X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?a=blobdiff_plain;f=config%2Fafpd.conf.tmpl;h=0994a116d4821f1f2475fac5ccd889e1451e20db;hb=8ea9eaad323ec8ea180ffc277cd409d713a5895f;hp=0364b891871b779bc4532a2f6fbbe2b0677ec545;hpb=914bcb1bf563396f50c85d92023fb9b8efe2af25;p=netatalk.git diff --git a/config/afpd.conf.tmpl b/config/afpd.conf.tmpl index 0364b891..0994a116 100644 --- a/config/afpd.conf.tmpl +++ b/config/afpd.conf.tmpl @@ -1,89 +1,119 @@ # # CONFIGURATION FOR AFPD # -# Each line defines a virtual server that should be available. +# Each single line defines a virtual server that should be available. +# Though, using "\" character, newline escaping is supported. # Empty lines and lines beginning with `#' are ignored. # Options in this file will override both compiled-in defaults # and command line options. +# + + # # Format: -# - [options] to specify options for the default server +# - [options] to specify options for the default server # "Server name" [options] to specify an additional server +# + + # # The following options are available: # Transport Protocols: -# -[no]tcp Make AFP-over-TCP [not] available -# -[no]ddp Make AFP over AppleTalk [not] available. if you -# have -proxy specified, specify -uamlist "" to +# -[no]tcp Make "AFP over TCP" [not] available +# -[no]ddp Make "AFP over AppleTalk" [not] available. +# If you have -proxy specified, specify -uamlist "" to # prevent ddp connections from working. # -# -transall Make both available (default) +# -transall Make both available # # Transport Options: -# -ipaddr Specifies the IP address the server should respond -# to (default is the first IP address of the system) -# This option also allows one machine to advertise -# TCP/IP for another machine. +# -ipaddr Specifies the IP address that the server should +# advertise and listens to. The default is advertise +# the first IP address of the system, but to listen +# for any incoming request. The network address may +# be specified either in dotted-decimal format for +# IPv4 or in hexadecimal format for IPv6. +# This option also allows to use one machine to +# advertise the AFP-over-TCP/IP settings of another +# machine via NBP when used together with the -proxy +# option. # -server_quantum # Specifies the DSI server quantum. The minimum # value is 1MB. The max value is 0xFFFFFFFF. If you # specify a value that is out of range, you'll get # the default value (currently the minimum). # -admingroup -# Specifies the group of administrators who should all -# be seen as the superuser when they log in. Default -# is disabled. -# -ddpaddr x.y Specifies the DDP address of the server. the -# default is to auto-assign an address -# (0.0). this is only useful if you're running -# on a multihomed host. +# Specifies the group of administrators who should +# all be seen as the superuser when they log in. +# Default is disabled. +# -ddpaddr x.y Specifies the DDP address of the server. +# the default is to auto-assign an address (0.0). +# this is only useful if you're running on +# a multihomed host. # -port Specifies the TCP port the server should respond # to (default is 548) -# -fqdn specify a fully-qualified domain name (+ -# optional port). this gets discarded if the -# server can't resolve it. this is not honored -# by appleshare clients <= 3.8.3 (default: none) -# -proxy Run an AppleTalk proxy server for specified AFP/TCP -# server (if address/port aren't given, then -# first IP address of the system/548 will be used). +# -fqdn specify a fully-qualified domain name (+optional +# port). this gets discarded if the server can't +# resolve it. this is not honored by appleshare +# clients <= 3.8.3 (default: none) +# -hostname Use this instead of the result from calling +# hostname for dertermening which IP address to +# advertise, therfore the hostname is resolved to +# an IP which is the advertised. This is NOT used for +# listening and it is also overwritten by -ipaddr. +# -proxy Run an AppleTalk proxy server for specified +# AFP/TCP server (if address/port aren't given, +# then first IP address of the system/548 will +# be used). # if you don't want the proxy server to act as -# a ddp server as well, set -uamlist to an -# empty string. -# -noslp Don't register this server with the Service -# Location Protocol. +# a ddp server as well, set -uamlist to an empty +# string. +# -slp Register this server with the Service Location +# Protocol (if SLP support was compiled in). +# -nozeroconf Don't register this server with the Multicats +# DNS Protocol. +# -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to +# automagically establish a tunneled AFP connection +# through SSH. This option is not so significant +# for the recent Mac OS X. See the Netatalk Manual +# in detail. # # # Authentication Methods: # -uampath Use this path to look for User Authentication Modules. -# (default: :UAMS_PATH:) -# -uamlist Comma-separated list of UAMs. (default: -# uams_guest.so,uams_clrtxt.so,uams_dhx.so) +# (default: :UAMS_PATH:) +# -uamlist Comma-separated list of UAMs. +# (default: uams_dhx.so,uams_dhx2.so) # -# some commonly available UAMs: +# some commonly available UAMs: # uams_guest.so: Allow guest logins # -# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) -# Allow logins with passwords -# transmitted in the clear. +# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) +# Allow logins with passwords +# transmitted in the clear. +# +# uams_randnum.so: Allow Random Number and Two-Way +# Random Number exchange for +# authentication. # -# uams_randnum.so: Allow Random Number and Two-Way -# Random Number exchange for -# authentication. +# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) +# Allow Diffie-Hellman eXchange +# (DHX) for authentication. # -# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) -# Allow Diffie-Hellman eXchange -# (DHX) for authentication. +# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so) +# Allow Diffie-Hellman eXchange 2 +# (DHX2) for authentication. # # Password Options: # -[no]savepassword [Don't] Allow clients to save password locally -# -passwdfile Use this path to store Randnum -# passwords. (Default: :ETCDIR:/afppasswd. The only -# other useful value is ~/.passwd. See 'man afppasswd' +# -passwdfile Use this path to store Randnum passwords. +# (Default: :ETCDIR:/afppasswd. The only other +# useful value is ~/.passwd. See 'man afppasswd' # for details.) # -passwdminlen <#> minimum password length. may be ignored. # -[no]setpassword [Don't] Allow clients to change their passwords. # -loginmaxfail <#> maximum number of failed logins. this may be -# ignored if the uam can't handle it. +# ignored if the uam can't handle it. # # AppleVolumes files: # -defaultvol Specifies path to AppleVolumes.default file @@ -97,18 +127,18 @@ # :ETCDIR:/AppleVolumes.default # (same as -u on command line) # -[no]uservol [Don't] Read the user's volume file -# -closevol After an AppleVolumes change, disconnect immediatly -# removed volumes. -# +# -closevol Immediately unmount volumes removed from +# AppleVolumes files on SIGHUP sent to the afp +# master process. # # Miscellaneous: # -authprintdir Specifies the path to be used (per server) to -# store the files required to do CAP-style -# print authentication which papd will examine -# to determine if a print job should be allowed. -# These files are created at login and if they -# are to be properly removed, this directory -# probably needs to be umode 1777 +# store the files required to do CAP-style +# print authentication which papd will examine +# to determine if a print job should be allowed. +# These files are created at login and if they +# are to be properly removed, this directory +# probably needs to be umode 1777 # -guestname "user" Specifies the user name for the guest login # (default "nobody", same as -g on command line) # -loginmesg "Message" Client will display "Message" upon logging in @@ -128,32 +158,41 @@ # shouldn't be changed. If you want to control # the server idle timeout, use the -timeout option. # -timeout Specify the number of tickles to send before -# timing out a connection. The default is 4, therefore -# a connection will timeout in 2 minutes. -# -icon Use the platform-specific icon. +# timing out a connection. +# The default is 4, therefore a connection will +# timeout in 2 minutes. +# -[no]icon [Don't] Use the platform-specific icon. Recent +# Mac OS don't display it any longer. # -volnamelen # Max length of UTF8-MAC volume name for Mac OS X. # Note that Hangul is especially sensitive to this. -# 31: conservative default -# 80: limit for Mac OS X 10.5 # 255: limit of spec -# Mac OS 9 and earlier are not influenced by this, -# Maccharset volume name is always 27 limit. +# 80: limit of generic Mac OS X (default) +# 73: limit of Mac OS X 10.1, if >= 74 +# Finder crashed and restart repeatedly. +# Mac OS 9 and earlier is not influenced by this, +# Maccharset volume names are always limitted to 27. # -[un]setuplog " []" -# Specify that any message of a loglevel up to the given loglevel -# should be logged to the given file. If the filename is ommited the -# loglevel applies to messages passed to syslog. Latter -setuplog -# settings will override earlier ones of the same logtype (file or -# syslog). -# -# By default (no explicit -setuplog and no buildtime configure flag -# --with-logfile) all netatalk daemons log to syslog with a default -# logging setup equivalent to "-setuplog default log_debug". -# -# If build with --with-logfile (default logfile -# /var/log/netatalk.log) or --with-logfile=somefile all daemons -# default to a setup that is equivalent to "-setuplog default -# log_info [netatalk.log|somefile]" +# Specify that any message of a loglevel up to the +# given loglevel should be logged to the given file. +# If the filename is ommited the loglevel applies to +# messages passed to syslog. +# +# By default (no explicit -setuplog and no buildtime +# configure flag --with-logfile) afpd logs to syslog +# with a default logging setup equivalent to +# "-setuplog default log_info". +# +# If build with --with-logfile[=somefile] +# (default logfile /var/log/netatalk.log) afpd +# defaults to a setup that is equivalent to +# "-setuplog default log_info [netatalk.log|somefile]" +# +# logtypes: Default, AFPDaemon, Logger, UAMSDaemon +# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, +# LOG_NOTE, LOG_INFO, LOG_DEBUG, +# LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, +# LOG_DEBUG9, LOG_MAXDEBUG # # Example: Useful default config # -setuplog "default log_info /var/log/afpd.log" @@ -161,62 +200,96 @@ # Debugging config # -setuplog "default log_maxdebug /var/log/afpd.log" # -# -signature { user: | host } -# Specify a server signature. This option is useful while -# running multiple independent instances of afpd on one -# machine (eg. in clustered environments, to provide fault -# isolation etc.). "host" signature type allows afpd generating -# signature automatically (based on machine primary IP address). -# "user" signature type allows administrator to set up a signature -# string manually. Examples: three servers running on one machine: -# first -signature user:USERS -# second -signature user:USERS -# third -signature user:ADMINS -# First two servers will act as one logical AFP service - if user logs in to -# first one and then connects to second one, session will be automatically -# redirected to the first one. But if client connects to first and then to third, -# will be asked for password twice and will see resources of both servers. -# Traditional method of signature generation causes two independent afpd instances -# to have the same signature and thus cause clients to be redirected automatically -# to server (s)he logged in first. +# -signature { user: | auto } +# Specify a server signature. This option is useful +# while running multiple independent instances of +# afpd on one machine (eg. in clustered environments, +# to provide fault isolation etc.). +# Default is "auto". +# "auto" signature type allows afpd generating +# signature and saving it to afp_signature.conf +# automatically (based on random number). +# "host" signature type switches back to "auto" +# because it is obsoleted. +# "user" signature type allows administrator to +# set up a signature string manually. +# Examples: three servers running on one machine: +# first -signature user:USERS +# second -signature user:USERS +# third -signature user:ADMINS +# First two servers will act as one logical AFP +# service. If user logs in to first one and then +# connects to second one, session will be +# automatically redirected to the first one. But if +# client connects to first and then to third, +# will be asked for password twice and will see +# resources of both servers. +# Traditional method of signature generation causes +# two independent afpd instances to have the same +# signature and thus cause clients to be redirected +# automatically to server (s)he logged in first. +# -k5keytab # -k5service # -k5realm -# These are required if the server supports Kerberos 5 authentication +# These are required if the server supports +# Kerberos 5 authentication +# -ntdomain +# -ntseparator +# Use for eg. winbind authentication, prepends +# both strings before the username from login and +# then tries to authenticate with the result +# through the availabel and active UAM authentication +# modules. # # Codepage Options: -# -unixcodepage Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8". -# This is used to convert strings to/from the systems locale, e.g. -# for authenthication. Defaults to LOCALE if your system supports it, -# otherwise ASCII will be used. +# -unixcodepage Specifies the servers unix codepage, +# e.g. "ISO-8859-15" or "UTF8". +# This is used to convert strings to/from +# the systems locale, e.g. for authenthication. +# Defaults to LOCALE if your system supports it, +# otherwise ASCII will be used. # -# -maccodepage Specifies the mac clients codepage, e.g. "MAC_ROMAN". -# This is used to convert strings to the systems locale, e.g. -# for authenthication and SIGUSR2 messaging. This will also be -# the default for volumes maccharset. +# -maccodepage Specifies the mac clients codepage, +# e.g. "MAC_ROMAN". +# This is used to convert strings to the +# systems locale, e.g. for authenthication +# and SIGUSR2 messaging. This will also be +# the default for volumes maccharset. # # CNID related options: -# -cnidserver ipaddress:port Specifies the IP address and port of a cnid_metad server. +# -cnidserver +# Specifies the IP address and port of a +# cnid_metad server, required for CNID dbd +# backend. Defaults to localhost:4700. +# The network address may be specified either +# in dotted-decimal format for IPv4 or in +# hexadecimal format for IPv6. # - -# + +# # Some examples: # -# The simplest case is to not have an afpd.conf. +# The simplest case is to not have an afpd.conf. # -# 4 servers w/ names server1-3 and one w/ the hostname. servers +# 4 servers w/ names server1-3 and one w/ the hostname. servers # 1-3 get routed to different ports with server 3 being bound # specifically to address 192.168.1.3 -# - -# server1 -port 12000 -# server2 -port 12001 -# server3 -port 12002 -ipaddr 192.168.1.3 # -# a dedicated guest server, a user server, and a special -# ddp-only server: -# "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!" -# "User Volume" -uamlist uams_clrtxt.so -port 12000 -# "special" -notcp -defaultvol -systemvol +# - +# server1 -port 12000 +# server2 -port 12001 +# server3 -port 12002 -ipaddr 192.168.1.3 # +# a dedicated guest server, a user server, and a special +# AppleTalk-only server: +# +# "Guest Server" -uamlist uams_guest.so \ +# -loginmesg "Welcome guest! I'm a public server." +# "User Server" -uamlist uams_dhx2.so -port 12000 +# "special" -ddp -notcp -defaultvol -systemvol +# + + # default: -# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword +# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword