Man Linux: Main Page and Category List


       nuauth - NUFW authentication server


       nuauth [ -h ] [ -V ] [ -v[v...] ] [ -l (local, for clients) port ] [ -C
       (local, for clients) address ] [ -L (local, for nufw) address  ]  [  -p
       (local, for nufw) port ] [ -t timeout ] [ -D ]


       This manual page documents the nuauth command.

       Nuauth  is  the  authentication  server of the NUFW package. Whenever a
       client sends a packet(1) to start a connection through the gateway, the
       client  program  (nutcpc),  installed on the client’s station, sends an
       authentication packet(2) to nuauth. The gateway’s firewall  queues  the
       packet(1)  and  sends  informations  about  it  directly  to the nuauth
       server.  Nuauth’s job is to analyse both packets(1) and (2), and  check
       user owns the right to initialize the connection (s)he has tried to. If
       Nuauth finds so, Nuauth sends  authorization  to  Nufw  to  accept  the
       packet(1)  through,  and  the  connection gets initialized. If not, the
       connection is Dropped.

       Nuauth can use a backend LDAP server for user and  groups  definitions,
       as  well  as  Access  Lists associated with those groups.  Interface to
       Users/Groups database can also be performed through PAM/NSS.  An option
       is  also  to  store  the user database in DBM files. It should be noted
       that dynamic modifications of the users  base  can  currently  only  be
       performed if an LDAP database is used.

       Original  packaging  and  informations  and  help  can  be  found  from


       -h     Issues usage details and exits.

       -V     Issues version and exits.

       -v     Increases verbosity level. Multiple switches  are  accepted  and
              each  of  them  increases  the  verbosity  level by one. Default
              verbosity level is 2, max is 10.

       -l port
              Specifies TCP port to listen on for clients.   Default  value  :

       -L address
              Address to listen on for NuFW packets. Default :

       -C address
              Address to listen on for clients packets. Default :

       -d address
              Network address of the nufw (gateway) servers. Only NuFW servers
              at those addresses will be allowed to talk to nuauth.

       -p port
              This option is DEPRECATED and was in  use  only  in  v1  of  the
              protocol, which was proof of concept, non-encrypted.

              Specifies  UDP  port  to  send  data to when addressing the nufw
              (gateway) server. Nufw server must be setup to  listen  on  that
              port. Default value : 4128

       -t seconds
              Specifies   timeout   to  forget  packets  not  identified,  and
              identification packets matching nothing.  Default value : 15  s.

       -D     Run  as a daemon. If started as a daemon, nuauth logs message to
              syslog. If you don’t specify this option,  messages  go  to  the
              console  nuauth is running on, both on STDOUT and STDERR. Unless
              you are debugging something, you should  run  nuauth  with  this


       The nuauth daemon is designed to deal with several signals : HUP, USR1,
       USR2, and POLL.

       HUP    Reload   configuration.   The   nuauth   daemon   reloads    its
              configuration  when receiving this signal. Since 2.2.19, it also
              refreshes the CRL file content.

       USR1   Increases verbosity. The daemon then acts  as  if  it  had  been
              launched with one supplementary ’-v’.A line is also added to the
              system log to mention the signal event.

       USR2   Decreases verbosity. The daemon then acts  as  if  it  had  been
              launched  with one less ’-v’. A line is also added to the system
              log to mention the signal event.

       POLL   Logs an "audit" line, mentioning how many network datagrams were
              received and sent since daemon startup.




       Nuauth   was   designed   and   coded   by   Eric  Leblond,  aka  Regit
       (<>)   ,   and   Vincent   Deffontaines,    aka    gryzor
       (<>).  Original  idea  in  2001, while working on NSM
       Ldap support.

       This manual page was written by Vincent Deffontaines

       Permission is granted to copy, distribute and/or modify  this  document
       under  the  terms  of  the GNU Free Documentation License, Version 2 as
       published by the Free Software Foundation; with no Invariant  Sections,
       no Front-Cover Texts and no Back-Cover Texts.

                               10 novembre 2008