unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (Debian-3.1)
Page:
Section:
Apropos / Subsearch:
optional field

pure-authd(8)                      Pure-FTPd                     pure-authd(8)



NAME
       pure-authd - External authentication agent for Pure-FTPd.

SYNTAX
       pure-authd  [-u  uid]  [-g  gid]  [-B]  <-s  /path/to/socket>  -r /pro-
       gram/to/run


DESCRIPTION
       pure-authd is a daemon that forks an authentication program, waits  for
       an authentication reply, and feed them to an application server.

       pure-authd  listens  to  a  local Unix socket. A new connection to that
       socket should feed pure-authd the following structure :

              account:xxx

              password:xxx

              localhost:xxx

              localport:xxx

              peer:xxx

              end

       (replace xxx with appropriate values) . localhost, localport  and  peer
       are  numeric  IP  addresses  and  ports.  peer is the IP address of the
       remote client.

       These arguments are passed to the authentication program,  as  environ-
       ment variables :

              AUTHD_ACCOUNT

              AUTHD_PASSWORD

              AUTHD_LOCAL_IP

              AUTHD_LOCAL_PORT

              AUTHD_REMOTE_IP

       The  authentication  program  should  take appropriate actions to fetch
       account info according to these arguments, and reply  to  the  standard
       output a structure like the following one :

              auth_ok:1

              uid:42

              gid:21

              dir:/home/j

              end


       auth_ok:xxx
              If  xxx  is  0,  the user was not found (the next authentication
              method passed to pure-ftpd will be tried) . If xxx  is  -1,  the
              user  was  found,  but  there was a fatal authentication error :
              user is root, password is wrong, account has expired, etc  (next
              authentication  methods  will  not  be tried) . If xxx is 1, the
              user was found and successfully authenticated.

       uid:xxx
              The system uid to be assigned to that user. Must be > 0.

       gid:xxx
              The primary system gid. Must be > 0.

       dir:xxx
              The absolute path to the home directory. Can contain /./  for  a
              chroot jail.

       slow_tilde_expansion:xxx (optional, default is 1)
              When  the command 'cd ~user' is issued, it's handy to go to that
              user's home directory, as expected in a shell  environment.  But
              fetching account info can be an expensive operation for non-sys-
              tem accounts. If xxx is 0, 'cd ~user' will expand to the  system
              user  home  directory. If xxx is 1, 'cd ~user' won't expand. You
              should use 1 in most cases with  external  authentication,  when
              your FTP users don't match system users. You can also set xxx to
              1 if you're using slow nss_* system authentication modules.

       throttling_bandwidth_ul:xxx (optional)
              The allocated bandwidth for uploads, in bytes per second.

       throttling_bandwidth_dl:xxx (optional)
              The allocated bandwidth for downloads, in bytes per second.

       user_quota_size:xxx (optional)
              The maximal total size for this account, in bytes.

       user_quota_files:xxx (optional)
              The maximal number of files for this account.

       ratio_upload:xxx (optional)

       radio_download:xxx (optional)
              The user must match a ratio_upload:ratio_download ratio.

       Only one authentication program is forked at a  time.  It  must  return
       quickly.

OPTIONS
       -u <uid>
              Have the daemon run with that uid.

       -g <gid>
              Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
              Set the full path to the local Unix socket.

       -R </path/to/program>
              Set the full path to the authentication program.

       -h     Output help information and exit.

EXAMPLES
       To run this program the standard way type:

       pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &

       pure-ftpd -lextauth:/var/run/ftpd.sock &

       /usr/bin/my-auth-program can be as simple as :
              #! /bin/sh

              echo 'auth_ok:1'

              echo 'uid:42'

              echo 'gid:21'

              echo 'dir:/home/j'

              echo 'end'

AUTHORS
       Frank DENIS <jATpureftpd.org>

SEE ALSO
       ftp(1),   pure-ftpd(8)   pure-ftpwho(8)  pure-mrtginfo(8)  pure-upload-
       script(8)  pure-statsdecode(8)  pure-pw(8)   pure-quotacheck(8)   pure-
       authd(8)

       RFC 959, RFC 2389, RFC 2228 and RFC 2428.



Pure-FTPd team                       1.0.8                       pure-authd(8)