--- tools/stunnel.conf-sample.in.orig	Thu Aug 31 21:02:30 2006
+++ tools/stunnel.conf-sample.in	Wed Sep 27 16:40:43 2006
@@ -3,18 +3,17 @@
 ; Please make sure you understand them (especially the effect of chroot jail)
 
 ; Certificate/key is needed in server mode and optional in client mode
-cert = @prefix@/etc/stunnel/mail.pem
-;key = @prefix@/etc/stunnel/mail.pem
+cert = @sysconfdir@/ssl/private/stunnel.pem
+;key = @sysconfdir@/ssl/private/stunnel.key
 
 ; Protocol version (all, SSLv2, SSLv3, TLSv1)
 sslVersion = SSLv3
 
 ; Some security enhancements for UNIX systems - comment them out on Win32
-chroot = @prefix@/var/lib/stunnel/
-setuid = nobody
-setgid = @DEFAULT_GROUP@
-; PID is created inside chroot jail
-pid = /stunnel.pid
+chroot = /var/stunnel/
+setuid = _stunnel
+setgid = _stunnel
+pid = /var/run/stunnel.pid
 
 ; Some performance tunings
 socket = l:TCP_NODELAY=1
@@ -30,12 +29,12 @@ socket = r:TCP_NODELAY=1
 ; CApath is located inside chroot jail
 ;CApath = /certs
 ; It's often easier to use CAfile
-;CAfile = @prefix@/etc/stunnel/certs.pem
+;CAfile = @sysconfdir@/ssl/certs.pem
 ; Don't forget to c_rehash CRLpath
 ; CRLpath is located inside chroot jail
 ;CRLpath = /crls
 ; Alternatively you can use CRLfile
-;CRLfile = @prefix@/etc/stunnel/crls.pem
+;CRLfile = @sysconfdir@/ssl/crls.pem
 
 ; Some debugging stuff useful for troubleshooting
 ;debug = 7
