1pure-authd(8)                      Pure-FTPd                     pure-authd(8)
2
3
4

NAME

6       pure-authd - External authentication agent for Pure-FTPd.
7

SYNTAX

9       pure-authd   [-p   </path/to/pidfile>]  [-u  uid]  [-g  gid]  [-B]  <-s
10       /path/to/socket> -r /program/to/run
11
12

DESCRIPTION

14       pure-authd is a daemon that forks an authentication program, waits  for
15       an authentication reply, and feed them to an application server.
16
17       pure-authd  listens  to  a  local Unix socket. A new connection to that
18       socket should feed pure-authd the following structure:
19
20              account:xxx
21
22              password:xxx
23
24              localhost:xxx
25
26              localport:xxx
27
28              peer:xxx
29
30              end
31
32       (replace xxx with appropriate values) . localhost, localport  and  peer
33       are  numeric  IP addresses and ports. peer is the IP address of the re‐
34       mote client.
35
36       These arguments are passed to the authentication program,  as  environ‐
37       ment variables:
38
39              AUTHD_ACCOUNT
40
41              AUTHD_PASSWORD
42
43              AUTHD_LOCAL_IP
44
45              AUTHD_LOCAL_PORT
46
47              AUTHD_REMOTE_IP
48
49              AUTHD_ENCRYPTED
50
51       The authentication program should take appropriate actions to fetch ac‐
52       count info according to these arguments, and reply to the standard out‐
53       put a structure like the following one:
54
55              auth_ok:1
56
57              uid:42
58
59              gid:21
60
61              dir:/home/j
62
63              end
64
65
66       auth_ok:xxx
67              If  xxx  is  0,  the user was not found (the next authentication
68              method passed to pure-ftpd will be tried) . If xxx  is  -1,  the
69              user was found, but there was a fatal authentication error: user
70              is root, password is wrong, account has expired, etc  (next  au‐
71              thentication  methods will not be tried) . If xxx is 1, the user
72              was found and successfully authenticated.
73
74       uid:xxx
75              The system uid to be assigned to that user. Must be > 0.
76
77       gid:xxx
78              The primary system gid. Must be > 0.
79
80       dir:xxx
81              The absolute path to the home directory. Can contain /./  for  a
82              chroot jail.
83
84       slow_tilde_expansion:xxx (optional, default is 1)
85              When  the command 'cd ~user' is issued, it's handy to go to that
86              user's home directory, as expected in a shell  environment.  But
87              fetching account info can be an expensive operation for non-sys‐
88              tem accounts. If xxx is 0, 'cd ~user' will expand to the  system
89              user  home  directory. If xxx is 1, 'cd ~user' won't expand. You
90              should use 1 in most cases with  external  authentication,  when
91              your FTP users don't match system users. You can also set xxx to
92              1 if you're using slow nss_* system authentication modules.
93
94       throttling_bandwidth_ul:xxx (optional)
95              The allocated bandwidth for uploads, in bytes per second.
96
97       throttling_bandwidth_dl:xxx (optional)
98              The allocated bandwidth for downloads, in bytes per second.
99
100       user_quota_size:xxx (optional)
101              The maximal total size for this account, in bytes.
102
103       user_quota_files:xxx (optional)
104              The maximal number of files for this account.
105
106       ratio_upload:xxx (optional)
107
108       radio_download:xxx (optional)
109              The user must match a ratio_upload:ratio_download ratio.
110
111       Only one authentication program is forked at a  time.  It  must  return
112       quickly.
113

OPTIONS

115       -u <uid>
116              Have the daemon run with that uid.
117
118       -g <gid>
119              Have the daemon run with that gid.
120
121       -B     Fork in background (daemonization).
122
123       -s </path/to/socket>
124              Set the full path to the local Unix socket.
125
126       -r </path/to/program>
127              Set the full path to the authentication program.
128
129       -h     Output help information and exit.
130

EXAMPLES

132       To run this program the standard way type:
133
134       pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &
135
136       pure-ftpd -lextauth:/var/run/ftpd.sock &
137
138       /usr/bin/my-auth-program can be as simple as:
139              #! /bin/sh
140
141              echo 'auth_ok:1'
142
143              echo 'uid:42'
144
145              echo 'gid:21'
146
147              echo 'dir:/home/j'
148
149              echo 'end'
150

AUTHORS

152       Frank DENIS <j at pureftpd dot org>
153

SEE ALSO

155       ftp(1),   pure-ftpd(8)   pure-ftpwho(8)  pure-mrtginfo(8)  pure-upload‐
156       script(8) pure-statsdecode(8)  pure-pw(8)  pure-quotacheck(8)  pure-au‐
157       thd(8) pure-certd(8)
158
159       RFC 959, RFC 2389, RFC 2228 and RFC 2428.
160
161
162
163Frank Denis                         1.0.51                       pure-authd(8)
Impressum