oracular (8) pure-authd.8.gz

Provided by: pure-ftpd-common_1.0.50-2.2build2_all bug

NAME

       pure-authd - External authentication agent for Pure-FTPd.

SYNTAX

       pure-authd  [-p  </path/to/pidfile>]  [-u  uid]  [-g  gid]  [-B]  <-s  /path/to/socket> -r
       /program/to/run

DESCRIPTION

       pure-authd is a daemon that forks an authentication program, waits for  an  authentication
       reply, and feed them to an application server.

       pure-authd  listens  to  a  local Unix socket. A new connection to that socket should feed
       pure-authd the following structure:

              account:xxx

              password:xxx

              localhost:xxx

              localport:xxx

              peer:xxx

              end

       (replace xxx with appropriate values) . localhost,  localport  and  peer  are  numeric  IP
       addresses and ports. peer is the IP address of the remote client.

       These arguments are passed to the authentication program, as environment variables:

              AUTHD_ACCOUNT

              AUTHD_PASSWORD

              AUTHD_LOCAL_IP

              AUTHD_LOCAL_PORT

              AUTHD_REMOTE_IP

              AUTHD_ENCRYPTED

       The authentication program should take appropriate actions to fetch account info according
       to these arguments, and reply to the standard output a structure like the following one:

              auth_ok:1

              uid:42

              gid:21

              dir:/home/j

              end

       auth_ok:xxx
              If xxx is 0, the user was not found  (the  next  authentication  method  passed  to
              pure-ftpd  will be tried) . If xxx is -1, the user was found, but there was a fatal
              authentication error: user is root, password is wrong,  account  has  expired,  etc
              (next  authentication  methods will not be tried) . If xxx is 1, the user was found
              and successfully authenticated.

       uid:xxx
              The system uid to be assigned to that user. Must be > 0.

       gid:xxx
              The primary system gid. Must be > 0.

       dir:xxx
              The absolute path to the home directory. Can contain /./ for a chroot jail.

       slow_tilde_expansion:xxx (optional, default is 1)
              When the command 'cd ~user' is issued,  it's  handy  to  go  to  that  user's  home
              directory,  as expected in a shell environment. But fetching account info can be an
              expensive operation for non-system accounts. If xxx is 0, 'cd ~user' will expand to
              the  system  user  home directory. If xxx is 1, 'cd ~user' won't expand. You should
              use 1 in most cases with external authentication, when your FTP users  don't  match
              system  users.  You  can  also  set  xxx  to  1  if  you're using slow nss_* system
              authentication modules.

       throttling_bandwidth_ul:xxx (optional)
              The allocated bandwidth for uploads, in bytes per second.

       throttling_bandwidth_dl:xxx (optional)
              The allocated bandwidth for downloads, in bytes per second.

       user_quota_size:xxx (optional)
              The maximal total size for this account, in bytes.

       user_quota_files:xxx (optional)
              The maximal number of files for this account.

       ratio_upload:xxx (optional)

       radio_download:xxx (optional)
              The user must match a ratio_upload:ratio_download ratio.

       Only one authentication program is forked at a time. It must return quickly.

OPTIONS

       -u <uid>
              Have the daemon run with that uid.

       -g <gid>
              Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
              Set the full path to the local Unix socket.

       -r </path/to/program>
              Set the full path to the authentication program.

       -h     Output help information and exit.

EXAMPLES

       To run this program the standard way type:

       pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &

       pure-ftpd -lextauth:/var/run/ftpd.sock &

       /usr/bin/my-auth-program can be as simple as:
              #! /bin/sh

              echo 'auth_ok:1'

              echo 'uid:42'

              echo 'gid:21'

              echo 'dir:/home/j'

              echo 'end'

AUTHORS

       Frank DENIS <j at pureftpd dot org>

SEE ALSO

       ftp(1),   pure-ftpd(8)   pure-ftpwho(8)   pure-mrtginfo(8)   pure-uploadscript(8)    pure-
       statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-authd(8) pure-certd(8)

       RFC 959, RFC 2389, RFC 2228 and RFC 2428.