2 # CONFIGURATION FOR AFPD
4 # Each line defines a virtual server that should be available.
5 # Empty lines and lines beginning with `#' are ignored.
6 # Options in this file will override both compiled-in defaults
7 # and command line options.
10 # - [options] to specify options for the default server
11 # "Server name" [options] to specify an additional server
13 # The following options are available:
14 # Transport Protocols:
15 # -[no]tcp Make "AFP over TCP" [not] available
16 # -[no]ddp Make "AFP over AppleTalk" [not] available.
17 # If you have -proxy specified, specify -uamlist "" to
18 # prevent ddp connections from working.
20 # -transall Make both available
23 # -ipaddr <w.x.y.z> Specifies the IP address the server should respond
24 # to (default is the first IP address of the system)
25 # This option also allows one machine to advertise
26 # TCP/IP for another machine.
27 # -server_quantum <number>
28 # Specifies the DSI server quantum. The minimum
29 # value is 1MB. The max value is 0xFFFFFFFF. If you
30 # specify a value that is out of range, you'll get
31 # the default value (currently the minimum).
32 # -admingroup <groupname>
33 # Specifies the group of administrators who should all
34 # be seen as the superuser when they log in. Default
36 # -ddpaddr x.y Specifies the DDP address of the server. the
37 # default is to auto-assign an address
38 # (0.0). this is only useful if you're running
39 # on a multihomed host.
40 # -port <number> Specifies the TCP port the server should respond
42 # -fqdn <name:port> specify a fully-qualified domain name (+
43 # optional port). this gets discarded if the
44 # server can't resolve it. this is not honored
45 # by appleshare clients <= 3.8.3 (default: none)
46 # -proxy Run an AppleTalk proxy server for specified AFP/TCP
47 # server (if address/port aren't given, then
48 # first IP address of the system/548 will be used).
49 # if you don't want the proxy server to act as
50 # a ddp server as well, set -uamlist to an
52 # -slp Register this server with the Service
56 # Authentication Methods:
57 # -uampath <path> Use this path to look for User Authentication Modules.
58 # (default: :UAMS_PATH:)
59 # -uamlist <a,b,c> Comma-separated list of UAMs. (default:
60 # uams_dhx.so,uams_dhx2.so)
62 # some commonly available UAMs:
63 # uams_guest.so: Allow guest logins
65 # uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
66 # Allow logins with passwords
67 # transmitted in the clear.
69 # uams_randnum.so: Allow Random Number and Two-Way
70 # Random Number exchange for
73 # uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
74 # Allow Diffie-Hellman eXchange
75 # (DHX) for authentication.
77 # uams_dhx2.so: (uams_dhx2_pam.so or uams_dhx2_passwd.so)
78 # Allow Diffie-Hellman eXchange 2
79 # (DHX2) for authentication.
82 # -[no]savepassword [Don't] Allow clients to save password locally
83 # -passwdfile <path> Use this path to store Randnum
84 # passwords. (Default: :ETCDIR:/afppasswd. The only
85 # other useful value is ~/.passwd. See 'man afppasswd'
87 # -passwdminlen <#> minimum password length. may be ignored.
88 # -[no]setpassword [Don't] Allow clients to change their passwords.
89 # -loginmaxfail <#> maximum number of failed logins. this may be
90 # ignored if the uam can't handle it.
93 # -defaultvol <path> Specifies path to AppleVolumes.default file
94 # (default :ETCDIR:/AppleVolumes.default,
95 # same as -f on command line)
96 # -systemvol <path> Specifies path to AppleVolumes.system file
97 # (default :ETCDIR:/AppleVolumes.system,
98 # same as -s on command line)
99 # -[no]uservolfirst [Don't] read the user's ~/AppleVolumes or
100 # ~/.AppleVolumes before reading
101 # :ETCDIR:/AppleVolumes.default
102 # (same as -u on command line)
103 # -[no]uservol [Don't] Read the user's volume file
104 # -closevol Immediately unmount volumes removed from AppleVolumes
105 # files on SIGHUP sent to the afp master process.
108 # -authprintdir <path> Specifies the path to be used (per server) to
109 # store the files required to do CAP-style
110 # print authentication which papd will examine
111 # to determine if a print job should be allowed.
112 # These files are created at login and if they
113 # are to be properly removed, this directory
114 # probably needs to be umode 1777
115 # -guestname "user" Specifies the user name for the guest login
116 # (default "nobody", same as -g on command line)
117 # -loginmesg "Message" Client will display "Message" upon logging in
118 # (no default, same as -l "Message" on commandline)
119 # -nodebug Switch off debugging
120 # -client_polling With this switch enabled, afpd won't advertise
121 # that it is capable of server notifications, so that
122 # connected clients poll the server every 10 seconds
123 # to detect changes in opened server windows.
124 # Note: Depending on the number of simultaneously
125 # connected clients and the network's speed, this can
126 # lead to a significant higher load on your network!
127 # -sleep <number> AFP 3.x wait number hours before disconnecting
128 # clients in sleep mode. Default 10 hours
129 # -tickleval <number> Specify the tickle timeout interval (in seconds).
130 # Note, this defaults to 30 seconds, and really
131 # shouldn't be changed. If you want to control
132 # the server idle timeout, use the -timeout option.
133 # -timeout <number> Specify the number of tickles to send before
134 # timing out a connection. The default is 4, therefore
135 # a connection will timeout in 2 minutes.
136 # -icon Use the platform-specific icon.
137 # -volnamelen <number>
138 # Max length of UTF8-MAC volume name for Mac OS X.
139 # Note that Hangul is especially sensitive to this.
141 # 80: limit of generic Mac OS X (default)
142 # 73: limit of Mac OS X 10.1, if >= 74
143 # Finder crashed and restart repeatedly.
144 # Mac OS 9 and earlier is not influenced by this,
145 # Maccharset volume names are always limitted to 27.
146 # -[un]setuplog "<logtype> <loglevel> [<filename>]"
147 # Specify that any message of a loglevel up to the given loglevel
148 # should be logged to the given file. If the filename is ommited the
149 # loglevel applies to messages passed to syslog.
151 # By default (no explicit -setuplog and no buildtime configure flag
152 # --with-logfile) afpd logs to syslog with a default
153 # logging setup equivalent to "-setuplog default log_note".
155 # If build with --with-logfile[=somefile] (default logfile
156 # /var/log/netatalk.log) afpd defaults to a setup that is equivalent
157 # to "-setuplog default log_note [netatalk.log|somefile]"
159 # logtypes: Default, AFPDaemon, Logger, UAMSDaemon
160 # loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE, LOG_INFO, LOG_DEBUG,
161 # LOG_DEBUG6, LOG_DEBUG7, LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
163 # Example: Useful default config
164 # -setuplog "default log_info /var/log/afpd.log"
167 # -setuplog "default log_maxdebug /var/log/afpd.log"
169 # -signature { user:<text> | host }
170 # Specify a server signature. This option is useful while
171 # running multiple independent instances of afpd on one
172 # machine (eg. in clustered environments, to provide fault
173 # isolation etc.). "host" signature type allows afpd generating
174 # signature automatically (based on machine primary IP address).
175 # "user" signature type allows administrator to set up a signature
176 # string manually. Examples: three servers running on one machine:
177 # first -signature user:USERS
178 # second -signature user:USERS
179 # third -signature user:ADMINS
180 # First two servers will act as one logical AFP service - if user logs in to
181 # first one and then connects to second one, session will be automatically
182 # redirected to the first one. But if client connects to first and then to third,
183 # will be asked for password twice and will see resources of both servers.
184 # Traditional method of signature generation causes two independent afpd instances
185 # to have the same signature and thus cause clients to be redirected automatically
186 # to server (s)he logged in first.
187 # -k5service <service>
189 # These are required if the server supports Kerberos 5 authentication
192 # -unixcodepage <CODEPAGE> Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8".
193 # This is used to convert strings to/from the systems locale, e.g.
194 # for authenthication. Defaults to LOCALE if your system supports it,
195 # otherwise ASCII will be used.
197 # -maccodepage <CODEPAGE> Specifies the mac clients codepage, e.g. "MAC_ROMAN".
198 # This is used to convert strings to the systems locale, e.g.
199 # for authenthication and SIGUSR2 messaging. This will also be
200 # the default for volumes maccharset.
202 # CNID related options:
203 # -cnidserver ipaddress:port Specifies the IP address and port of a cnid_metad server.
210 # The simplest case is to not have an afpd.conf.
212 # 4 servers w/ names server1-3 and one w/ the hostname. servers
213 # 1-3 get routed to different ports with server 3 being bound
214 # specifically to address 192.168.1.3
216 # server1 -port 12000
217 # server2 -port 12001
218 # server3 -port 12002 -ipaddr 192.168.1.3
220 # a dedicated guest server, a user server, and a special
222 # "Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
223 # "User Volume" -uamlist uams_clrtxt.so -port 12000
224 # "special" -notcp -defaultvol <path> -systemvol <path>
228 # - -tcp -noddp -uamlist uams_dhx.so,uams_dhx2.so -nosavepassword