Provided by: nuauth_2.4.3-2.1build1_i386 bug


       nuauth - NUFW authentication server


       nuauth [ -h ] [ -V ] [ -v[v...] ] [ -l (local, for clients) port ] [ -C
       (local, for clients) address ] [ -L (local, for nufw) address  ]  [  -p
       (local, for nufw) port ] [ -t timeout ] [ -D ]


       This manual page documents the nuauth command.

       Nuauth  is  the  authentication  server of the NUFW package. Whenever a
       client sends a packet(1) to start a connection through the gateway, the
       client  program  (nutcpc),  installed on the client's station, sends an
       authentication packet(2) to nuauth. The gateway's firewall  queues  the
       packet(1)  and  sends  informations  about  it  directly  to the nuauth
       server.  Nuauth's job is to analyse both packets(1) and (2), and  check
       user owns the right to initialize the connection (s)he has tried to. If
       Nuauth finds so, Nuauth sends  authorization  to  Nufw  to  accept  the
       packet(1)  through,  and  the  connection gets initialized. If not, the
       connection is Dropped.

       Nuauth can use a backend LDAP server for user and  groups  definitions,
       as  well  as  Access  Lists associated with those groups.  Interface to
       Users/Groups database can also be performed through PAM/NSS.  An option
       is  also  to  store  the user database in DBM files. It should be noted
       that dynamic modifications of the users  base  can  currently  only  be
       performed if an LDAP database is used.

       Original  packaging  and  informations  and  help  can  be  found  from


       -h     Issues usage details and exits.

       -V     Issues version and exits.

       -v     Increases verbosity level. Multiple switches  are  accepted  and
              each  of  them  increases  the  verbosity  level by one. Default
              verbosity level is 2, max is 10.

       -l port
              Specifies TCP port to listen on for clients.   Default  value  :

       -L address
              Address to listen on for NuFW packets. Default :

       -C address
              Address to listen on for clients packets. Default :

       -d address
              Network address of the nufw (gateway) servers. Only NuFW servers
              at those addresses will be allowed to talk to nuauth.

       -p port
              This option is DEPRECATED and was in  use  only  in  v1  of  the
              protocol, which was proof of concept, non-encrypted.

              Specifies  UDP  port  to  send  data to when addressing the nufw
              (gateway) server. Nufw server must be setup to  listen  on  that
              port. Default value : 4128

       -t seconds
              Specifies   timeout   to  forget  packets  not  identified,  and
              identification packets matching nothing.  Default value : 15 s.

       -D     Run as a daemon. If started as a daemon, nuauth logs message  to
              syslog.  If  you  don't  specify this option, messages go to the
              console nuauth is running on, both on STDOUT and STDERR.  Unless
              you  are  debugging  something,  you should run nuauth with this


       The nuauth daemon is designed to deal with several signals : HUP, USR1,
       USR2, and POLL.

       HUP    Reload    configuration.   The   nuauth   daemon   reloads   its
              configuration when receiving this signal. Since 2.2.19, it  also
              refreshes the CRL file content.

       USR1   Increases  verbosity.  The  daemon  then  acts as if it had been
              launched with one supplementary '-v'.A line is also added to the
              system log to mention the signal event.

       USR2   Decreases  verbosity.  The  daemon  then  acts as if it had been
              launched with one less '-v'. A line is also added to the  system
              log to mention the signal event.

       POLL   Logs an "audit" line, mentioning how many network datagrams were
              received and sent since daemon startup.




       Nuauth  was  designed  and   coded   by   Eric   Leblond,   aka   Regit
       (<>)    ,    and   Vincent   Deffontaines,   aka   gryzor
       (<>). Original idea in 2001,  while  working  on  NSM
       Ldap support.

       This manual page was written by Vincent Deffontaines

       Permission  is  granted to copy, distribute and/or modify this document
       under the terms of the GNU Free Documentation  License,  Version  2  as
       published  by the Free Software Foundation; with no Invariant Sections,
       no Front-Cover Texts and no Back-Cover Texts.

                               10 novembre 2008                      NUAUTH(8)