$OpenBSD: README,v 1.4 2011/08/22 08:43:54 sthen Exp $
+-----------------------------------------------------------------------
| Running ${FULLPKGNAME} on OpenBSD
+-----------------------------------------------------------------------
Radicale will run out of the box but with NO SECURITY.
There are two things you should do to enable security:
enable passwords and enable encryption.
Authentication
==============
To enable passwords, edit ${SYSCONFDIR}/radicale/config and change
"type = None" (i.e. passwords are not requested or checked) to
"type = htpasswd".
User password(s) may be created with htpasswd(1); e.g.
"htpasswd -s ${SYSCONFDIR}/radicale/users username".
If the 'users' file does not already exist, use the '-c' option to create it.
By default all calendars may be accessed by any authenticated user.
To restrict calendars so that "/user1/calendar_name" can ONLY be
accessed by user1, also change "personal = False" to "personal = True".
Encryption
==========
To enable encryption, you need both to change "ssl = False" to
"ssl = True" in file "config", and install a certificate and key in
the files named in "certificate" and "key".
Note that it does not suffice to change these variables to point
at a certificate installed in /etc/ssl because the key
file will be unreadable (/etc/ssl/private has restricted
directory permissions).
Either copy your existing key and certificate to the locations
in ${SYSCONFDIR} and owned by (and only readable by) the user _radicale,
or, generate a self-signed RSA server certificate as described
in ssl(8) (but changing /etc/ssl to ${SYSCONFDIR}/radicale).
