1HOSTS.HFAXD(5F)                                                HOSTS.HFAXD(5F)


6       hosts.hfaxd - HylaFAX client access control list


9       The  ASCII  file etc/hosts.hfaxd in the HylaFAX spooling area specifies
10       the hosts and users that are permitted to access services  through  the
11       hfaxd(8C)  process.   This  file must exist for client access; if it is
12       not present then hfaxd will deny all requests for service.   Note  also
13       that  this  file  must  be  readable only by the ``fax'' user; i.e.  it
14       should have mode 600 and be owned by ``fax''.
16       Usually etc/hosts.hfaxd is managed through use  of  the  faxadduser(8C)
17       and  faxdeluser(8C)  tools or the ``SITE ADDUSER'' and ``SITE DELUSER''
18       functions through an administrative client.  However, some features are
19       not  accessible  through  those  tools and etc/hosts.hfaxd will require
20       direct editing to use those features.   In  particular,  the  order  of
21       entries  in  etc/hosts.hfaxd  may  need  manipulation as hfaxd uses the
22       first-matched entry (read top-down).
24       Each newline-terminated entry is a set of colon (:)  separated  fields,
25       all  but  the  first  of  which are optional.  Trailing null fields and
26       their separators may be omitted.  The most general form is:
28            client:uid:passwd:adminwd
30       client  is  a  regular  expression  to  be  matched  against  a  string
31       ``user@host''  that is formed from the user string passed to hfaxd with
32       the USER command and the official  host  name  or  the  DARPA  Internet
33       address,  specified in ``dot notation''.  If client does not contain an
34       ``@'' then, for backwards compatibility, it is treated as  a  host  for
35       which  any  user may have access; i.e. it is automatically converted to
36       the regular expression ``^.*@client$''.
38       Comments are introduced with the ``#'' character and extend to the  end
39       of  the  line.   Any whitespace immediately preceding a comment is also
40       ignored.
42       If client has a leading ``!'', then it is interpreted  as  a  class  of
43       hosts  and  users to which access is to be disallowed.  That is, if the
44       pattern matches the client information, then access is denied.
46       Note that regular expressions are not anchored.   That  is,  a  regular
47       expression  may  match  a  substring of the ``user@host'' string.  Thus
48       `pb@.*\.cl\.cam\.ac\.uk'   matches   `cpb@mc.cl.cam.ac.uk.esd.sgi.com'.
49       Use ``^'' to match the start of the string and ``$'' to match the end.
51       Fields following client are optional and specify the following:
53       uid       The numerical user ID to assign to clients that use the entry
54                 for access.  hfaxd uses the uid to control access  to  server
55                 resources  such  as  jobs and documents (the value is used to
56                 set the group ID of files created by a client).
58                 Multiple clients/users may share the same uid or  unique  IDs
59                 may  be  created for each client.  User IDs may be any number
60                 in the range [0..60002] with 60002 used, by  convention,  for
61                 entries that do not have a uid specified.
63       passwd    The  encrypted  password.  If this field is empty (null) then
64                 no password will be demanded when a client logs in; i.e.  the
65                 USER command does not need to be followed by a PASS command.
67       adminwd   The  encrypted  password for this user to gain administrative
68                 privileges.  If this field is empty (null) then the  user  is
69                 not permitted to have administrative privileges.


72       The  following is a sample hosts.hfaxd file.  Note that the first entry
73       that matches is taken, so more-specific entries should be placed first.
74              ^pb@[^.]*\.cl\.cam\.ac\.uk$:::hFy8zXq2KaG8s
75                                     # pb on a machine directly in cl.cam.ac.uk can
76                                     # administer if an admin pw is given
77                  # anyone on local host uses the default uid
78              192.168.[0-9]+.[0-9]+  # anyone on the LAN uses the default uid
79              ^sam@flake.*sgi\.com$  # Sam on his work machine
80              ^sam@oxford.*Berkeley.*# Sam on any machine starting oxford and containing
81                                     # Berkeley, e.g. sam@oxfordberkeley.cl.cam.ac.uk
82              ^.*@.*.\.esd\.         # anyone in an esd domain
83              !^tom@                 # Tom Davis is denied access
84              .*\.sgi\.com$          # but anyone else at sgi is ok


87       faxadduser(8C),  faxdeluser(8C),   sendfax(8C),   hfaxd(8C),   hylafax-
88       server(5F)
92                               January 18, 1996                HOSTS.HFAXD(5F)