Provided by: nuauth_2.4.3-2.1build1_amd64 bug


       nuauth - NUFW authentication server


       nuauth  [  -h  ]  [  -V  ]  [ -v[v...] ] [ -l (local, for clients) port ] [ -C (local, for
       clients) address ] [ -L (local, for nufw) address ] [ -p (local, for nufw)  port  ]  [  -t
       timeout ] [ -D ]


       This manual page documents the nuauth command.

       Nuauth  is  the  authentication  server  of  the  NUFW  package. Whenever a client sends a
       packet(1) to start  a  connection  through  the  gateway,  the  client  program  (nutcpc),
       installed  on  the  client's  station,  sends  an  authentication packet(2) to nuauth. The
       gateway's firewall queues the packet(1) and sends informations about it  directly  to  the
       nuauth  server.   Nuauth's  job is to analyse both packets(1) and (2), and check user owns
       the right to initialize the connection (s)he has tried to.  If  Nuauth  finds  so,  Nuauth
       sends  authorization  to  Nufw  to  accept  the packet(1) through, and the connection gets
       initialized. If not, the connection is Dropped.

       Nuauth can use a backend LDAP server for user and groups definitions, as  well  as  Access
       Lists  associated  with  those  groups.   Interface  to  Users/Groups database can also be
       performed through PAM/NSS.  An option is also to store the user database in DBM files.  It
       should  be  noted  that  dynamic  modifications  of  the  users base can currently only be
       performed if an LDAP database is used.

       Original packaging and informations and help can be found from


       -h     Issues usage details and exits.

       -V     Issues version and exits.

       -v     Increases verbosity  level.  Multiple  switches  are  accepted  and  each  of  them
              increases the verbosity level by one. Default verbosity level is 2, max is 10.

       -l port
              Specifies TCP port to listen on for clients.  Default value : 4129

       -L address
              Address to listen on for NuFW packets. Default :

       -C address
              Address to listen on for clients packets. Default :

       -d address
              Network address of the nufw (gateway) servers. Only NuFW servers at those addresses
              will be allowed to talk to nuauth.

       -p port
              This option is DEPRECATED and was in use only in v1  of  the  protocol,  which  was
              proof of concept, non-encrypted.

              Specifies  UDP port to send data to when addressing the nufw (gateway) server. Nufw
              server must be setup to listen on that port. Default value : 4128

       -t seconds
              Specifies timeout to forget packets  not  identified,  and  identification  packets
              matching nothing.  Default value : 15 s.

       -D     Run  as  a  daemon.  If  started as a daemon, nuauth logs message to syslog. If you
              don't specify this option, messages go to the console nuauth is running on, both on
              STDOUT  and  STDERR. Unless you are debugging something, you should run nuauth with
              this option.


       The nuauth daemon is designed to deal with several signals : HUP, USR1, USR2, and POLL.

       HUP    Reload configuration. The nuauth daemon reloads its  configuration  when  receiving
              this signal. Since 2.2.19, it also refreshes the CRL file content.

       USR1   Increases  verbosity.  The  daemon  then  acts  as if it had been launched with one
              supplementary '-v'.A line is also added to the system log  to  mention  the  signal

       USR2   Decreases  verbosity. The daemon then acts as if it had been launched with one less
              '-v'. A line is also added to the system log to mention the signal event.

       POLL   Logs an "audit" line, mentioning how many network datagrams were received and  sent
              since daemon startup.




       Nuauth  was designed and coded by Eric Leblond, aka Regit (<>) , and Vincent
       Deffontaines, aka gryzor (<>). Original idea in 2001, while  working  on
       NSM Ldap support.

       This manual page was written by Vincent Deffontaines

       Permission  is  granted to copy, distribute and/or modify this document under the terms of
       the GNU  Free  Documentation  License,  Version  2  as  published  by  the  Free  Software
       Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts.

                                         10 novembre 2008                               NUAUTH(8)