Man Linux: Main Page and Category List


       pslave.conf - configuration file for portslave(8)


       A  line  that  starts  with  ’#’  is  a  comment.   Any other line is a
       configuration statement.  Configuration statements may be  extended  to
       cover multiple lines with a ’\’ character at the end of a line.


       In  previous  versions  of  Portslave  there  are  two  main  types  of
       configuration directives, global directives  that  start  with  ’conf.’
       and  line directives starting with ’all.’  or ’sXX.’  The configuration
       directives were divided (somewhat arbitarily)  into  global  directives
       that  apply  to  all  lines and line directives that may have different
       values for each line.  This distinction makes no sense to me, so I have
       removed  it.   Now  all  directives  can have different values for each
       line!  This gives this version  of  Portslave  many  new  configuration
       options that were previously absent.

       If  a line starts with ’conf.’  or ’all.’  then it’s value is a default
       value for all lines.  If a line starts with  ’sXX.’   then  it’s  value
       applies  to  the specified line (where ’XX’ specifies the number of the
       ’NAS port’ - a non-negative number).  This number is  the  command-line
       parameter used on the portslave command line.


       Configuration  directives  are  all  comprised  of a name followed by a
       value.  The value may be of type int, dynamic int, bool, string,  enum,
       hostname,  hostname  service,  IP number, IP number service, dynamic IP
       number, and chat-script.

       int    A simple number.

       dynamic int
              Number which may end in a ’+’ character to specify that  the  it
              is to have the port number added to it.

       bool   A boolean value, 0/no/false or 1/yes/true.

       string A  string  may  comprise multiple lines, non-terminal lines must
              end with a ’\’ character.  Strings do  not  need  quotes  around
              them  (double  quotes  around  strings are accepted but ignored,
              useful if you want leading or  trailing  white-space  I  guess).
              The  null  string  representation  is  "".  All the usual string
              escape sequences are supported,  \n  for  a  new  line,  \r  for
              carriage   return,  ^D  or  ^d  means  the  controll-D  sequence
              (character ASCII 4 EOT).

       enum   One of several string values that are internally translated to a

              Hostnames are resolved to IP addresses immediately upon startup!
              You must have your  name  server  running  before  Portslave  is

       hostname service
              hostname  and  IP  service  (either  a  number  or  a name to be
              resolved from /etc/services).  The IP service is optional, if it
              is  specified  then  the  IP address must be enclosed in "[" and

       IP number
              Simple dotted-quad IP address.

       dynamic IP number
              Dotted-quad IP address which may  end  in  a  ’+’  character  to
              specify  that the IP address is to have the port number added to


       Lines may be expanded in the following fashion:

       s{32-63}.tty tts/C{0-31}

       This means the same as the following:

       s32.tty tts/C0 s33.tty tts/C1 ...  s63.tty tts/C31


              bool - whether to write users’ passwords to syslog (default no).

              A chat script is at it’s simplest a series of expect send pairs.
              The system will expect a string and then send another string  in
              response   if/when   it   receives   the   expect   string.   An
              expect-string may be of the form A-B-C  in  which  case  if  the
              sub-string  A  is not found due to timeout then the sub-string B
              will be sent and then the sub-string C  will  be  expected.   NB
              There  must  be exactly three parts to an expect-string that has
              sub-strings and they are to  be  delimited  by  "-"  characters.
              Also note that to wait for a "-" you must escape it as "\-".

              The send string may have the following special escape sequences.
              "\d" for a one second delay, "\p" for a  100ms  pause,  "\l"  to
              lower DTR for one second, "\c" to specify that the string is not
              to end  with  a  "\r"  character,  and  "\K"  to  send  a  break

              Also  special  strings may be inserted before the expect strings
              in any part of the chat script.   The  special  strings  are  as

              TIMEOUT  XX  to specify that the new timeout when waiting for an
              expect string is to be XX seconds.

              WAIT DCD to wait for the DCD line of the modem to be asserted.

              STATUS USER-NAME HOST-NAME writes an entry to the  /var/run/utmp
              file  with  the  user  name  field  set  to  the first parameter
              (portslave uses "Incoming" and "Connected" as the default values
              for   the  first  two  phases  of  connecting).   It  also  uses
              "%p:I.HANDSHAKE"  as  the  default  for   the   hostname.    See
              ctlportslave for the use of this.

              ABORT  XX  to  abort  the connection if the string XX (which may
              contain multiple words surrounded by quotes) is received.

              SETVAR Z=XX to set the variable specified by the character Z  to
              the  text following the string XX (quote the entire Z=XX part if
              the string XX contains a space).  The variable Z may be ’C’  for
              the  connect string, ’S’ for the source of the call (from caller
              line identification), or ’D’ for the number dialled (from  CLI).
              Here  is an example to recognise the connect strings from common
              configurations of Hayes compatible modems:


              The first line does an unconditional assignment when the  string
              "CARRIER  "  is  found,  the second appends data to the variable
              when the string "PROTOCOL" is found, and the third  will  do  an
              assignment when the string "CONNECT" is found if the variable is

              Note that in the variable assignment white-space preceeding  the
              value is removed.


              String  -  Hostname  of  the  current  system.   Defaults to the
              hostname returned by gethostname().

              IP number - address for local end of SLIP and  PPP  connections,
              defaults to a DNS lookup of the value from hostname.

              String  -  Lock  directory,  defaults  to /var/lock which is the
              directory for FSSTD compliant  systems.   If  set  to  an  empty
              string then it will turn off locking.

       rlogin String  -  Where  to  find the rlogin binary that accepts the -i
              flag for specifying the local user-name.

              Defaults to the location where we install rlogin-radius.

       telnet String - Where to find telnet.  This  can  just  be  the  system

              Defaults to where telnet is detected on the local system.

       ssh    String - Where to find ssh.  This can just be the system SSH.

              Defaults to where ssh is detected on the local system.

       pppd   String  -  Where  to  find  our  patched  pppd that supports the

              Defaults to the location where we install pppd-radius.

              bool - If you set this to true, you can login locally by putting
              a  ’!’  before  your loginname.  Useful for emergencies when the
              RADIUS server is down.  Setting this  is  a  potential  security

              bool  - Set to true if you want CHAP authentication.  Turned off
              by default at the moment because the chap code in  pppd  doesn’t
              allow setting the IP address.

       syslog hostname  - The host to send remote syslog data to.  Leave empty
              for only local logging.

              int - The local facility number.  A number from 0 to 7 inclusive
              means syslog facility local0 to local7.

              string  -  Directory where your scripts that set up IP filtering
              (typically using ipchains or iptables) are  stored.   To  invoke
              them,  just add the RADIUS-attribute Framed-Filter-Id = "foo" to
              your profile, where foo is the name of script.  Then the  script
              will  be  run  as:  script  <start:stop>  <remote ip> <local ip>
              <remote netmask>

              bool - whether to remove a preceeding ’P’, ’C’, ’S’, ’!’, or ’L’
              or  a  trailing  ’.slip’, ’.cslip’, or ’.ppp’ before storing the
              user-name in the utmp.

       tty    string - this is the only line directive that can’t be  used  as
              an  ’all.’  or  path  or  relative to /dev) that is used for the
              device.  If you want devices /dev/tts/0 and /dev/ttr/5 to be NAS
              ports  1  and  2 respectively and have them use the default line
              settings (from the ’all’ values) then you can use the  following

              s1.tty    tts/0 s2.tty    ttr/5

       debug  int  -  0  means  no debug output, 1 means some, 2 means all.  2
              means lots of data!

              bool - if true then log to utmp like a regular getty/login.   Do
              not set this to false unless you really know what you are doing,
              it breaks ctlportslave (amoung other things).

              bool - if true then log to wtmp like a regular  getty/login  (NB
              we will never log to wtmp if utmp logging is off).

              string  - format of the utmp/wtmp FROM field.  See the expansion
              directives section.  The default  value  is  "%p:%P.%3.%4",  for
              ctlportslave  to  work  properly the start of the string must be

              bool - emulate a modem.  This is for when Portslave is  directly
              connected  to  a machine that thinks it is connected to a modem.
              Portslave will emulate a Hayes compatible modem.

              enum - ’async’, ’sync’, ’isdn’, ’isdn-v120’, or ’isdn-v110’.  If
              you don’t understand this then you probably want ’async’.

              enum   -   ’none’,   ’radius’,   ’tacacs’,   ’remote’,  ’local’,
              ’radius/local’,     ’tacacs/local’,      ’local/radius’,      or
              ’local/tacacs’  for which type of authentication to use.  ’none’
              means that we  just  use  the  supplied  user-name  for  logging
              purposes and don’t talk to the RADIUS server on login.

              string - file name for configuration file for radclient

              bool  - true means to accept RADIUS logins with a null password,
              false means to reject them.  Default true.

       tacauthhost1 tacauthhost2
              hostname - host names for  the  TACACS  Authentication  host  if
              Portslave is compiled with TACACS support.

              enum  -  ’login’,  ’rlogin’,  ’telnet’,  ’ssh1’,  ’ssh’, ’slip’,
              ’cslip’, ’ppp’, ’ppp_only’, ’tcpclear’,  ’tcplogin’,  ’console’,
              ’socket_client’, ’socket_server’, or ’socket_ssh’.
               Login  is  to exec /bin/login.  Rlogin, telnet, and ssh are for
              executing those programs to  login  to  other  machines.   Slip,
              cslip,  and PPP are for running those IP connectivity protocols,
              ppp_only is for leased line configuration.  Tcplogin and console
              are  apparently  not  implemented, with tcpclear I have not been
              able to work out what it does.  Contributions welcome!   Default

       host   hostname - default host for rlogin/telnet/ssh sessions.

              dynamic  IP number - used as the client IP address if the RADIUS
              server doesn’t send an IP address, or when it tells us to use  a
              dynamic address.

              IP  number  -  in almost all cases it should be,
              leave it at that unless you really know what you are doing.

       mtu    int - MTU for connection, 1500 is a good value  as  that’s  what
              Ethernet  uses and most packets get routed over Ethernet in some
              way so 1500 avoids  fragmentation  and  reduces  the  number  of
              packets needed to transfer data.

       mru    int  -  MRU  for connection, generally should be the same as the

              string - PPP command-line options to be used when we  autodetect
              a PPP session.  Note that the expansion directives apply.

       pppopt string  -  PPP  command-line  options  to  be  used when we have
              already authenticated the user and the service type is known  to
              be PPP.  Same format as autoppp.

       issue  string   -   message  that  is  issued  on  connect.   Expansion
              directives are applied.

       prompt string - login prompt,  default  is  "%h  login:  ".   Expansion
              directives are applied.

       term   string - terminal type for rlogin/telnet/ssh sessions.  Defaults
              to vt100.

       speed  int - port speed in bps.

              dynamic int - port number used for telnet targets.

       parity enum - ’none’, ’odd’, or ’even’.

              int - number of stop bits.

              int - size of a character 5, 6, 7, or 8 bits.

       dcd    bool - use the DCD line or not (this sets CLOCAL if  off).  This
              means that the session will get hung up if the modem hangs up.

       flow   enum  - ’none’, ’hard’, or ’soft’.  Hardware (RTS/CTS), software
              (XON/XOFF AKA ^S/^Q), or no flow control.

              chat-script - the chat script for  initialising  the  modem  and
              answering.  Needs much more documentation on this.

              string    -    configuration   file   for   radclient   (default

              string - the times that are allowed for logins.

              bool - if true then the maximum  length  of  the  call  will  be
              determined by the value of the login_time setting.


       These directives can be used for the format of the utmp/wtmp field, for
       the autoppp, pppopt, issue, prompt fields, and others.

       %l     login name

       %L     stripped login name

       %p     NAS port number

       %P     protocol

       %b     port speed

       %H     host for telnet/ssh connections

       %i     local IP

       %j     remote IP

       %1     first byte (MSB) of remote IP

       %2     second byte of remote IP

       %3     third byte of remote IP

       %4     fourth byte (LSB) of remote IP

       %c     connect-info

       %m     netmask

       %M     multilink if the RADIUS server has PW_NAS_PORT_LIMIT set to > 1,
              otherwise empty string

       %t     MTU

       %r     MRU

       %I     idle timeout

       %T     session timeout

       %h     hostname

       %d     dcd  setting, expands to "modem" if DCD line is to be used or to
              "local" if it isn’t.  Put this on the ppp command line  to  give
              it  the right setting to match the value of the "dcd" attribute.

       %%     %


       The documentation section for protocol in the line  directives  section
       needs to be improved.  I intend to do so as soon as I work out what the
       code does.

       The initchat option needs heaps  more  documentation.   As  soon  as  I
       figure it out...

       The realm section needs to be improved, to do this I have to go through
       the code and comment what it does so I can understand it.


       This man page was written by Russell Coker <>.  May
       be freely used and distributed without restriction.


       portslave(8),                  pppd(8),                 cltportslave(1)

Russell Coker <>010.03.30                    pslave.conf(5)