'\" t
.\" Title: afpd.conf
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
-.\" Generator: DocBook XSL Stylesheets v1.74.3 <http://docbook.sf.net/>
-.\" Date: 23 December 2009
-.\" Manual: Netatalk 2.1
-.\" Source: Netatalk 2.1
+.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
+.\" Date: 15 Aug 2011
+.\" Manual: Netatalk 2.2
+.\" Source: Netatalk 2.2
.\" Language: English
.\"
-.TH "AFPD\&.CONF" "5" "23 December 2009" "Netatalk 2.1" "Netatalk 2.1"
+.TH "AFPD\&.CONF" "5" "15 Aug 2011" "Netatalk 2.2" "Netatalk 2.2"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.PP
Each server has to be configured on a
\fBsingle\fR
-line\&. Though newline escaping is supported\&.
+line\&. Though, using "\e" character, newline escaping is supported\&.
.sp .5v
.RE
The possible options and their meanings are:
.PP
uams_clrtxt\&.so
.RS 4
-(uams_pam\&.so or uams_passwd\&.so) Allow logins with passwords transmitted in the clear\&.
+(uams_pam\&.so or uams_passwd\&.so) Allow logins with passwords transmitted in the clear\&. (legacy)
.RE
.PP
uams_randum\&.so
allows Random Number and Two\-Way Random Number Exchange for authentication (requires a separate file containing the passwords, either :ETCDIR:/afppasswd file or the one specified via
\fB\-passwdfile\fR\&. See
\fBafppasswd\fR(1)
-for details
+for details\&. (legacy)
.RE
.PP
uams_dhx\&.so
.RS 4
Use for eg\&. winbind authentication, prepends both strings before the username from login and then tries to authenticate with the result through the availabel and active UAM authentication modules\&.
.RE
+.PP
+\-adminauthuser
+.RS 4
+Specifying eg
+\fB\-adminauthuser root\fR
+whenever a normal user login fails, afpd will try to authenticate as the specified
+\fBadminauthuser\fR\&. If this succeeds, a normal session is created for the original connecting user\&. Said differently: if you know the password of
+\fBadminauthuser\fR, you can authenticate as any other user\&.
+.RE
.SH "CODEPAGE OPTIONS"
.PP
-With OS X Apple introduced the AFP3 protocol\&. One of the big changes was, that AFP3 uses Unicode names encoded as UTF\-8 decomposed\&. Previous AFP/OS versions used codepages like MacRoman, MacCentralEurope, etc\&.
+With OS X Apple introduced the AFP3 protocol\&. One of the big changes was, that AFP3 uses Unicode names encoded as Decomposed UTF\-8 (UTF8\-MAC)\&. Previous AFP/OS versions used codepages like MacRoman, MacCentralEurope, etc\&.
.PP
To be able to serve AFP3 and older clients at the same time,
\fBafpd\fR
.PP
As
\fBafpd\fR
-needs to interact with unix operating system as well, it need\'s to be able to convert from UTF\-8/MacCodepage to the unix codepage\&. By default
+needs to interact with unix operating system as well, it need\'s to be able to convert from UTF8\-MAC/MacCodepage to the unix codepage\&. By default
\fBafpd\fR
uses the systems LOCALE, or ASCII if your system doesn\'t support locales\&. You can set the unix codepage using the
\fB\-unixcodepage\fR
\fB\-proxy\fR
is specified, you must instead use
\fB\-uamlist ""\fR
-to prevent DDP connections from working\&.
+to prevent DDP connections from working\&. (default is \-noddp)
.RE
.PP
\-[no]tcp
.RS 4
-Enables or disables AFP\-over\-TCP
+Enables or disables AFP\-over\-TCP (default is \-tcp)
.RE
.PP
\-transall
.RS 4
-Make both available (default)
+Make both available
.RE
.SH "TRANSPORT OPTIONS"
.PP
\-advertise_ssh
.RS 4
-Allows Mac OS X clients (10\&.3\&.3 or above) to automagically establish a tunneled AFP connection through SSH\&. If this option is set, the server\'s answers to client\'s FPGetSrvrInfo requests contain an additional entry\&. It depends on both client\'s settings and a correctly configured and running
+Allows Mac OS X clients (10\&.3\&.3\-10\&.4) to automagically establish a tunneled AFP connection through SSH\&. If this option is set, the server\'s answers to client\'s FPGetSrvrInfo requests contain an additional entry\&. It depends on both client\'s settings and a correctly configured and running
\fBsshd\fR(8)
on the server to let things work\&.
.if n \{\
when used together with the
\fB\-proxy\fR
option\&.
-.sp
-\fIExample IP/hostname configuration:\fR
-.sp
-fluxxus
-\fB\-hostname\fR
-afp\&.apple\&.com
-\fB\-ipaddr\fR
-127\&.0\&.0\&.1
-\fB\-fqdn\fR
-www\&.microsoft\&.com
-.sp
-Result:
+.PP
+\fBExample.\ \&afpd.conf onfiguration line\fR
.sp
.if n \{\
.RS 4
.\}
.nf
-(UTF8) Server name: "fluxxus"
-Listening and advertised network address: "127\&.0\&.0\&.1"
-Advertised network address: "www\&.microsoft\&.com"
+ fluxxus \-hostname afp\&.example\&.org \-ipaddr 192\&.168\&.0\&.1 \-fqdn www\&.example\&.com
+
.fi
.if n \{\
.RE
.\}
+.sp
+
+\fBResult\fR
+.sp
+(UTF8) Server name: fluxxus, Listening and advertised network address: 192\&.168\&.0\&.1, Advertised network address: www\&.example\&.com, hostname is not used\&.
.RE
.PP
\-port \fI[port number]\fR
This specifies the DSI server quantum\&. The default value is 303840\&. The maximum value is 0xFFFFFFFFF, the minimum is 32000\&. If you specify a value that is out of range, the default value will be set\&. Do not change this value unless you\'re absolutely sure, what you\'re doing
.RE
.PP
+\-dsireadbuf \fI[number]\fR
+.RS 4
+Scale factor that determines the size of the DSI/TCP readahead buffer, default is 12\&. This is multiplies with the DSI server quantum (default ~300k) to give the size of the buffer\&. Increasing this value might increase throughput in fast local networks for volume to volume copies\&.
+\fINote\fR: This buffer is allocated per afpd child process, so specifying large values will eat up large amount of memory (buffer size * number of clients)\&.
+.RE
+.PP
+\-tcprcvbuf \fI[number]\fR
+.RS 4
+Try to set TCP receive buffer using setsockpt()\&. Often OSes impose restrictions on the applications ability to set this value\&.
+.RE
+.PP
+\-tcpsndbuf \fI[number]\fR
+.RS 4
+Try to set TCP send buffer using setsockpt()\&. Often OSes impose restrictions on the applications ability to set this value\&.
+.RE
+.PP
+\-nozeroconf
+.RS 4
+Disable automatic Zeroconf
+service registration if support was compiled in\&.
+.RE
+.PP
\-slp
.RS 4
Register this server using the Service Location Protocol (if SLP
\fBNote\fR
.ps -1
.br
-Do not use this option any longer as Netatalk 2\&.0 correctly supports server notifications, allowing connected clients to update folder listings in case another client changed the contents\&.
+Do not use this option any longer as Netatalk 2\&.x correctly supports server notifications, allowing connected clients to update folder listings in case another client changed the contents\&.
.sp .5v
.RE
.RE
.PP
\-cnidserver \fI[ipaddress:port]\fR
.RS 4
-Specifies the IP address and port of a cnid_metad server, required for CNID dbd backend\&. Defaults to localhost:4700\&. The network address may be specified either in dotted\-decimal format for IPv4 or in hexadecimal format for IPv6\&.
+Specifies the IP address and port of a cnid_metad server, required for CNID dbd backend\&. Defaults to localhost:4700\&. The network address may be specified either in dotted\-decimal format for IPv4 or in hexadecimal format for IPv6\&.\-
+.RE
+.PP
+\-dircachesize\fI entries\fR
+.RS 4
+Maximum possible entries in the directory cache\&. The cache stores directories and files\&. It is used to cache the full path to directories and CNIDs which considerably speeds up directory enumeration\&.
+.sp
+Default size is 8192, maximum size is 131072\&. Given value is rounded up to nearest power of 2\&. Each entry takes about 100 bytes, which is not much, but remember that every afpd child process for every connected user has its cache\&.
+.RE
+.PP
+\-fcelistener \fIhost[:port]\fR
+.RS 4
+Enables sending FCE events to the specified
+\fIhost\fR, default
+\fIport\fR
+is 12250 if not specified\&. Specifying mutliple listeners is done by having this option once for each of them\&.
+.RE
+.PP
+\-fceevents \fIfmod,fdel,ddel,fcre,dcre,tmsz\fR
+.RS 4
+Speficies which FCE events are active, default is
+\fIfmod,fdel,ddel,fcre,dcre\fR\&.
+.RE
+.PP
+\-fcecoalesce \fIall|delete|create\fR
+.RS 4
+Coalesce FCE events\&.
+.RE
+.PP
+\-fceholdfmod \fIseconds\fR
+.RS 4
+This determines the time delay in seconds which is always waited if another file modification for the same file is done by a client before sending an FCE file modification event (fmod)\&. For example saving a file in Photoshop would generate multiple events by itself because the application is opening, modifying and closing a file mutliple times for every "save"\&. Defautl: 60 seconds\&.
.RE
.PP
\-guestname \fI[name]\fR
.PP
\-[no]icon
.RS 4
-[Dont\'t] Use the platform\-specific icon
+[Don\'t] Use the platform\-specific icon\&. Recent Mac OS don\'t display it any longer\&.
+.RE
+.PP
+\-keepsessions
+.RS 4
+Enable "Continuous AFP Service"\&. This means the ability to stop the master afpd process with a SIGQUIT signal, possibly install an afpd update and start the afpd process\&. Existing AFP sessions afpd processes will remain unaffected\&. Technically they will be notified of the master afpd shutdown, sleep 15\-20 seconds and then try to reconnect their IPC channel to the master afpd process\&. If this reconnect fails, the sessions are in an undefined state\&. Therefor it\'s absolutely critical to restart the master process in time!
.RE
.PP
\-loginmesg \fI[message]\fR
and should be quoted\&. Extended characters are allowed\&.
.RE
.PP
+\-mimicmodel \fImodel\fR
+.RS 4
+Specifies the icon model that appears on clients\&. Defaults to off\&. Examples: RackMac (same as Xserve), PowerBook, PowerMac, Macmini, iMac, MacBook, MacBookPro, MacBookAir, MacPro, AppleTV1,1, AirPort\&.
+.RE
+.PP
+\-noacl2maccess
+.RS 4
+Don\'t map filesystem ACLs to effective permissions\&.
+.RE
+.PP
\-nodebug
.RS 4
Disables debugging\&.
hours before disconnecting clients in sleep mode\&. Default is 10 hours\&.
.RE
.PP
-\-signature { user:<text> | host }
+\-signature { user:<text> | auto }
.RS 4
-Specify a server signature\&. This option is useful while running multiple independent instances of afpd on one machine (eg\&. in clustered environments, to provide fault isolation etc\&.)\&. "host" signature type allows afpd generating signature automatically (based on machine primary IP address)\&. "user" signature type allows administrator to set up a signature string manually\&. The maximum length is 16 characters
+Specify a server signature\&. This option is useful while running multiple independent instances of afpd on one machine (eg\&. in clustered environments, to provide fault isolation etc\&.)\&. Default is "auto"\&. "auto" signature type allows afpd generating signature and saving it to
+:ETCDIR:/afp_signature\&.conf
+automatically (based on random number)\&. "host" signature type switches back to "auto" because it is obsoleted\&. "user" signature type allows administrator to set up a signature string manually\&. The maximum length is 16 characters\&.
.PP
\fBExample.\ \&Three server definitions using 2 different server signatures\fR
.sp
.nf
73: limit of Mac OS X 10\&.1
80: limit for Mac OS X 10\&.4/10\&.5 (default)
-123: limit for Mac OS X 10\&.6
255: limit of spec
.fi
.if n \{\
\fB\-setuplog\fR
and no buildtime configure flag
\fB\-\-with\-logfile\fR) afpd logs to syslog with a default logging setup equivalent to
-\fB"\-setuplog default log_note\fR"\&.
+\fB"\-setuplog default log_info\fR"\&.
.sp
If build with
\fB\-\-with\-logfile\fR
(default logfile
\fI/var/log/netatalk\&.log\fR) or
\fB\-\-with\-logfile=somefile\fR
-afpd defaults to a setup that is equivalent to "\fB\-setuplog default log_note [\fR\fB\fInetatalk\&.log|somefile]\fR\fR"\&.
+afpd defaults to a setup that is equivalent to "\fB\-setuplog default log_info [\fR\fB\fInetatalk\&.log|somefile]\fR\fR"\&.
.sp
logtypes: Default, AFPDaemon, Logger, UAMSDaemon
.sp
.RS 4
.\}
.nf
-\-setuplog "default log_info /var/log/afpd\&.log"
+\- \-setuplog "default log_info /var/log/afpd\&.log"
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\-setuplog "default log_maxdebug /var/log/afpd\&.log"
+\- \-setuplog "default log_maxdebug /var/log/afpd\&.log"
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\-setuplog "default log_info /var/log/afpd\&.log"
+\- \-setuplog "default log_info /var/log/afpd\&.log" \e
\-setuplog "UAMSDaemon log_maxdebug /var/log/uams\&.log"
.fi
.if n \{\
.RS 4
.\}
.nf
-\-unsetuplog "default \-"
+\- \-unsetuplog "default \-"
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\- \-transall \-uamlist uams_dhx\&.so,uams_dhx2\&.so
+\- \-tcp \-noddp \-uamlist uams_dhx\&.so,uams_dhx2\&.so \-nosavepassword
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\- \-transall \-maccodepage mac_cyrillic \-unixcodepage utf8
+\- \-maccodepage mac_cyrillic \-unixcodepage utf8
.fi
.if n \{\
.RE
.RS 4
.\}
.nf
-\- \-transall \-uamlist uams_dhx\&.so,uams_dhx2\&.so,uams_guest\&.so,uams_gss\&.so \e
+\- \-uamlist uams_dhx\&.so,uams_dhx2\&.so,uams_guest\&.so,uams_gss\&.so \e
\-k5service afpserver \-k5keytab /path/to/afpserver\&.keytab \e
\-k5realm YOUR\&.REALM \-fqdn your\&.fqdn\&.namel:548
.fi
.nf
"Guest Server" \-uamlist uams_guest\&.so \-loginmesg "Welcome guest!"
"User Server" \-uamlist uams_dhx2\&.so \-port 12000
-"special" \-notcp \-defaultvol <path> \-systemvol <path>
+"special" \-
ddp \-notcp \-defaultvol <path> \-systemvol <path>
.fi
.if n \{\
.RE
.PP
\fBafpd\fR(8),
\fBafppasswd\fR(1),
-\fBAppleVolumes.default\fR(5)
+\fBAppleVolumes.default\fR(5),
+\fBafp_signature.conf\fR(5),
+\fBcnid_metad\fR(8)
projects / netatalk.git / blobdiff