2 # CONFIGURATION FOR AFPD (Netatalk 2.x)
4 # Each single line defines a virtual server that should be available.
5 # Though, using "\" character, newline escaping is supported.
6 # Empty lines and lines beginning with `#' are ignored.
7 # Options in this file will override both compiled-in defaults
8 # and command line options.
14 # - [options] to specify options for the default server
15 # "Server name" [options] to specify an additional server
20 # The following options are available:
21 # Transport Protocols:
22 # -[no]tcp Make "AFP over TCP" [not] available
23 # -[no]ddp Make "AFP over AppleTalk" [not] available.
24 # If you have -proxy specified, specify -uamlist "" to
25 # prevent ddp connections from working.
27 # -transall Make both available
30 # -ipaddr <ipaddress> Specifies the IP address that the server should
31 # advertise and listens to. The default is advertise
32 # the first IP address of the system, but to listen
33 # for any incoming request. The network address may
34 # be specified either in dotted-decimal format for
35 # IPv4 or in hexadecimal format for IPv6.
36 # This option also allows to use one machine to
37 # advertise the AFP-over-TCP/IP settings of another
38 # machine via NBP when used together with the -proxy
40 # -server_quantum <number>
41 # Specifies the DSI server quantum. The minimum
42 # value is 1MB. The max value is 0xFFFFFFFF. If you
43 # specify a value that is out of range, you'll get
44 # the default value (currently the minimum).
45 # -admingroup <groupname>
46 # Specifies the group of administrators who should
47 # all be seen as the superuser when they log in.
48 # Default is disabled.
49 # -ddpaddr x.y Specifies the DDP address of the server.
50 # the default is to auto-assign an address (0.0).
51 # this is only useful if you're running on
53 # -port <number> Specifies the TCP port the server should respond
55 # -fqdn <name:port> specify a fully-qualified domain name (+optional
56 # port). this gets discarded if the server can't
57 # resolve it. this is not honored by appleshare
58 # clients <= 3.8.3 (default: none)
59 # -hostname <name> Use this instead of the result from calling
60 # hostname for dertermening which IP address to
61 # advertise, therfore the hostname is resolved to
62 # an IP which is the advertised. This is NOT used for
63 # listening and it is also overwritten by -ipaddr.
64 # -proxy Run an AppleTalk proxy server for specified
65 # AFP/TCP server (if address/port aren't given,
66 # then first IP address of the system/548 will
68 # if you don't want the proxy server to act as
69 # a ddp server as well, set -uamlist to an empty
71 # -dsireadbuf [number]
72 # Scale factor that determines the size of the
73 # DSI/TCP readahead buffer, default is 12. This is
74 # multiplies with the DSI server quantum (default
75 # ~300k) to give the size of the buffer. Increasing
76 # this value might increase throughput in fast local
77 # networks for volume to volume copies. Note: This
78 # buffer is allocated per afpd child process, so
79 # specifying large values will eat up large amount of
80 # memory (buffer size * number of clients).
82 # Try to set TCP receive buffer using setsockpt().
83 # Often OSes impose restrictions on the applications
84 # ability to set this value.
86 # Try to set TCP send buffer using setsockpt().
87 # Often OSes impose restrictions on the applications
88 # ability to set this value.
89 # -slp Register this server with the Service Location
90 # Protocol (if SLP support was compiled in).
91 # -nozeroconf Don't register this server with the Multicats
93 # -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to
94 # automagically establish a tunneled AFP connection
95 # through SSH. This option is not so significant
96 # for the recent Mac OS X. See the Netatalk Manual
100 # Authentication Methods:
101 # -uampath <path> Use this path to look for User Authentication Modules.
102 # (default: :UAMS_PATH:)
103 # -uamlist <a,b,c> Comma-separated list of UAMs.
104 # (default: uams_dhx.so,uams_dhx2.so)
106 # some commonly available UAMs:
107 # uams_guest.so: Allow guest logins
109 # uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
110 # Allow logins with passwords
111 # transmitted in the clear.
113 # uams_randnum.so: Allow Random Number and Two-Way
114 # Random Number exchange for
117 # uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
118 # Allow Diffie-Hellman eXchange
119 # (DHX) for authentication.
121 # uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
122 # Allow Diffie-Hellman eXchange 2
123 # (DHX2) for authentication.
126 # -[no]savepassword [Don't] Allow clients to save password locally
127 # -passwdfile <path> Use this path to store Randnum passwords.
128 # (Default: :ETCDIR:/afppasswd. The only other
129 # useful value is ~/.passwd. See 'man afppasswd'
131 # -passwdminlen <#> minimum password length. may be ignored.
132 # -[no]setpassword [Don't] Allow clients to change their passwords.
133 # -loginmaxfail <#> maximum number of failed logins. this may be
134 # ignored if the uam can't handle it.
136 # AppleVolumes files:
137 # -defaultvol <path> Specifies path to AppleVolumes.default file
138 # (default :ETCDIR:/AppleVolumes.default,
139 # same as -f on command line)
140 # -systemvol <path> Specifies path to AppleVolumes.system file
141 # (default :ETCDIR:/AppleVolumes.system,
142 # same as -s on command line)
143 # -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
144 # ~/.AppleVolumes before reading
145 # :ETCDIR:/AppleVolumes.default
146 # (same as -u on command line)
147 # -[no]uservol [Don't] Read the user's volume file
148 # -closevol Immediately unmount volumes removed from
149 # AppleVolumes files on SIGHUP sent to the afp
153 # -authprintdir <path> Specifies the path to be used (per server) to
154 # store the files required to do CAP-style
155 # print authentication which papd will examine
156 # to determine if a print job should be allowed.
157 # These files are created at login and if they
158 # are to be properly removed, this directory
159 # probably needs to be umode 1777
160 # -guestname "user" Specifies the user name for the guest login
161 # (default "nobody", same as -g on command line)
162 # -loginmesg "Message" Client will display "Message" upon logging in
163 # (no default, same as -l "Message" on commandline)
164 # -nodebug Switch off debugging
165 # -client_polling With this switch enabled, afpd won't advertise
166 # that it is capable of server notifications, so that
167 # connected clients poll the server every 10 seconds
168 # to detect changes in opened server windows.
169 # Note: Depending on the number of simultaneously
170 # connected clients and the network's speed, this can
171 # lead to a significant higher load on your network!
172 # -sleep <number> AFP 3.x wait number hours before disconnecting
173 # clients in sleep mode. Default 10 hours
174 # -tickleval <number> Specify the tickle timeout interval (in seconds).
175 # Note, this defaults to 30 seconds, and really
176 # shouldn't be changed. If you want to control
177 # the server idle timeout, use the -timeout option.
178 # -timeout <number> Specify the number of tickles to send before
179 # timing out a connection.
180 # The default is 4, therefore a connection will
181 # timeout in 2 minutes.
182 # -[no]icon [Don't] Use the platform-specific icon. Recent
183 # Mac OS don't display it any longer.
184 # -volnamelen <number>
185 # Max length of UTF8-MAC volume name for Mac OS X.
186 # Note that Hangul is especially sensitive to this.
188 # 80: limit of generic Mac OS X (default)
189 # 73: limit of Mac OS X 10.1, if >= 74
190 # Finder crashed and restart repeatedly.
191 # Mac OS 9 and earlier is not influenced by this,
192 # Maccharset volume names are always limitted to 27.
193 # -[un]setuplog "<logtype> <loglevel> [<filename>]"
194 # Specify that any message of a loglevel up to the
195 # given loglevel should be logged to the given file.
196 # If the filename is ommited the loglevel applies to
197 # messages passed to syslog.
199 # By default (no explicit -setuplog and no buildtime
200 # configure flag --with-logfile) afpd logs to syslog
201 # with a default logging setup equivalent to
202 # "-setuplog default log_info".
204 # If build with --with-logfile[=somefile]
205 # (default logfile /var/log/netatalk.log) afpd
206 # defaults to a setup that is equivalent to
207 # "-setuplog default log_info [netatalk.log|somefile]"
209 # logtypes: Default, AFPDaemon, Logger, UAMSDaemon
210 # loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN,
211 # LOG_NOTE, LOG_INFO, LOG_DEBUG,
212 # LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8,
213 # LOG_DEBUG9, LOG_MAXDEBUG
215 # Example: Useful default config
216 # -setuplog "default log_info /var/log/afpd.log"
219 # -setuplog "default log_maxdebug /var/log/afpd.log"
221 # -signature { user:<text> | auto }
222 # Specify a server signature. This option is useful
223 # while running multiple independent instances of
224 # afpd on one machine (eg. in clustered environments,
225 # to provide fault isolation etc.).
227 # "auto" signature type allows afpd generating
228 # signature and saving it to afp_signature.conf
229 # automatically (based on random number).
230 # "host" signature type switches back to "auto"
231 # because it is obsoleted.
232 # "user" signature type allows administrator to
233 # set up a signature string manually.
234 # Examples: three servers running on one machine:
235 # first -signature user:USERS
236 # second -signature user:USERS
237 # third -signature user:ADMINS
238 # First two servers will act as one logical AFP
239 # service. If user logs in to first one and then
240 # connects to second one, session will be
241 # automatically redirected to the first one. But if
242 # client connects to first and then to third,
243 # will be asked for password twice and will see
244 # resources of both servers.
245 # Traditional method of signature generation causes
246 # two independent afpd instances to have the same
247 # signature and thus cause clients to be redirected
248 # automatically to server (s)he logged in first.
250 # -k5service <service>
252 # These are required if the server supports
253 # Kerberos 5 authentication
256 # Use for eg. winbind authentication, prepends
257 # both strings before the username from login and
258 # then tries to authenticate with the result
259 # through the availabel and active UAM authentication
261 # -dircachesize entries
262 # Maximum possible entries in the directory cache.
263 # The cache stores directories and files. It is used
264 # to cache the full path to directories and CNIDs
265 # which considerably speeds up directory enumeration.
266 # Default size is 8192, maximum size is 131072. Given
267 # value is rounded up to nearest power of 2. Each
268 # entry takes about 100 bytes, which is not much, but
269 # remember that every afpd child process for every
270 # connected user has its cache.
271 # -fcelistener host[:port]
272 # Enables sending FCE events to the specified host,
273 # default port is 12250 if not specified. Specifying
274 # mutliple listeners is done by having this option
275 # once for each of them.
276 # -fceevents fmod,fdel,ddel,fcre,dcre,tmsz
277 # Speficies which FCE events are active, default is
278 # fmod,fdel,ddel,fcre,dcre.
279 # -fcecoalesce all|delete|create
280 # Coalesce FCE events.
281 # -fceholdfmod seconds
282 # This determines the time delay in seconds which is
283 # always waited if another file modification for the
284 # same file is done by a client before sending an FCE
285 # file modification event (fmod). For example saving
286 # a file in Photoshop would generate multiple events
287 # by itself because the application is opening,
288 # modifying and closing a file mutliple times for
289 # every "save". Defautl: 60 seconds.
290 # -keepsessions Enable "Continuous AFP Service". This means the
291 # ability to stop the master afpd process with a
292 # SIGQUIT signal, possibly install an afpd update and
293 # start the afpd process. Existing AFP sessions afpd
294 # processes will remain unaffected. Technically they
295 # will be notified of the master afpd shutdown, sleep
296 # 15-20 seconds and then try to reconnect their IPC
297 # channel to the master afpd process. If this
298 # reconnect fails, the sessions are in an undefined
299 # state. Therefor it's absolutely critical to restart
300 # the master process in time!
301 # -noacl2maccess Don't map filesystem ACLs to effective permissions.
304 # -unixcodepage <CODEPAGE> Specifies the servers unix codepage,
305 # e.g. "ISO-8859-15" or "UTF8".
306 # This is used to convert strings to/from
307 # the systems locale, e.g. for authenthication.
308 # Defaults to LOCALE if your system supports it,
309 # otherwise ASCII will be used.
311 # -maccodepage <CODEPAGE> Specifies the legacy clients (<= Mac OS 9)
312 # codepage, e.g. "MAC_ROMAN".
313 # This is used to convert strings to the
314 # systems locale, e.g. for authenthication
315 # and SIGUSR2 messaging. This will also be
316 # the default for volumes maccharset.
318 # CNID related options:
319 # -cnidserver <ipaddress:port>
320 # Specifies the IP address and port of a
321 # cnid_metad server, required for CNID dbd
322 # backend. Defaults to localhost:4700.
323 # The network address may be specified either
324 # in dotted-decimal format for IPv4 or in
325 # hexadecimal format for IPv6.
327 # Avahi (Bonjour) related options:
328 # -mimicmodel <model>
329 # Specifies the icon model that appears on
330 # clients. Defaults to off. Examples: RackMac
331 # (same as Xserve), PowerBook, PowerMac, Macmini,
332 # iMac, MacBook, MacBookPro, MacBookAir, MacPro,
333 # AppleTV1,1, AirPort
340 # The simplest case is to not have an afpd.conf.
342 # 4 servers w/ names server1-3 and one w/ the hostname. servers
343 # 1-3 get routed to different ports with server 3 being bound
344 # specifically to address 192.168.1.3
347 # server1 -port 12000
348 # server2 -port 12001
349 # server3 -port 12002 -ipaddr 192.168.1.3
351 # a dedicated guest server, a user server, and a special
352 # AppleTalk-only server:
354 # "Guest Server" -uamlist uams_guest.so \
355 # -loginmesg "Welcome guest! I'm a public server."
356 # "User Server" -uamlist uams_dhx2.so -port 12000
357 # "special" -ddp -notcp -defaultvol <path> -systemvol <path>
362 # - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword