Provided by: nuauth_2.4.3-3.3build2_amd64 
NAME
nuauth - NUFW authentication server
SYNOPSIS
nuauth [ -h ] [ -V ] [ -v[v...] ] [ -l (local, for clients) port ] [ -C (local, for
clients) address ] [ -L (local, for nufw) address ] [ -p (local, for nufw) port ] [ -t
timeout ] [ -D ]
DESCRIPTION
This manual page documents the nuauth command.
Nuauth is the authentication server of the NUFW package. Whenever a client sends a
packet(1) to start a connection through the gateway, the client program (nutcpc),
installed on the client's station, sends an authentication packet(2) to nuauth. The
gateway's firewall queues the packet(1) and sends informations about it directly to the
nuauth server. Nuauth's job is to analyse both packets(1) and (2), and check user owns
the right to initialize the connection (s)he has tried to. If Nuauth finds so, Nuauth
sends authorization to Nufw to accept the packet(1) through, and the connection gets
initialized. If not, the connection is Dropped.
Nuauth can use a backend LDAP server for user and groups definitions, as well as Access
Lists associated with those groups. Interface to Users/Groups database can also be
performed through PAM/NSS. An option is also to store the user database in DBM files. It
should be noted that dynamic modifications of the users base can currently only be
performed if an LDAP database is used.
Original packaging and informations and help can be found from http://www.nufw.org/
OPTIONS
-h Issues usage details and exits.
-V Issues version and exits.
-v Increases verbosity level. Multiple switches are accepted and each of them
increases the verbosity level by one. Default verbosity level is 2, max is 10.
-l port
Specifies TCP port to listen on for clients. Default value : 4129
-L address
Address to listen on for NuFW packets. Default : 127.0.0.1
-C address
Address to listen on for clients packets. Default : 0.0.0.0
-d address
Network address of the nufw (gateway) servers. Only NuFW servers at those addresses
will be allowed to talk to nuauth.
-p port
This option is DEPRECATED and was in use only in v1 of the protocol, which was
proof of concept, non-encrypted.
Specifies UDP port to send data to when addressing the nufw (gateway) server. Nufw
server must be setup to listen on that port. Default value : 4128
-t seconds
Specifies timeout to forget packets not identified, and identification packets
matching nothing. Default value : 15 s.
-D Run as a daemon. If started as a daemon, nuauth logs message to syslog. If you
don't specify this option, messages go to the console nuauth is running on, both on
STDOUT and STDERR. Unless you are debugging something, you should run nuauth with
this option.
SIGNALS
The nuauth daemon is designed to deal with several signals : HUP, USR1, USR2, and POLL.
HUP Reload configuration. The nuauth daemon reloads its configuration when receiving
this signal. Since 2.2.19, it also refreshes the CRL file content.
USR1 Increases verbosity. The daemon then acts as if it had been launched with one
supplementary '-v'.A line is also added to the system log to mention the signal
event.
USR2 Decreases verbosity. The daemon then acts as if it had been launched with one less
'-v'. A line is also added to the system log to mention the signal event.
POLL Logs an "audit" line, mentioning how many network datagrams were received and sent
since daemon startup.
SEE ALSO
nufw(8)
AUTHOR
Nuauth was designed and coded by Eric Leblond, aka Regit (<eric@regit.org>) , and Vincent
Deffontaines, aka gryzor (<vincent@gryzor.com>). Original idea in 2001, while working on
NSM Ldap support.
This manual page was written by Vincent Deffontaines
Permission is granted to copy, distribute and/or modify this document under the terms of
the GNU Free Documentation License, Version 2 as published by the Free Software
Foundation; with no Invariant Sections, no Front-Cover Texts and no Back-Cover Texts.
10 novembre 2008 NUAUTH(8)