|command||Stores command files.|
|file||All files served from the radmind server are stored in the file directory. All files for a given transcript are stored in file/<transcript> where <transcript> is the name of the transcript. A file is stored in file/<transcript> /<path> where <path> is the files path as listed in the transcript.|
|special||All special files are stored in special. The special files for a given host are stored in special/<key> where <key> is the clients CN, fully qualified domain name or IP address as matched in the config file. Individual special files are stored in special/<host> /<path> where <path> is the path of the special file as listed in the clients command file.|
|tmp/file||All files stored on the server using the STOR command are saved in tmp/file. Files for a given transcript are stored in tmp/transcript/<transcript> /<path> where <transcript> is the name of the transcript and <path> is the files path as given in the STOR command.|
|tmp/transcript||All transcripts stored on the server using the STOR command are saved in tmp/transcript.|
Radmind currently supports the following Radmind Access Protocol ( RAP ) requests:
QUIT terminate session NOOP do nothing HELP display helpful message STAT stat a transcript, command or special file. When statting a command file or transcript, the mode, UID and GID default to 0444, 0, and 0 respectively. If no command file is specified, the server returns information on the base command file as indicated in the config file.
Status of a special file is determined by a single transcript line listed in a file named special/<special-file-path>.T , where <special-file-path> is the full path to the special file. If that does not exist, a listing for the file in the transcript/special.T transcript in the transcript directory will be used. If neither of those exist, the defaults are returned.
RETR retrieve a file, transcript command or special file. If no command file is specified, the server returns the base command file as indicated in the config file. STOR store a file or transcript. If user authentication is enabled, this command is only valid after the client sends a successful LOGI. STAR Start TLS. If the server is run with an authorization level of 2, this command must be given before a client can send a STAT, RETR, or STOR. LOGI Login user. This command is only valid after TLS has been started. COMP start compression REPO report a client status message. The daemon logs the message in the following format:
report HOSTNAME IP CN - EVENT MESSAGE...
First the string "report", followed by the clients hostname and IP address. If the client authenticates to the server with a certificate, its common name will be listed next. If the client does not present a certificate, a - will be listed. Next, a - is printed as a placeholder for a future field. Finally, the event and message are logged as reported by the client.
-a bind-address specifies the address on which the server should listen, e.g. 127.0.0.1. By default the server listens on all available interfaces (wildcard address). -B register daemon as a Bonjour service. Replaces deprecated -R option. -b backlog Defines the maximum queue of pending connections to listen(2), by default five. -C crl-pem-file-or-dir specifies either a single PEM-formatted file containing the CRL(s) or a directory that contains the CRL(s). Any CRLs in a directory must be in PEM format and the directory must have been processed with the openssl c_rehash utility. -D path specifies the radmind working directory, by default /var/radmind -d debug mode. Does not disassociate from controlling tty. -F syslog-facility specifies to which syslog facility to log messages. -f run in foreground -L syslog-level specifies at which syslog level to log messages. -m max-connections specifies the maximum number of simultaneous connections, by default 0. Value must be greater than or equal to 0 with 0 indicating no limit. -p port specifies the port of the radmind server, by default 6222. -P ca-directory specifies a directory that contains certificates to be used when verifying a client. Certificates must be in PEM format and the directory must have been processed with the openssl c_rehash utility. -r use random seed file $RANDFILE if that environment variable is set, $HOME/.rnd otherwise. See RAND_load_file(3o). -u umask specifies the umask the server uses to write files to the disk, defaulting to the users umask. -U Turn on PAM user authentication. Requires auth-level > 0. radmind uses the PAM service name radmind. -V displays the version of radmind and exits. -w auth-level TLS authorization level, by default 0. 0 = no TLS, 1 = server verification, 2 = server and client verification, 3 = server and client verification with crl checking, 4 = server and client verification with full-chain crl checking. -x ca-pem-file Certificate authoritys public certificate, by default /var/radmind/cert/ca.pem. The default is not used when -P is specified. -y cert-pem-file Servers public certificate, by default /var/radmind/cert/cert.pem. -z private-key-file Servers private key, by default /var/radmind/cert/cert.pem. -Z max-compression-level Offer compression to clients. If client requests compression, the server will compress all outbound data using using the lower value of max_compression_level or compression level set by client. max-compression-level can be between 0 and 9: 1 gives best speed, 9 gives best compression, 0 gives no compression at all (the input data is simply copied a block at a time).
The following example of /var/radmind/config defines four known clients, each using one of three different command files. Also, any client that ends with ".lab.umich.edu" will get lab.K as its config file and clients in the IP range 220.127.116.11 through 18.104.22.168 will get solaris8.K as their config file. Note that numeric ranges ignore leading zeros. Therefore the last line will match clients with hostnames of mac1.umich.edu, mac01.umich.edu, mac001.umich,edu, etc.
# # Client command file optional-comment # amber.umich.edu apple.K # mail server josh.umich.edu apple.K ben.umich.edu apple-test.K oreo.umich.edu solaris8.K *.lab.umich.edu lab.K 212.12.243.<1-50> solaris8.K mac<1-15>.umich.edu apple.K
fsdiff(1), ktcheck(1), lapply(1), lcreate(1), lcksum(1), lfdiff(1), lmerge(1), lsort(1), repo(1), twhich(1), pam.conf(4), RAND_load_file(3o).
Also see the three Linux-PAM Guides, for System administrators, module developers, and application developers.
|RSUG||RADMIND (8)||December 12, 2010|