NAME¶
nuauth - NUFW authentication server
SYNOPSIS¶
nuauth [
-h ] [
-V ] [
-v[v...] ] [
-l
(local, for clients) port ] [
-C (local, for
clients) address ] [
-L (local, for nufw)
address ] [
-p (local, for nufw) port ] [
-t timeout ] [
-D ]
DESCRIPTION¶
This manual page documents the
nuauth command.
Nuauth is the authentication server of the NUFW package. Whenever a client sends
a packet(1) to start a connection through the gateway, the client program
(nutcpc), installed on the client's station, sends an authentication packet(2)
to nuauth. The gateway's firewall queues the packet(1) and sends informations
about it directly to the nuauth server. Nuauth's job is to analyse both
packets(1) and (2), and check user owns the right to initialize the connection
(s)he has tried to. If Nuauth finds so, Nuauth sends authorization to Nufw to
accept the packet(1) through, and the connection gets initialized. If not, the
connection is Dropped.
Nuauth can use a backend LDAP server for user and groups definitions, as well as
Access Lists associated with those groups. Interface to Users/Groups database
can also be performed through PAM/NSS. An option is also to store the user
database in DBM files. It should be noted that dynamic modifications of the
users base can currently only be performed if an LDAP database is used.
Original packaging and informations and help can be found from
http://www.nufw.org/
OPTIONS¶
- -h
- Issues usage details and exits.
- -V
- Issues version and exits.
- -v
- Increases verbosity level. Multiple switches are accepted
and each of them increases the verbosity level by one. Default verbosity
level is 2, max is 10.
- -l port
- Specifies TCP port to listen on for clients. Default value
: 4129
- -L address
- Address to listen on for NuFW packets. Default :
127.0.0.1
- -C address
- Address to listen on for clients packets. Default :
0.0.0.0
- -d address
- Network address of the nufw (gateway) servers. Only NuFW
servers at those addresses will be allowed to talk to nuauth.
- -p port
- This option is DEPRECATED and was in use only in v1 of the
protocol, which was proof of concept, non-encrypted.
Specifies UDP port to send data to when addressing the nufw (gateway)
server. Nufw server must be setup to listen on that port. Default value :
4128
- -t seconds
- Specifies timeout to forget packets not identified, and
identification packets matching nothing. Default value : 15 s.
- -D
- Run as a daemon. If started as a daemon, nuauth logs
message to syslog. If you don't specify this option, messages go to the
console nuauth is running on, both on STDOUT and STDERR. Unless you are
debugging something, you should run nuauth with this option.
SIGNALS¶
The
nuauth daemon is designed to deal with several signals : HUP, USR1,
USR2, and POLL.
- HUP
- Reload configuration. The nuauth daemon reloads its
configuration when receiving this signal. Since 2.2.19, it also refreshes
the CRL file content.
- USR1
- Increases verbosity. The daemon then acts as if it had been
launched with one supplementary '-v'.A line is also added to the system
log to mention the signal event.
- USR2
- Decreases verbosity. The daemon then acts as if it had been
launched with one less '-v'. A line is also added to the system log to
mention the signal event.
- POLL
- Logs an "audit" line, mentioning how many network
datagrams were received and sent since daemon startup.
SEE ALSO¶
nufw(8)
AUTHOR¶
Nuauth was designed and coded by Eric Leblond, aka Regit
(<eric@regit.org>) , and Vincent Deffontaines, aka gryzor
(<vincent@gryzor.com>). Original idea in 2001, while working on NSM Ldap
support.
This manual page was written by Vincent Deffontaines
Permission is granted to copy, distribute and/or modify this document under the
terms of the GNU Free Documentation License, Version 2 as published by the
Free Software Foundation; with no Invariant Sections, no Front-Cover Texts and
no Back-Cover Texts.