronym> its syntax draws upon C, &java;,
+	  <acronym>HTML</acronym> its syntax draws upon C, &java;, and
-	  and Perl with the intention of allowing web developers to
+	  Perl with the intention of allowing web developers to write
-	  write dynamically generated webpages quickly.</para>
+	  dynamically generated webpages quickly.</para>
 	<para>To gain support for <acronym>PHP</acronym>5 for the
 	  <application>Apache</application> web server, begin by
-	  installing the
+	  installing the <filename role="package">lang/php5</filename>
 	  <filename role="package">lang/php5</filename>
 	  port.</para>
 	<para>If the <filename role="package">lang/php5</filename>
@ -5260,14 +5248,13 @@ DocumentRoot /www/someotherdomain.tld
      <para>The most important configuration step is deciding which
 	accounts will be allowed access to the FTP server.  A normal
-	&os; system has a number of system accounts used for
+	&os; system has a number of system accounts used for various
-	various daemons, but unknown users should not be allowed to
+	daemons, but unknown users should not be allowed to log in
-	log in with these accounts.  The
+	with these accounts.  The <filename>/etc/ftpusers</filename>
-	<filename>/etc/ftpusers</filename> file is a list of users
+	file is a list of users disallowed any FTP access.  By
-	disallowed any FTP access.  By default, it includes the
+	default, it includes the aforementioned system accounts, but
-	aforementioned system accounts, but it is possible to add
+	it is possible to add specific users here that should not be
-	specific users here that should not be allowed access to
+	allowed access to FTP.</para>
 	FTP.</para>
      <para>In some cases it may be desirable to restrict the access
 	of some users without preventing them completely from using
@ -5334,7 +5321,6 @@ DocumentRoot /www/someotherdomain.tld
      <para>You can now log on to the FTP server by typing:</para>
      <screen>&prompt.user; <userinput>ftp localhost</userinput></screen>
    </sect2>
    <sect2>
@ -5644,7 +5630,6 @@ Starting smbd.</screen>
 	functionality beyond the basic installation described here,
 	please see <ulink url="http://www.samba.org"></ulink>.</para>
    </sect2>
  </sect1>
  <sect1 id="network-ntp">
@ -5674,8 +5659,8 @@ Starting smbd.</screen>
 	since a certain time.  In a local area network environment, it
 	is essential that computers sharing files from the same file
 	server have synchronized clocks so that file timestamps stay
-	consistent.  Services such as &man.cron.8; also rely on
+	consistent.  Services such as &man.cron.8; also rely on an
-	an accurate system clock to run commands at the specified
+	accurate system clock to run commands at the specified
 	times.</para>
      <indexterm>