X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=netatalk.git;a=blobdiff_plain;f=config%2Fafpd.conf.tmpl;h=04ba0ca6b71290a25bb27482e536c647637541e5;hp=6ad81a4a0bbdeb825f8dff5de00b3d24ea82f8f0;hb=154c130f7a3a407e686eda99a6658773e137b05f;hpb=98dec374d236253850f9045a934f31a163ee110a diff --git a/config/afpd.conf.tmpl b/config/afpd.conf.tmpl index 6ad81a4a..04ba0ca6 100644 --- a/config/afpd.conf.tmpl +++ b/config/afpd.conf.tmpl @@ -1,86 +1,119 @@ # # CONFIGURATION FOR AFPD # -# Each line defines a virtual server that should be available. +# Each single line defines a virtual server that should be available. +# Though, using "\" character, newline escaping is supported. # Empty lines and lines beginning with `#' are ignored. # Options in this file will override both compiled-in defaults # and command line options. +# + + # # Format: -# - [options] to specify options for the default server +# - [options] to specify options for the default server # "Server name" [options] to specify an additional server +# + + # # The following options are available: # Transport Protocols: -# -[no]tcp Make AFP-over-TCP [not] available -# -[no]ddp Make AFP over AppleTalk [not] available. if you -# have -proxy specified, specify -uamlist "" to +# -[no]tcp Make "AFP over TCP" [not] available +# -[no]ddp Make "AFP over AppleTalk" [not] available. +# If you have -proxy specified, specify -uamlist "" to # prevent ddp connections from working. # -# -transall Make both available (default) +# -transall Make both available # # Transport Options: -# -ipaddr Specifies the IP address the server should respond -# to (default is the first IP address of the system) -# This option also allows one machine to advertise -# TCP/IP for another machine. +# -ipaddr Specifies the IP address that the server should +# advertise and listens to. The default is advertise +# the first IP address of the system, but to listen +# for any incoming request. The network address may +# be specified either in dotted-decimal format for +# IPv4 or in hexadecimal format for IPv6. +# This option also allows to use one machine to +# advertise the AFP-over-TCP/IP settings of another +# machine via NBP when used together with the -proxy +# option. # -server_quantum # Specifies the DSI server quantum. The minimum # value is 1MB. The max value is 0xFFFFFFFF. If you # specify a value that is out of range, you'll get # the default value (currently the minimum). # -admingroup -# Specifies the group of administrators who should all -# be seen as the superuser when they log in. Default -# is disabled. -# -ddpaddr x.y Specifies the DDP address of the server. the -# default is to auto-assign an address -# (0.0). this is only useful if you're running -# on a multihomed host. +# Specifies the group of administrators who should +# all be seen as the superuser when they log in. +# Default is disabled. +# -ddpaddr x.y Specifies the DDP address of the server. +# the default is to auto-assign an address (0.0). +# this is only useful if you're running on +# a multihomed host. # -port Specifies the TCP port the server should respond # to (default is 548) -# -fqdn specify a fully-qualified domain name (+ -# optional port). this gets discarded if the -# server can't resolve it. this is not honored -# by appleshare clients <= 3.8.3 (default: none) -# -proxy Run an AppleTalk proxy server for specified AFP/TCP -# server (if address/port aren't given, then -# first IP address of the system/548 will be used). +# -fqdn specify a fully-qualified domain name (+optional +# port). this gets discarded if the server can't +# resolve it. this is not honored by appleshare +# clients <= 3.8.3 (default: none) +# -hostname Use this instead of the result from calling +# hostname for dertermening which IP address to +# advertise, therfore the hostname is resolved to +# an IP which is the advertised. This is NOT used for +# listening and it is also overwritten by -ipaddr. +# -proxy Run an AppleTalk proxy server for specified +# AFP/TCP server (if address/port aren't given, +# then first IP address of the system/548 will +# be used). # if you don't want the proxy server to act as -# a ddp server as well, set -uamlist to an -# empty string. +# a ddp server as well, set -uamlist to an empty +# string. +# -slp Register this server with the Service Location +# Protocol (if SLP support was compiled in). +# -nozeroconf Don't register this server with the Multicats +# DNS Protocol. +# -advertise_ssh Allows Mac OS X clients (10.3.3-10.4) to +# automagically establish a tunneled AFP connection +# through SSH. This option is not so significant +# for the recent Mac OS X. See the Netatalk Manual +# in detail. # # # Authentication Methods: # -uampath Use this path to look for User Authentication Modules. -# (default: :UAMS_PATH:) -# -uamlist Comma-separated list of UAMs. (default: -# uams_guest.so,uams_clrtxt.so,uams_dhx.so) +# (default: :UAMS_PATH:) +# -uamlist Comma-separated list of UAMs. +# (default: uams_dhx.so,uams_dhx2.so) # -# some commonly available UAMs: +# some commonly available UAMs: # uams_guest.so: Allow guest logins # -# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) -# Allow logins with passwords -# transmitted in the clear. +# uams_clrtxt.so: (uams_pam.so or uams_passwd.so) +# Allow logins with passwords +# transmitted in the clear. +# +# uams_randnum.so: Allow Random Number and Two-Way +# Random Number exchange for +# authentication. # -# uams_randnum.so: Allow Random Number and Two-Way -# Random Number exchange for -# authentication. +# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) +# Allow Diffie-Hellman eXchange +# (DHX) for authentication. # -# uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so) -# Allow Diffie-Hellman eXchange -# (DHX) for authentication. +# uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so) +# Allow Diffie-Hellman eXchange 2 +# (DHX2) for authentication. # # Password Options: # -[no]savepassword [Don't] Allow clients to save password locally -# -passwdfile Use this path to store Randnum -# passwords. (default: ~/.passwd. the only other -# userful value is :ETCDIR:/afppasswd.) +# -passwdfile Use this path to store Randnum passwords. +# (Default: :ETCDIR:/afppasswd. The only other +# useful value is ~/.passwd. See 'man afppasswd' +# for details.) # -passwdminlen <#> minimum password length. may be ignored. # -[no]setpassword [Don't] Allow clients to change their passwords. # -loginmaxfail <#> maximum number of failed logins. this may be -# ignored if the uam can't handle it. +# ignored if the uam can't handle it. # # AppleVolumes files: # -defaultvol Specifies path to AppleVolumes.default file @@ -94,36 +127,177 @@ # :ETCDIR:/AppleVolumes.default # (same as -u on command line) # -[no]uservol [Don't] Read the user's volume file -# -# -nlspath Prepend this path to each code page filename -# in volume options (default: :NLS_PATH:). +# -closevol Immediately unmount volumes removed from +# AppleVolumes files on SIGHUP sent to the afp +# master process. # # Miscellaneous: +# -authprintdir Specifies the path to be used (per server) to +# store the files required to do CAP-style +# print authentication which papd will examine +# to determine if a print job should be allowed. +# These files are created at login and if they +# are to be properly removed, this directory +# probably needs to be umode 1777 # -guestname "user" Specifies the user name for the guest login # (default "nobody", same as -g on command line) # -loginmesg "Message" Client will display "Message" upon logging in # (no default, same as -l "Message" on commandline) # -nodebug Switch off debugging -# -tickleval Specify the tickle timeout interval (in seconds) -# -icon Use the platform-specific icon. -# +# -client_polling With this switch enabled, afpd won't advertise +# that it is capable of server notifications, so that +# connected clients poll the server every 10 seconds +# to detect changes in opened server windows. +# Note: Depending on the number of simultaneously +# connected clients and the network's speed, this can +# lead to a significant higher load on your network! +# -sleep AFP 3.x wait number hours before disconnecting +# clients in sleep mode. Default 10 hours +# -tickleval Specify the tickle timeout interval (in seconds). +# Note, this defaults to 30 seconds, and really +# shouldn't be changed. If you want to control +# the server idle timeout, use the -timeout option. +# -timeout Specify the number of tickles to send before +# timing out a connection. +# The default is 4, therefore a connection will +# timeout in 2 minutes. +# -[no]icon [Don't] Use the platform-specific icon. Recent +# Mac OS don't display it any longer. +# -volnamelen +# Max length of UTF8-MAC volume name for Mac OS X. +# Note that Hangul is especially sensitive to this. +# 255: limit of spec +# 80: limit of generic Mac OS X (default) +# 73: limit of Mac OS X 10.1, if >= 74 +# Finder crashed and restart repeatedly. +# Mac OS 9 and earlier is not influenced by this, +# Maccharset volume names are always limitted to 27. +# -[un]setuplog " []" +# Specify that any message of a loglevel up to the +# given loglevel should be logged to the given file. +# If the filename is ommited the loglevel applies to +# messages passed to syslog. +# +# By default (no explicit -setuplog and no buildtime +# configure flag --with-logfile) afpd logs to syslog +# with a default logging setup equivalent to +# "-setuplog default log_info". +# +# If build with --with-logfile[=somefile] +# (default logfile /var/log/netatalk.log) afpd +# defaults to a setup that is equivalent to +# "-setuplog default log_info [netatalk.log|somefile]" +# +# logtypes: Default, AFPDaemon, Logger, UAMSDaemon +# loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, +# LOG_NOTE, LOG_INFO, LOG_DEBUG, +# LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, +# LOG_DEBUG9, LOG_MAXDEBUG +# +# Example: Useful default config +# -setuplog "default log_info /var/log/afpd.log" +# +# Debugging config +# -setuplog "default log_maxdebug /var/log/afpd.log" +# +# -signature { user: | auto } +# Specify a server signature. This option is useful +# while running multiple independent instances of +# afpd on one machine (eg. in clustered environments, +# to provide fault isolation etc.). +# Default is "auto". +# "auto" signature type allows afpd generating +# signature and saving it to afp_signature.conf +# automatically (based on random number). +# "host" signature type switches back to "auto" +# because it is obsoleted. +# "user" signature type allows administrator to +# set up a signature string manually. +# Examples: three servers running on one machine: +# first -signature user:USERS +# second -signature user:USERS +# third -signature user:ADMINS +# First two servers will act as one logical AFP +# service. If user logs in to first one and then +# connects to second one, session will be +# automatically redirected to the first one. But if +# client connects to first and then to third, +# will be asked for password twice and will see +# resources of both servers. +# Traditional method of signature generation causes +# two independent afpd instances to have the same +# signature and thus cause clients to be redirected +# automatically to server (s)he logged in first. +# -k5keytab +# -k5service +# -k5realm +# These are required if the server supports +# Kerberos 5 authentication +# -ntdomain +# -ntseparator +# Use for eg. winbind authentication, prepends +# both strings before the username from login and +# then tries to authenticate with the result +# through the availabel and active UAM authentication +# modules. +# +# Codepage Options: +# -unixcodepage Specifies the servers unix codepage, +# e.g. "ISO-8859-15" or "UTF8". +# This is used to convert strings to/from +# the systems locale, e.g. for authenthication. +# Defaults to LOCALE if your system supports it, +# otherwise ASCII will be used. +# +# -maccodepage Specifies the mac clients codepage, +# e.g. "MAC_ROMAN". +# This is used to convert strings to the +# systems locale, e.g. for authenthication +# and SIGUSR2 messaging. This will also be +# the default for volumes maccharset. +# +# CNID related options: +# -cnidserver +# Specifies the IP address and port of a +# cnid_metad server, required for CNID dbd +# backend. Defaults to localhost:4700. +# The network address may be specified either +# in dotted-decimal format for IPv4 or in +# hexadecimal format for IPv6. +# +# Avahi (Bonjour) related options: +# -mimicmodel +# Specifies the icon model that appears on +# clients. Defaults to off. Examples: RackMac +# (same as Xserve), PowerBook, PowerMac, Macmini, +# iMac, MacBook, MacBookPro, MacBookAir, MacPro, +# AppleTV1,1, AirPort +# + + +# # Some examples: # -# The simplest case is to not have an afpd.conf. +# The simplest case is to not have an afpd.conf. # -# 4 servers w/ names server1-3 and one w/ the hostname. servers +# 4 servers w/ names server1-3 and one w/ the hostname. servers # 1-3 get routed to different ports with server 3 being bound # specifically to address 192.168.1.3 -# - -# server1 -port 12000 -# server2 -port 12001 -# server3 -port 12002 -ipaddr 192.168.1.3 # -# a dedicated guest server, a user server, and a special -# ddp-only server: -# "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!" -# "User Volume" -uamlist uams_clrtxt.so -port 12000 -# "special" -notcp -defaultvol -systemvol +# - +# server1 -port 12000 +# server2 -port 12001 +# server3 -port 12002 -ipaddr 192.168.1.3 +# +# a dedicated guest server, a user server, and a special +# AppleTalk-only server: +# +# "Guest Server" -uamlist uams_guest.so \ +# -loginmesg "Welcome guest! I'm a public server." +# "User Server" -uamlist uams_dhx2.so -port 12000 +# "special" -ddp -notcp -defaultvol -systemvol # + + # default: -# - -transall -uamlist uams_guest.so,uams_clrtxt.so,uams_dhx.so -nosavepassword +# - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword