pure-authd(8) Pure-FTPd pure-authd(8)
pure-authd - External authentication agent for Pure-FTPd.
pure-authd [-u uid] [-g gid] [-B] <-s /path/to/socket> -r /pro-
pure-authd is a daemon that forks an authentication program, waits for
an authentication reply, and feed them to an application server.
pure-authd listens to a local Unix socket. A new connection to that
socket should feed pure-authd the following structure :
(replace xxx with appropriate values) . localhost, localport and peer
are numeric IP addresses and ports. peer is the IP address of the
These arguments are passed to the authentication program, as environ-
ment variables :
The authentication program should take appropriate actions to fetch
account info according to these arguments, and reply to the standard
output a structure like the following one :
If xxx is 0, the user was not found (the next authentication
method passed to pure-ftpd will be tried) . If xxx is -1, the
user was found, but there was a fatal authentication error :
user is root, password is wrong, account has expired, etc (next
authentication methods will not be tried) . If xxx is 1, the
user was found and successfully authenticated.
The system uid to be assigned to that user. Must be > 0.
The primary system gid. Must be > 0.
The absolute path to the home directory. Can contain /./ for a
slow_tilde_expansion:xxx (optional, default is 1)
When the command 'cd ~user' is issued, it's handy to go to that
user's home directory, as expected in a shell environment. But
fetching account info can be an expensive operation for non-sys-
tem accounts. If xxx is 0, 'cd ~user' will expand to the system
user home directory. If xxx is 1, 'cd ~user' won't expand. You
should use 1 in most cases with external authentication, when
your FTP users don't match system users. You can also set xxx to
1 if you're using slow nss_* system authentication modules.
The allocated bandwidth for uploads, in bytes per second.
The allocated bandwidth for downloads, in bytes per second.
The maximal total size for this account, in bytes.
The maximal number of files for this account.
The user must match a ratio_upload:ratio_download ratio.
Only one authentication program is forked at a time. It must return
Have the daemon run with that uid.
Have the daemon run with that gid.
-B Fork in background (daemonization).
Set the full path to the local Unix socket.
Set the full path to the authentication program.
-h Output help information and exit.
To run this program the standard way type:
pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &
pure-ftpd -lextauth:/var/run/ftpd.sock &
/usr/bin/my-auth-program can be as simple as :
Frank DENIS <jATpureftpd.org>
ftp(1), pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8) pure-upload-
script(8) pure-statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-
RFC 959, RFC 2389, RFC 2228 and RFC 2428.
Pure-FTPd team 1.0.8 pure-authd(8)