oracular (8) pure-certd.8.gz

Provided by: pure-ftpd-common_1.0.50-2.2build2_all bug

NAME

       pure-certd - TLS certificate agent for Pure-FTPd.

SYNTAX

       pure-certd  [-p  </path/to/pidfile>]  [-u  uid]  [-g  gid]  [-B]  <-s  /path/to/socket> -r
       /program/to/run

DESCRIPTION

       pure-certd is a daemon that forks an authentication program, waits for a certificate  path
       as a reply, and returns it to an application server.

       pure-certd  listens  to  a  local Unix socket. A new connection to that socket should send
       pure-authd the following structure:

              sni_name:xxx end

       These content is passed to the authentication program, as an environment variable:

              CERTD_SNI_NAME

       The authentication program should take appropriate actions to select  a  TLS  certificate,
       and reply to the standard output with the following format:

              action:strict cert_file:/path/to/cert.pem key_file:/path/to/cert.pem end

       cert_file:xxx
              Absolute path to the certificate in PEM format.

       key_file:xxx
              This  is  optional,  as  a  certificate and its key can be concatenated in the same
              file.

       action:xxx
              If action is "deny", a certificate for that  name  was  not  found  and  access  is
              denied.   If  xxx  is  "default",  the default certificate will be used.  If xxx is
              "strict", the certificate whose path is indicated in "cert_path" will be  used.  If
              absent  or  invalid,  access will be denied.  If xxx is "fallback", the certificate
              whose path is indicated in "cert_path" will be used.  If  absent  or  invalid,  the
              default certificate will be used instead.

       uid:xxx
              The system uid to be assigned to that user. Must be > 0.

       gid:xxx
              The primary system gid. Must be > 0.

       dir:xxx
              The absolute path to the home directory. Can contain /./ for a chroot jail.

       Only one authentication program is forked at a time. It must return quickly.

OPTIONS

       -u <uid>
              Have the daemon run with that uid.

       -g <gid>
              Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
              Set the full path to the local Unix socket.

       -r </path/to/program>
              Set the full path to the authentication program.

       -h     Output help information and exit.

EXAMPLES

       To run this program the standard way type:

       pure-certd -s /var/run/certd.sock -r /usr/bin/my-cert-program &

       pure-ftpd -lextcert:/var/run/certd.sock &

       /usr/bin/my-cert-program can be as simple as:
              #! /bin/sh

              echo 'action:strict'

              echo 'cert_file:/etc/ssl/private/pure-ftpd/cert.pem'

              echo 'end'

AUTHORS

       Frank DENIS <j at pureftpd dot org>

SEE ALSO

       ftp(1),    pure-ftpd(8)   pure-ftpwho(8)   pure-mrtginfo(8)   pure-uploadscript(8)   pure-
       statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-authd(8)