#
# The following options are available:
# Transport Protocols:
-# -[no]tcp Make AFP-over-TCP [not] available
-# -[no]ddp Make AFP over AppleTalk [not] available. if you
-# have -proxy specified, specify -uamlist "" to
+# -[no]tcp Make "AFP over TCP" [not] available
+# -[no]ddp Make "AFP over AppleTalk" [not] available.
+# If you have -proxy specified, specify -uamlist "" to
# prevent ddp connections from working.
#
-# -transall Make both available (default)
+# -transall Make both available
#
# Transport Options:
# -ipaddr <w.x.y.z> Specifies the IP address the server should respond
# if you don't want the proxy server to act as
# a ddp server as well, set -uamlist to an
# empty string.
+# -noslp Don't register this server with the Service
+# Location Protocol.
#
#
# Authentication Methods:
# -uampath <path> Use this path to look for User Authentication Modules.
# (default: :UAMS_PATH:)
# -uamlist <a,b,c> Comma-separated list of UAMs. (default:
-# uams_guest.so,uams_clrtxt.so,uams_dhx.so)
+# uams_dhx.so,uams_dhx2.so)
#
# some commonly available UAMs:
# uams_guest.so: Allow guest logins
# Allow Diffie-Hellman eXchange
# (DHX) for authentication.
#
+# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
+# Allow Diffie-Hellman eXchange 2
+# (DHX2) for authentication.
+#
# Password Options:
# -[no]savepassword [Don't] Allow clients to save password locally
# -passwdfile <path> Use this path to store Randnum
-# passwords. (default: ~/.passwd. the only other
-# userful value is :ETCDIR:/afppasswd.)
+# passwords. (Default: :ETCDIR:/afppasswd. The only
+# other useful value is ~/.passwd. See 'man afppasswd'
+# for details.)
# -passwdminlen <#> minimum password length. may be ignored.
# -[no]setpassword [Don't] Allow clients to change their passwords.
# -loginmaxfail <#> maximum number of failed logins. this may be
# :ETCDIR:/AppleVolumes.default
# (same as -u on command line)
# -[no]uservol [Don't] Read the user's volume file
-#
-# -nlspath <path> Prepend this path to each code page filename
-# in volume options (default: :NLS_PATH:).
+# -closevol Immediately unmount volumes removed from AppleVolumes
+# files on SIGHUP sent to the afp master process.
#
# Miscellaneous:
# -authprintdir <path> Specifies the path to be used (per server) to
# -loginmesg "Message" Client will display "Message" upon logging in
# (no default, same as -l "Message" on commandline)
# -nodebug Switch off debugging
-# -tickleval <number> Specify the tickle timeout interval (in seconds)
+# -client_polling With this switch enabled, afpd won't advertise
+# that it is capable of server notifications, so that
+# connected clients poll the server every 10 seconds
+# to detect changes in opened server windows.
+# Note: Depending on the number of simultaneously
+# connected clients and the network's speed, this can
+# lead to a significant higher load on your network!
+# -sleep <number> AFP 3.x wait number hours before disconnecting
+# clients in sleep mode. Default 10 hours
+# -tickleval <number> Specify the tickle timeout interval (in seconds).
+# Note, this defaults to 30 seconds, and really
+# shouldn't be changed. If you want to control
+# the server idle timeout, use the -timeout option.
+# -timeout <number> Specify the number of tickles to send before
+# timing out a connection. The default is 4, therefore
+# a connection will timeout in 2 minutes.
# -icon Use the platform-specific icon.
+# -volnamelen <number>
+# Max length of UTF8-MAC volume name for Mac OS X.
+# Note that Hangul is especially sensitive to this.
+# 255: limit of spec
+# 80: limit of generic Mac OS X (default)
+# 73: limit of Mac OS X 10.1, if >= 74
+# Finder crashed and restart repeatedly.
+# Mac OS 9 and earlier is not influenced by this,
+# Maccharset volume names are always limitted to 27.
+# -[un]setuplog "<logtype> <loglevel> [<filename>]"
+# Specify that any message of a loglevel up to the given loglevel
+# should be logged to the given file. If the filename is ommited the
+# loglevel applies to messages passed to syslog.
+#
+# By default (no explicit -setuplog and no buildtime configure flag
+# --with-logfile) afpd logs to syslog with a default
+# logging setup equivalent to "-setuplog default log_note".
+#
+# If build with --with-logfile[=somefile] (default logfile
+# /var/log/netatalk.log) afpd defaults to a setup that is equivalent
+# to "-setuplog default log_note [netatalk.log|somefile]"
+#
+# logtypes: Default, AFPDaemon, Logger, UAMSDaemon
+# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE, LOG_INFO, LOG_DEBUG,
+# LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
+#
+# Example: Useful default config
+# -setuplog "default log_info /var/log/afpd.log"
+#
+# Debugging config
+# -setuplog "default log_maxdebug /var/log/afpd.log"
+#
+# -signature { user:<text> | host }
+# Specify a server signature. This option is useful while
+# running multiple independent instances of afpd on one
+# machine (eg. in clustered environments, to provide fault
+# isolation etc.). "host" signature type allows afpd generating
+# signature automatically (based on machine primary IP address).
+# "user" signature type allows administrator to set up a signature
+# string manually. Examples: three servers running on one machine:
+# first -signature user:USERS
+# second -signature user:USERS
+# third -signature user:ADMINS
+# First two servers will act as one logical AFP service - if user logs in to
+# first one and then connects to second one, session will be automatically
+# redirected to the first one. But if client connects to first and then to third,
+# will be asked for password twice and will see resources of both servers.
+# Traditional method of signature generation causes two independent afpd instances
+# to have the same signature and thus cause clients to be redirected automatically
+# to server (s)he logged in first.
+# -k5service <service>
+# -k5realm <realm>
+# These are required if the server supports Kerberos 5 authentication
+#
+# Codepage Options:
+# -unixcodepage <CODEPAGE> Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8".
+# This is used to convert strings to/from the systems locale, e.g.
+# for authenthication. Defaults to LOCALE if your system supports it,
+# otherwise ASCII will be used.
+#
+# -maccodepage <CODEPAGE> Specifies the mac clients codepage, e.g. "MAC_ROMAN".
+# This is used to convert strings to the systems locale, e.g.
+# for authenthication and SIGUSR2 messaging. This will also be
+# the default for volumes maccharset.
+#
+# CNID related options:
+# -cnidserver ipaddress:port Specifies the IP address and port of a cnid_metad server.
+#
+
+
#
# Some examples:
#
# "User Volume" -uamlist uams_clrtxt.so -port 12000
# "special" -notcp -defaultvol <path> -systemvol <path>
#
+
# default:
-# - -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so -nosavepassword
+# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword