'\" -*- coding: utf-8 -*-
'\" vim:fenc=utf-8
.if \n(.g .ds T< \\FC
.if \n(.g .ds T> \\F[\n[.fam]]
.de URL
\\$2 \(la\\$1\(ra\\$3
..
.if \n(.g .mso www.tmac
.TH x2gobroker-authservice 8 "Apr 2020" "Version 0.0.4.x" "X2Go Session Broker"
.SH NAME
x2gobroker-authservice \- PAM authentication service for X2Go Session Broker
.SH SYNOPSIS
'nh
.fi
.ad l
\fBx2gobroker-authservice\fR \kx
.if (\nx>(\n(.l/2)) .nr x (\n(.l/5)
'in \n(.iu+\nxu
[
\fIoptions\fR
]
'in \n(.iu-\nxu
.ad b
'hy
.SH DESCRIPTION
\fBx2gobroker-authservice\fR is a PAM authentication service for X2Go Session Broker. Whereas
the X2Go Session Broker runs as a non-privileged user (standalone daemon mode) or as the
also non-privileged httpd server's system user (WSGI mode), an authentication against PAM
requires root privileges in most cases (esp. for pam_unix.so).
.PP
Thus, the PAM authentication has been moved into a separate service. The communication
between X2Go Session Broker and PAM Authentication Service is handled through a
unix domain socket file (\fI<RUNDIR>/x2gobroker/x2gobroker-authservice.socket\fR).
.PP
This command is normally started through the host's init system.
.SH COMMON OPTIONS
\fBx2gobroker-authservice\fR accepts the following common options:
.TP
\*(T<\fB\-h, \-\-help\fR\*(T>
Display a help with all available command line options and exit.
.TP
\*(T<\fB\-D, \-\-daemonize\fR\*(T>
Fork this application to background and detach from the running terminal.
.TP
\*(T<\fB\-P, \-\-pidfile\fR\*(T>
Custom PID file location when daemonizing (default: \fI<RUNDIR>/x2gobroker/x2gobroker-authservice.pid\fR).
.TP
\*(T<\fB\-L, \-\-logdir\fR\*(T>
Directory where stdout/stderr will be redirected after having daemonized (default: \fI/var/log/x2gobroker/\fR).
.TP
\*(T<\fB\-s <AUTHSOCKET>, \-\-socket <AUTHSOCKET>\fR\*(T>
File name of the unix domain socket file used for communication between broker and authentication service.
.TP
\*(T<\fB\-o <OWNER>, \-\-owner <OWNER>\fR\*(T>
User ownership of the \fI<AUTHSOCKET>\fR file.
.TP
\*(T<\fB\-g <GROUP>, \-\-group <GROUP>\fR\*(T>
Group ownership of the \fI<AUTHSOCKET>\fR file.
.TP
\*(T<\fB\-p <PERMISSIONS>, \-\-permissions <PERMISSIONS>\fR\*(T>
Set these file permissions for the \fI<AUTHSOCKET>\fR file. Use numerical permissions (e.g. 0640).
.SH "FILES"
<RUNDIR>/x2gobroker/x2gobroker-authservice.socket
.SH AUTHOR
This manual has been written for the X2Go project by
Mike Gabriel <mike.gabriel@das-netzwerkteam.de>.