File: afpd.conf.tmpl

package info (click to toggle)
netatalk 2.0.3-11%2Blenny1
  • links: PTS, VCS
  • area: main
  • in suites: lenny
  • size: 9,428 kB
  • ctags: 6,161
  • sloc: ansic: 67,633; sh: 8,393; perl: 1,187; makefile: 1,060
file content (211 lines) | stat: -rw-r--r-- 11,081 bytes parent folder | download | duplicates (4)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
#
# CONFIGURATION FOR AFPD
#
# Each line defines a virtual server that should be available.
# Empty lines and lines beginning with `#' are ignored.
# Options in this file will override both compiled-in defaults
# and command line options.
#
# Format:
#  - [options]	              to specify options for the default server
#  "Server name" [options]   to specify an additional server
#
# The following options are available:
#   Transport Protocols:
#     -[no]tcp       Make AFP-over-TCP [not] available
#     -[no]ddp       Make AFP over AppleTalk [not] available. if you
#                    have -proxy specified, specify -uamlist "" to 
#                    prevent ddp connections from working.
#
#     -transall      Make both available (default)
#
#   Transport Options:
#     -ipaddr <w.x.y.z>   Specifies the IP address the server should respond
#                         to (default is the first IP address of the system)
#                         This option also allows one machine to advertise
#                         TCP/IP for another machine.
#     -server_quantum <number> 
#                         Specifies the DSI server quantum. The minimum
#                         value is 1MB. The max value is 0xFFFFFFFF. If you 
#                         specify a value that is out of range, you'll get 
#                         the default value (currently the minimum).
#     -admingroup <groupname>
#                         Specifies the group of administrators who should all
#                         be seen as the superuser when they log in.  Default
#                         is disabled.
#     -ddpaddr x.y        Specifies the DDP address of the server. the 
#			  default is to auto-assign an address
#                         (0.0). this is only useful if you're running
#			  on a multihomed host.
#     -port <number>      Specifies the TCP port the server should respond
#                         to (default is 548)
#     -fqdn <name:port>   specify a fully-qualified domain name (+
#                         optional port). this gets discarded if the
#			  server can't resolve it. this is not honored
#                         by appleshare clients <= 3.8.3 (default: none)
#     -proxy              Run an AppleTalk proxy server for specified AFP/TCP
#                         server (if address/port aren't given, then
#			  first IP address of the system/548 will be used).
#                         if you don't want the proxy server to act as
#                         a ddp server as well, set -uamlist to an
#			  empty string.
#     -noslp              Don't register this server with the Service
#			  Location Protocol.
#
#
#   Authentication Methods:
#     -uampath <path>  Use this path to look for User Authentication Modules.
#		       (default: :UAMS_PATH:)
#     -uamlist <a,b,c> Comma-separated list of UAMs. (default:
#		       uams_guest.so,uams_clrtxt.so,uams_dhx.so) 
#
#		       some commonly available UAMs:
#                      uams_guest.so: Allow guest logins
#
#		       uams_clrtxt.so: (uams_pam.so or uams_passwd.so)
#				      Allow logins with passwords
#				      transmitted in the clear. 
#
#		       uams_randnum.so: Allow Random Number and Two-Way
#				       Random Number exchange for
#				       authentication.
#
#		       uams_dhx.so: (uams_dhx_pam.so or uams_dhx_passwd.so)
#		                    Allow Diffie-Hellman eXchange
#				    (DHX) for authentication.
#
#   Password Options:
#     -[no]savepassword   [Don't] Allow clients to save password locally
#     -passwdfile <path>  Use this path to store Randnum
#			  passwords. (Default: :ETCDIR:/afppasswd. The only
#                         other useful value is ~/.passwd. See 'man afppasswd'
#                         for details.)
#     -passwdminlen <#>   minimum password length. may be ignored.
#     -[no]setpassword    [Don't] Allow clients to change their passwords.
#     -loginmaxfail <#>   maximum number of failed logins. this may be
#			  ignored if the uam can't handle it.
#
#   AppleVolumes files:
#     -defaultvol <path>  Specifies path to AppleVolumes.default file
#                         (default :ETCDIR:/AppleVolumes.default,
#                         same as -f on command line)
#     -systemvol <path>   Specifies path to AppleVolumes.system file
#                         (default :ETCDIR:/AppleVolumes.system,
#                         same as -s on command line)
#     -[no]uservolfirst   [Don't] read the user's ~/AppleVolumes or
#                         ~/.AppleVolumes before reading
#                         :ETCDIR:/AppleVolumes.default
#                         (same as -u on command line)
#     -[no]uservol        [Don't] Read the user's volume file
#
#
#   Miscellaneous:
#     -authprintdir <path> Specifies the path to be used (per server) to 
#			   store the files required to do CAP-style
#			   print authentication which papd will examine
#			   to determine if a print job should be allowed.
#			   These files are created at login and if they
#			   are to be properly removed, this directory
#			   probably needs to be umode 1777
#     -guestname "user"   Specifies the user name for the guest login
#                         (default "nobody", same as -g on command line)
#     -loginmesg "Message"  Client will display "Message" upon logging in
#                         (no default, same as -l "Message" on commandline)
#     -nodebug            Switch off debugging
#     -client_polling     With this switch enabled, afpd won't advertise
#                         that it is capable of server notifications, so that
#                         connected clients poll the server every 10 seconds
#                         to detect changes in opened server windows.
#                         Note: Depending on the number of simultaneously
#                         connected clients and the network's speed, this can
#                         lead to a significant higher load on your network!
#     -sleep   <number>   AFP 3.x wait number hours before disconnecting
#                         clients in sleep mode. Default 10 hours
#     -tickleval <number> Specify the tickle timeout interval (in seconds).
#                         Note, this defaults to 30 seconds, and really 
#                         shouldn't be changed.  If you want to control
#                         the server idle timeout, use the -timeout option.
#     -timeout <number>   Specify the number of tickles to send before
#                         timing out a connection.  The default is 4, therefore
#                         a connection will timeout in 2 minutes.
#     -icon               Use the platform-specific icon.
#     -[un]setuplog "<logtype> <loglevel> [<filename>]"
#                         Specify that the given loglevel should be applied
#                         to log messages of the given logtype and that 
#                         these messages should be logged to the given file.
#                         If the filename is ommited the loglevel applies to 
#                         messages passed to syslog.  
#                         Each logtype may have a loglevel applied to syslog 
#                         and a loglevel applied to a single file.  Latter
#                         -setuplog settings will override earlier ones of
#                         the same logtype (file or syslog).
#                         logtypes:  Default, Core, Logger, CNID, AFPDaemon
#                         loglevels: LOG_SEVERE, LOG_ERROR, LOG_WARN, LOG_NOTE,
#                                    LOG_INFO, LOG_DEBUG, LOG_DEBUG6, LOG_DEBUG7, 
#                                    LOG_DEBUG8, LOG_DEBUG9, LOG_MAXDEBUG
#
#                         for example:
#                    -setuplog "logger log_maxdebug /var/log/netatalk-logger.log"
#                    -setuplog "afpdaemon log_maxdebug /var/log/netatalk-afp.log"
#                    -unsetuplog "default level file" 
#                    -setuplog "default log_maxdebug"
#
#     -signature { user:<text> | host }
#                         Specify a server signature. This option is useful while
#                         running multiple independent instances of afpd on one 
#                         machine (eg. in clustered environments, to provide fault
#                         isolation etc.). "host" signature type allows afpd generating
#                         signature automatically (based on machine primary IP address).
#                         "user" signature type allows administrator to set up a signature
#                         string manually. Examples: three servers running on one machine:
#           first       -signature user:USERS
#           second      -signature user:USERS
#           third       -signature user:ADMINS
#                First two servers will act as one logical AFP service - if user logs in to 
#                first one and then  connects to second one, session will be automatically 
#                redirected to the first one. But if client connects to first and then to third, 
#                will be asked for password twice and will see  resources of both servers. 
#                Traditional method of signature generation causes two independent afpd instances
#                to have the same signature and thus cause clients to be redirected automatically
#                to server (s)he logged in first.
#     -k5service <service>
#     -k5realm <realm>
#		 These are required if the server supports Kerberos 5 authentication
#
#   Codepage Options:
#      -unixcodepage <CODEPAGE>     Specifies the servers unix codepage, e.g. "ISO-8859-15" or "UTF8".
#			            This is used to convert strings to/from the systems locale, e.g.
#                                   for authenthication. Defaults to LOCALE if your system supports it, 
#                                   otherwise ASCII will be used.
#
#      -maccodepage <CODEPAGE>      Specifies the mac clients codepage, e.g. "MAC_ROMAN".
#			            This is used to convert strings to the systems locale, e.g. 
#                                   for authenthication and SIGUSR2 messaging. This will also be
#                                   the default for volumes maccharset.
#
#   CNID related options:
#      -cnidserver ipaddress:port   Specifies the IP address and port of a cnid_metad server.
#

 
#		
# Some examples:
#
#	The simplest case is to not have an afpd.conf.
#
#	4 servers w/ names server1-3 and one w/ the hostname. servers
#       1-3 get routed to different ports with server 3 being bound 
#       specifically to address 192.168.1.3
#		-
#		server1 -port 12000
#		server2 -port 12001
#		server3 -port 12002 -ipaddr 192.168.1.3
#
#	a dedicated guest server, a user server, and a special
#	ddp-only server:
#		"Guest Volume" -uamlist uams_guest.so -loginmesg "Welcome guest!"
#		"User Volume" -uamlist uams_clrtxt.so -port 12000
#		"special" -notcp -defaultvol <path> -systemvol <path>
#
# default:
# - -transall -uamlist uams_clrtxt.so,uams_dhx.so -nosavepassword