2 # CONFIGURATION FOR AFPD
4 # Each line defines a virtual server that should be available.
5 # Empty lines and lines beginning with `#' are ignored.
6 # Options in this file will override both compiled-in defaults
7 # and command line options.
13 # - [options] to specify options for the default server
14 # "Server name" [options] to specify an additional server
19 # The following options are available:
20 # Transport Protocols:
21 # -[no]tcp Make "AFP over TCP" [not] available
22 # -[no]ddp Make "AFP over AppleTalk" [not] available.
23 # If you have -proxy specified, specify -uamlist "" to
24 # prevent ddp connections from working.
26 # -transall Make both available
29 # -ipaddr <w.x.y.z> Specifies the IP address the server should respond
30 # to (default is the first IP address of the system)
31 # This option also allows one machine to advertise
32 # TCP/IP for another machine.
33 # -server_quantum <number>
34 # Specifies the DSI server quantum. The minimum
35 # value is 1MB. The max value is 0xFFFFFFFF. If you
36 # specify a value that is out of range, you'll get
37 # the default value (currently the minimum).
38 # -admingroup <groupname>
39 # Specifies the group of administrators who should
40 # all be seen as the superuser when they log in.
41 # Default is disabled.
42 # -ddpaddr x.y Specifies the DDP address of the server.
43 # the default is to auto-assign an address (0.0).
44 # this is only useful if you're running on
46 # -port <number> Specifies the TCP port the server should respond
48 # -fqdn <name:port> specify a fully-qualified domain name (+optional
49 # port). this gets discarded if the server can't
50 # resolve it. this is not honored by appleshare
51 # clients <= 3.8.3 (default: none)
52 # -proxy Run an AppleTalk proxy server for specified
53 # AFP/TCP server (if address/port aren't given,
54 # then first IP address of the system/548 will
56 # if you don't want the proxy server to act as
57 # a ddp server as well, set -uamlist to an empty
59 # -slp Register this server with the Service Location
63 # Authentication Methods:
64 # -uampath <path> Use this path to look for User Authentication Modules.
65 # (default: :UAMS_PATH:)
66 # -uamlist <a,b,c> Comma-separated list of UAMs.
67 # (default: uams_dhx.so,uams_dhx2.so)
69 # some commonly available UAMs:
70 # uams_guest.so: Allow guest logins
72 # uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
73 # Allow logins with passwords
74 # transmitted in the clear.
76 # uams_randnum.so: Allow Random Number and Two-Way
77 # Random Number exchange for
80 # uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
81 # Allow Diffie-Hellman eXchange
82 # (DHX) for authentication.
84 # uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
85 # Allow Diffie-Hellman eXchange 2
86 # (DHX2) for authentication.
89 # -[no]savepassword [Don't] Allow clients to save password locally
90 # -passwdfile <path> Use this path to store Randnum passwords.
91 # (Default: :ETCDIR:/afppasswd. The only other
92 # useful value is ~/.passwd. See 'man afppasswd'
94 # -passwdminlen <#> minimum password length. may be ignored.
95 # -[no]setpassword [Don't] Allow clients to change their passwords.
96 # -loginmaxfail <#> maximum number of failed logins. this may be
97 # ignored if the uam can't handle it.
100 # -defaultvol <path> Specifies path to AppleVolumes.default file
101 # (default :ETCDIR:/AppleVolumes.default,
102 # same as -f on command line)
103 # -systemvol <path> Specifies path to AppleVolumes.system file
104 # (default :ETCDIR:/AppleVolumes.system,
105 # same as -s on command line)
106 # -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
107 # ~/.AppleVolumes before reading
108 # :ETCDIR:/AppleVolumes.default
109 # (same as -u on command line)
110 # -[no]uservol [Don't] Read the user's volume file
111 # -closevol Immediately unmount volumes removed from
112 # AppleVolumes files on SIGHUP sent to the afp
116 # -authprintdir <path> Specifies the path to be used (per server) to
117 # store the files required to do CAP-style
118 # print authentication which papd will examine
119 # to determine if a print job should be allowed.
120 # These files are created at login and if they
121 # are to be properly removed, this directory
122 # probably needs to be umode 1777
123 # -guestname "user" Specifies the user name for the guest login
124 # (default "nobody", same as -g on command line)
125 # -loginmesg "Message" Client will display "Message" upon logging in
126 # (no default, same as -l "Message" on commandline)
127 # -nodebug Switch off debugging
128 # -client_polling With this switch enabled, afpd won't advertise
129 # that it is capable of server notifications, so that
130 # connected clients poll the server every 10 seconds
131 # to detect changes in opened server windows.
132 # Note: Depending on the number of simultaneously
133 # connected clients and the network's speed, this can
134 # lead to a significant higher load on your network!
135 # -sleep <number> AFP 3.x wait number hours before disconnecting
136 # clients in sleep mode. Default 10 hours
137 # -tickleval <number> Specify the tickle timeout interval (in seconds).
138 # Note, this defaults to 30 seconds, and really
139 # shouldn't be changed. If you want to control
140 # the server idle timeout, use the -timeout option.
141 # -timeout <number> Specify the number of tickles to send before
142 # timing out a connection.
143 # The default is 4, therefore a connection will
144 # timeout in 2 minutes.
145 # -icon Use the platform-specific icon.
146 # -volnamelen <number>
147 # Max length of UTF8-MAC volume name for Mac OS X.
148 # Note that Hangul is especially sensitive to this.
150 # 80: limit of generic Mac OS X (default)
151 # 73: limit of Mac OS X 10.1, if >= 74
152 # Finder crashed and restart repeatedly.
153 # Mac OS 9 and earlier is not influenced by this,
154 # Maccharset volume names are always limitted to 27.
155 # -[un]setuplog "<logtype> <loglevel> [<filename>]"
156 # Specify that any message of a loglevel up to the
157 # given loglevel should be logged to the given file.
158 # If the filename is ommited the loglevel applies to
159 # messages passed to syslog.
161 # By default (no explicit -setuplog and no buildtime
162 # configure flag --with-logfile) afpd logs to syslog
163 # with a default logging setup equivalent to
164 # "-setuplog default log_info".
166 # If build with --with-logfile[=somefile]
167 # (default logfile /var/log/netatalk.log) afpd
168 # defaults to a setup that is equivalent to
169 # "-setuplog default log_info [netatalk.log|somefile]"
171 # logtypes: Default, AFPDaemon, Logger, UAMSDaemon
172 # loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN,
173 # LOG_NOTE, LOG_INFO, LOG_DEBUG,
174 # LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8,
175 # LOG_DEBUG9, LOG_MAXDEBUG
177 # Example: Useful default config
178 # -setuplog "default log_info /var/log/afpd.log"
181 # -setuplog "default log_maxdebug /var/log/afpd.log"
183 # -signature { user:<text> | auto }
184 # Specify a server signature. This option is useful
185 # while running multiple independent instances of
186 # afpd on one machine (eg. in clustered environments,
187 # to provide fault isolation etc.).
189 # "auto" signature type allows afpd generating
190 # signature and saving it to afp_signature.conf
191 # automatically (based on random number).
192 # "host" signature type switches back to "auto"
193 # because it is obsoleted.
194 # "user" signature type allows administrator to
195 # set up a signature string manually.
196 # Examples: three servers running on one machine:
197 # first -signature user:USERS
198 # second -signature user:USERS
199 # third -signature user:ADMINS
200 # First two servers will act as one logical AFP service.
201 # If user logs in to first one and then connects to second
202 # one, session will be automatically redirected to the first
203 # one. But if client connects to first and then to third,
204 # will be asked for password twice and will see resources of
206 # Traditional method of signature generation causes two
207 # independent afpd instances to have the same signature and
208 # thus cause clients to be redirected automatically to
209 # server (s)he logged in first.
210 # -k5service <service>
212 # These are required if the server supports Kerberos 5
216 # -unixcodepage <CODEPAGE> Specifies the servers unix codepage,
217 # e.g. "ISO-8859-15" or "UTF8".
218 # This is used to convert strings to/from
219 # the systems locale, e.g. for authenthication.
220 # Defaults to LOCALE if your system supports it,
221 # otherwise ASCII will be used.
223 # -maccodepage <CODEPAGE> Specifies the mac clients codepage,
225 # This is used to convert strings to the
226 # systems locale, e.g. for authenthication
227 # and SIGUSR2 messaging. This will also be
228 # the default for volumes maccharset.
230 # CNID related options:
231 # -cnidserver ipaddress:port Specifies the IP address and port of
232 # a cnid_metad server.
239 # The simplest case is to not have an afpd.conf.
241 # 4 servers w/ names server1-3 and one w/ the hostname. servers
242 # 1-3 get routed to different ports with server 3 being bound
243 # specifically to address 192.168.1.3
245 # server1 -port 12000
246 # server2 -port 12001
247 # server3 -port 12002 -ipaddr 192.168.1.3
249 # a dedicated guest server, a user server, and a special
251 # "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
252 # "User Volume" -uamlist uams_clrtxt.so -port 12000
253 # "special" -notcp -defaultvol <path> -systemvol <path>
258 # - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword