NAME
afserver.conf - Configuration File for afserver
INTRODUCTION
Afserver supports several mechanisms to supply configuration and run-
time parameters: command line options, afserver.conf and hard-coded
defaults. When the same information is supplied in more than one way,
the highest precedence mechanism is used. When configuration file is
used (option: -f FILE) command line options like --hostname,
--listenport, --manageport and --pass are ignored. Options from
configuration file are taken before values from command line (with the
exception of --cerfile, --keyfile and --dateformat ). When something is
not declared, hard-coded values are used.
DESCRIPTION
Afserver uses configuration file, which name is supplied by the -f FILE
option. The afserver.conf file is composed of two sections which have
to be in fixed order. In first section global values like cerfile,
keyfile and logging options are set. The second section starts with
first realm command and includes options describing specific realms.
There may be several realm commands.
GLOBAL OPTIONS
cerfile FILE
the name of the file with certificate (default: server-cert.pem)
cacerfile FILE
the name of the file with CA certificates (if used, require clients
to have valid certificates)
cerdepth N
the maximum depth of valid certificate-chains
keyfile FILE
the name of the file with RSA key (default: server.rsa)
log LOGCMD
log choosen information to file/socket
dateformat FORMAT
format of the date printed in logs (see ’man strftime’ for details)
(default: %d.%m.%Y %H:%M:%S). Format string is trimmed. In order to
include white characters into format string, use dots to mark beginning
and end of the text. If the dot is first or last character, it’s
removed. Only one character from the beginning and one from the end can
be removed.
REALM OPTIONS
realm [NAME]
starts configuration of the next realm. Name of the realm can be
specified using this option.
hostname NAME
used when creating listening sockets (default: ’’)
listenport PORT
listening port number - users connect to it (required at least one)
manageport PORT
manage port number - afclient connects to it (required at least one)
pass PASSWORD
password used for client identification (default: no password)
users N
the amount of users allowed to use this server (default: 5)
timeout N
the timeout value for the client’s connection (default: 5)
--maxidle N
the maximum idle time for the client’s connection (default: disabled)
clients N
the number of allowed clients to use this server (default: 1)
raclients N
the number of allowed clients in remote administration mode to use
this server (default: 1)
usrpcli N
the number of allowed users per client (default: $users)
climode N
strategy used to connect users with clients (default: 1)
Available strategies:
1. fill first client before go to next
proto TYPE
type of server (tcp|udp) - what protocol it will be operating for
(default: tcp)
nossl
ssl is not used to transfer data (but it’s still used to establish a
connection) (default: ssl is used)
nozlib
zlib is not used to compress data (default: zlib is used)
baseport
listenports are temporary and differ for each client
audit
additional information about connections are logged
dnslookups
try to obtain dns names of the computers rather than their numeric IP
ipv4
use ipv4 only
ipv6
use ipv6 only
enableproxy
enable http proxy mode
SEE ALSO
afclient.conf(5), afclient(1), afserver(1)
AUTHOR
Jeremian <jeremian [at] poczta.fm>
CONTRIBUTIONS
Alex Dyatlov <alex [at] gray-world.net>, Simon <scastro [at]
entreelibre.com>, Ilia Perevezentsev <iliaper [at] mail.ru>, Marco
Solari <marco.solari [at] koinesistemi.it>, and Joshua Judson Rosen
<rozzin [at] geekspace.com>
LICENSE
Active Port Forwarder is distributed under the terms of the GNU General
Public License v2.0 and is copyright (C) 2003-2007 jeremian <jeremian
[at] poczta.fm>. See the file COPYING for details.