1NUAUTH(8) NUAUTH(8)
2
6 nuauth - NUFW authentication server
7
9 nuauth [ -h ] [ -V ] [ -v[v...] ] [ -l (local, for clients) port ] [ -C
10 (local, for clients) address ] [ -L (local, for nufw) address ] [ -p
11 (local, for nufw) port ] [ -t timeout ] [ -D ]
12
15 This manual page documents the nuauth command.
16 Nuauth is the authentication server of the NUFW package. Whenever a
18 client sends a packet(1) to start a connection through the gateway, the
19 client program (nutcpc), installed on the client's station, sends an
20 authentication packet(2) to nuauth. The gateway's firewall queues the
21 packet(1) and sends informations about it directly to the nuauth
22 server. Nuauth's job is to analyse both packets(1) and (2), and check
23 user owns the right to initialize the connection (s)he has tried to. If
24 Nuauth finds so, Nuauth sends authorization to Nufw to accept the
25 packet(1) through, and the connection gets initialized. If not, the
26 connection is Dropped.
27 Nuauth can use a backend LDAP server for user and groups definitions,
29 as well as Access Lists associated with those groups. Interface to
30 Users/Groups database can also be performed through PAM/NSS. An option
31 is also to store the user database in DBM files. It should be noted
32 that dynamic modifications of the users base can currently only be per‐
33 formed if an LDAP database is used.
34 Original packaging and informations and help can be found from
36 http://www.nufw.org/
37
39 -h Issues usage details and exits.
40 -V Issues version and exits.
42 -v Increases verbosity level. Multiple switches are accepted and
44 each of them increases the verbosity level by one. Default ver‐
45 bosity level is 2, max is 10.
46 -l port
48 Specifies TCP port to listen on for clients. Default value :
49 4129
50 -L address
52 Address to listen on for NuFW packets. Default : 127.0.0.1
53 -C address
55 Address to listen on for clients packets. Default : 0.0.0.0
56 -d address
58 Network address of the nufw (gateway) servers. Only NuFW servers
59 at those addresses will be allowed to talk to nuauth.
60 -p port
62 This option is DEPRECATED and was in use only in v1 of the pro‐
63 tocol, which was proof of concept, non-encrypted.
64 Specifies UDP port to send data to when addressing the nufw
66 (gateway) server. Nufw server must be setup to listen on that
67 port. Default value : 4128
68 -t seconds
70 Specifies timeout to forget packets not identified, and identi‐
71 fication packets matching nothing. Default value : 15 s.
72 -D Run as a daemon. If started as a daemon, nuauth logs message to
74 syslog. If you don't specify this option, messages go to the
75 console nuauth is running on, both on STDOUT and STDERR. Unless
76 you are debugging something, you should run nuauth with this
77 option.
78
80 The nuauth daemon is designed to deal with several signals : HUP, USR1,
81 USR2, and POLL.
82 HUP Reload configuration. The nuauth daemon reloads its configura‐
84 tion when receiving this signal. Since 2.2.19, it also refreshes
85 the CRL file content.
86 USR1 Increases verbosity. The daemon then acts as if it had been
88 launched with one supplementary '-v'.A line is also added to the
89 system log to mention the signal event.
90 USR2 Decreases verbosity. The daemon then acts as if it had been
92 launched with one less '-v'. A line is also added to the system
93 log to mention the signal event.
94 POLL Logs an "audit" line, mentioning how many network datagrams were
96 received and sent since daemon startup.
97
99 nufw(8)
100
102 Nuauth was designed and coded by Eric Leblond, aka Regit
103 (<eric@regit.org>) , and Vincent Deffontaines, aka gryzor (<vin‐
104 cent@gryzor.com>). Original idea in 2001, while working on NSM Ldap
105 support.
106 This manual page was written by Vincent Deffontaines
108 Permission is granted to copy, distribute and/or modify this document
110 under the terms of the GNU Free Documentation License, Version 2 as
111 published by the Free Software Foundation; with no Invariant Sections,
112 no Front-Cover Texts and no Back-Cover Texts.
113 10 novembre 2008 NUAUTH(8)