2 # CONFIGURATION FOR AFPD
4 # Each line defines a virtual server that should be available.
5 # Empty lines and lines beginning with `#' are ignored.
6 # Options in this file will override both compiled-in defaults
7 # and command line options.
13 # - [options] to specify options for the default server
14 # "Server name" [options] to specify an additional server
19 # The following options are available:
20 # Transport Protocols:
21 # -[no]tcp Make "AFP over TCP" [not] available
22 # -[no]ddp Make "AFP over AppleTalk" [not] available.
23 # If you have -proxy specified, specify -uamlist "" to
24 # prevent ddp connections from working.
26 # -transall Make both available
29 # -ipaddr <ipaddress> Specifies the IP address that the server should
30 # advertise and listens to. The default is advertise
31 # the first IP address of the system, but to listen
32 # for any incoming request. The network address may
33 # be specified either in dotted-decimal format for
34 # IPv4 or in hexadecimal format for IPv6.
35 # This option also allows to use one machine to
36 # advertise the AFP-over-TCP/IP settings of another
37 # machine via NBP when used together with the -proxy
39 # -server_quantum <number>
40 # Specifies the DSI server quantum. The minimum
41 # value is 1MB. The max value is 0xFFFFFFFF. If you
42 # specify a value that is out of range, you'll get
43 # the default value (currently the minimum).
44 # -admingroup <groupname>
45 # Specifies the group of administrators who should
46 # all be seen as the superuser when they log in.
47 # Default is disabled.
48 # -ddpaddr x.y Specifies the DDP address of the server.
49 # the default is to auto-assign an address (0.0).
50 # this is only useful if you're running on
52 # -port <number> Specifies the TCP port the server should respond
54 # -fqdn <name:port> specify a fully-qualified domain name (+optional
55 # port). this gets discarded if the server can't
56 # resolve it. this is not honored by appleshare
57 # clients <= 3.8.3 (default: none)
58 # -hostname <name> Use this instead of the result from calling
59 # hostname for dertermening which IP address to
60 # advertise, therfore the hostname is resolved to
61 # an IP which is the advertised. This is NOT used for
62 # listening and it is also overwritten by -ipaddr.
63 # -proxy Run an AppleTalk proxy server for specified
64 # AFP/TCP server (if address/port aren't given,
65 # then first IP address of the system/548 will
67 # if you don't want the proxy server to act as
68 # a ddp server as well, set -uamlist to an empty
70 # -slp Register this server with the Service Location
71 # Protocol (if SLP support was compiled in).
72 # -nozeroconf Don't register this server with the Multicats
74 # -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to
75 # automagically establish a tunneled AFP connection
76 # through SSH. This option is not so significant
77 # for the recent Mac OS X. See the Netatalk Manual
81 # Authentication Methods:
82 # -uampath <path> Use this path to look for User Authentication Modules.
83 # (default: :UAMS_PATH:)
84 # -uamlist <a,b,c> Comma-separated list of UAMs.
85 # (default: uams_dhx.so,uams_dhx2.so)
87 # some commonly available UAMs:
88 # uams_guest.so: Allow guest logins
90 # uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
91 # Allow logins with passwords
92 # transmitted in the clear.
94 # uams_randnum.so: Allow Random Number and Two-Way
95 # Random Number exchange for
98 # uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
99 # Allow Diffie-Hellman eXchange
100 # (DHX) for authentication.
102 # uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
103 # Allow Diffie-Hellman eXchange 2
104 # (DHX2) for authentication.
107 # -[no]savepassword [Don't] Allow clients to save password locally
108 # -passwdfile <path> Use this path to store Randnum passwords.
109 # (Default: :ETCDIR:/afppasswd. The only other
110 # useful value is ~/.passwd. See 'man afppasswd'
112 # -passwdminlen <#> minimum password length. may be ignored.
113 # -[no]setpassword [Don't] Allow clients to change their passwords.
114 # -loginmaxfail <#> maximum number of failed logins. this may be
115 # ignored if the uam can't handle it.
117 # AppleVolumes files:
118 # -defaultvol <path> Specifies path to AppleVolumes.default file
119 # (default :ETCDIR:/AppleVolumes.default,
120 # same as -f on command line)
121 # -systemvol <path> Specifies path to AppleVolumes.system file
122 # (default :ETCDIR:/AppleVolumes.system,
123 # same as -s on command line)
124 # -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
125 # ~/.AppleVolumes before reading
126 # :ETCDIR:/AppleVolumes.default
127 # (same as -u on command line)
128 # -[no]uservol [Don't] Read the user's volume file
129 # -closevol Immediately unmount volumes removed from
130 # AppleVolumes files on SIGHUP sent to the afp
134 # -authprintdir <path> Specifies the path to be used (per server) to
135 # store the files required to do CAP-style
136 # print authentication which papd will examine
137 # to determine if a print job should be allowed.
138 # These files are created at login and if they
139 # are to be properly removed, this directory
140 # probably needs to be umode 1777
141 # -guestname "user" Specifies the user name for the guest login
142 # (default "nobody", same as -g on command line)
143 # -loginmesg "Message" Client will display "Message" upon logging in
144 # (no default, same as -l "Message" on commandline)
145 # -nodebug Switch off debugging
146 # -client_polling With this switch enabled, afpd won't advertise
147 # that it is capable of server notifications, so that
148 # connected clients poll the server every 10 seconds
149 # to detect changes in opened server windows.
150 # Note: Depending on the number of simultaneously
151 # connected clients and the network's speed, this can
152 # lead to a significant higher load on your network!
153 # -sleep <number> AFP 3.x wait number hours before disconnecting
154 # clients in sleep mode. Default 10 hours
155 # -tickleval <number> Specify the tickle timeout interval (in seconds).
156 # Note, this defaults to 30 seconds, and really
157 # shouldn't be changed. If you want to control
158 # the server idle timeout, use the -timeout option.
159 # -timeout <number> Specify the number of tickles to send before
160 # timing out a connection.
161 # The default is 4, therefore a connection will
162 # timeout in 2 minutes.
163 # -[no]icon [Don't] Use the platform-specific icon. Recent
164 # Mac OS don't display it any longer.
165 # -volnamelen <number>
166 # Max length of UTF8-MAC volume name for Mac OS X.
167 # Note that Hangul is especially sensitive to this.
169 # 80: limit of generic Mac OS X (default)
170 # 73: limit of Mac OS X 10.1, if >= 74
171 # Finder crashed and restart repeatedly.
172 # Mac OS 9 and earlier is not influenced by this,
173 # Maccharset volume names are always limitted to 27.
174 # -[un]setuplog "<logtype> <loglevel> [<filename>]"
175 # Specify that any message of a loglevel up to the
176 # given loglevel should be logged to the given file.
177 # If the filename is ommited the loglevel applies to
178 # messages passed to syslog.
180 # By default (no explicit -setuplog and no buildtime
181 # configure flag --with-logfile) afpd logs to syslog
182 # with a default logging setup equivalent to
183 # "-setuplog default log_info".
185 # If build with --with-logfile[=somefile]
186 # (default logfile /var/log/netatalk.log) afpd
187 # defaults to a setup that is equivalent to
188 # "-setuplog default log_info [netatalk.log|somefile]"
190 # logtypes: Default, AFPDaemon, Logger, UAMSDaemon
191 # loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN,
192 # LOG_NOTE, LOG_INFO, LOG_DEBUG,
193 # LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8,
194 # LOG_DEBUG9, LOG_MAXDEBUG
196 # Example: Useful default config
197 # -setuplog "default log_info /var/log/afpd.log"
200 # -setuplog "default log_maxdebug /var/log/afpd.log"
202 # -signature { user:<text> | auto }
203 # Specify a server signature. This option is useful
204 # while running multiple independent instances of
205 # afpd on one machine (eg. in clustered environments,
206 # to provide fault isolation etc.).
208 # "auto" signature type allows afpd generating
209 # signature and saving it to afp_signature.conf
210 # automatically (based on random number).
211 # "host" signature type switches back to "auto"
212 # because it is obsoleted.
213 # "user" signature type allows administrator to
214 # set up a signature string manually.
215 # Examples: three servers running on one machine:
216 # first -signature user:USERS
217 # second -signature user:USERS
218 # third -signature user:ADMINS
219 # First two servers will act as one logical AFP
220 # service. If user logs in to first one and then
221 # connects to second one, session will be
222 # automatically redirected to the first one. But if
223 # client connects to first and then to third,
224 # will be asked for password twice and will see
225 # resources of both servers.
226 # Traditional method of signature generation causes
227 # two independent afpd instances to have the same
228 # signature and thus cause clients to be redirected
229 # automatically to server (s)he logged in first.
231 # -k5service <service>
233 # These are required if the server supports
234 # Kerberos 5 authentication
237 # Use for eg. winbind authentication, prepends
238 # both strings before the username from login and
239 # then tries to authenticate with the result
240 # through the availabel and active UAM authentication
244 # -unixcodepage <CODEPAGE> Specifies the servers unix codepage,
245 # e.g. "ISO-8859-15" or "UTF8".
246 # This is used to convert strings to/from
247 # the systems locale, e.g. for authenthication.
248 # Defaults to LOCALE if your system supports it,
249 # otherwise ASCII will be used.
251 # -maccodepage <CODEPAGE> Specifies the mac clients codepage,
253 # This is used to convert strings to the
254 # systems locale, e.g. for authenthication
255 # and SIGUSR2 messaging. This will also be
256 # the default for volumes maccharset.
258 # CNID related options:
259 # -cnidserver <ipaddress:port>
260 # Specifies the IP address and port of a
261 # cnid_metad server, required for CNID dbd
262 # backend. Defaults to localhost:4700.
263 # The network address may be specified either
264 # in dotted-decimal format for IPv4 or in
265 # hexadecimal format for IPv6.
272 # The simplest case is to not have an afpd.conf.
274 # 4 servers w/ names server1-3 and one w/ the hostname. servers
275 # 1-3 get routed to different ports with server 3 being bound
276 # specifically to address 192.168.1.3
278 # server1 -port 12000
279 # server2 -port 12001
280 # server3 -port 12002 -ipaddr 192.168.1.3
282 # a dedicated guest server, a user server, and a special
284 # "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
285 # "User Volume" -uamlist uams_clrtxt.so -port 12000
286 # "special" -notcp -defaultvol <path> -systemvol <path>
291 # - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword