1pure-authd(8) Pure-FTPd pure-authd(8)
2
6 pure-authd - External authentication agent for Pure-FTPd.
7
9 pure-authd [-p </path/to/pidfile>] [-u uid] [-g gid] [-B] <-s
10 /path/to/socket> -r /program/to/run
11
14 pure-authd is a daemon that forks an authentication program, waits for
15 an authentication reply, and feed them to an application server.
16 pure-authd listens to a local Unix socket. A new connection to that
18 socket should feed pure-authd the following structure :
19 account:xxx
21 password:xxx
23 localhost:xxx
25 localport:xxx
27 peer:xxx
29 end
31 (replace xxx with appropriate values) . localhost, localport and peer
33 are numeric IP addresses and ports. peer is the IP address of the
34 remote client.
35 These arguments are passed to the authentication program, as environ‐
37 ment variables :
38 AUTHD_ACCOUNT
40 AUTHD_PASSWORD
42 AUTHD_LOCAL_IP
44 AUTHD_LOCAL_PORT
46 AUTHD_REMOTE_IP
48 The authentication program should take appropriate actions to fetch
50 account info according to these arguments, and reply to the standard
51 output a structure like the following one :
52 auth_ok:1
54 uid:42
56 gid:21
58 dir:/home/j
60 end
62 auth_ok:xxx
65 If xxx is 0, the user was not found (the next authentication
66 method passed to pure-ftpd will be tried) . If xxx is -1, the
67 user was found, but there was a fatal authentication error :
68 user is root, password is wrong, account has expired, etc (next
69 authentication methods will not be tried) . If xxx is 1, the
70 user was found and successfully authenticated.
71 uid:xxx
73 The system uid to be assigned to that user. Must be > 0.
74 gid:xxx
76 The primary system gid. Must be > 0.
77 dir:xxx
79 The absolute path to the home directory. Can contain /./ for a
80 chroot jail.
81 slow_tilde_expansion:xxx (optional, default is 1)
83 When the command 'cd ~user' is issued, it's handy to go to that
84 user's home directory, as expected in a shell environment. But
85 fetching account info can be an expensive operation for non-sys‐
86 tem accounts. If xxx is 0, 'cd ~user' will expand to the system
87 user home directory. If xxx is 1, 'cd ~user' won't expand. You
88 should use 1 in most cases with external authentication, when
89 your FTP users don't match system users. You can also set xxx to
90 1 if you're using slow nss_* system authentication modules.
91 throttling_bandwidth_ul:xxx (optional)
93 The allocated bandwidth for uploads, in bytes per second.
94 throttling_bandwidth_dl:xxx (optional)
96 The allocated bandwidth for downloads, in bytes per second.
97 user_quota_size:xxx (optional)
99 The maximal total size for this account, in bytes.
100 user_quota_files:xxx (optional)
102 The maximal number of files for this account.
103 ratio_upload:xxx (optional)
105 radio_download:xxx (optional)
107 The user must match a ratio_upload:ratio_download ratio.
108 Only one authentication program is forked at a time. It must return
110 quickly.
111
113 -u <uid>
114 Have the daemon run with that uid.
115 -g <gid>
117 Have the daemon run with that gid.
118 -B Fork in background (daemonization).
120 -s </path/to/socket>
122 Set the full path to the local Unix socket.
123 -R </path/to/program>
125 Set the full path to the authentication program.
126 -h Output help information and exit.
128
130 To run this program the standard way type:
131 pure-authd -s /var/run/ftpd.sock -r /usr/bin/my-auth-program &
133 pure-ftpd -lextauth:/var/run/ftpd.sock &
135 /usr/bin/my-auth-program can be as simple as :
137 #! /bin/sh
138 echo 'auth_ok:1'
140 echo 'uid:42'
142 echo 'gid:21'
144 echo 'dir:/home/j'
146 echo 'end'
148
150 Frank DENIS <j@pureftpd.org>
151
153 ftp(1), pure-ftpd(8) pure-ftpwho(8) pure-mrtginfo(8) pure-upload‐
154 script(8) pure-statsdecode(8) pure-pw(8) pure-quotacheck(8) pure-
155 authd(8)
156 RFC 959, RFC 2389, RFC 2228 and RFC 2428.
158Pure-FTPd team 1.0.21 pure-authd(8)