Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
PTSERVER(8)		     AFS Command Reference		   PTSERVER(8)

       ptserver	- Initializes the Protection Server

       ptserver	[-database | -db <db path>] [-p	<number	of threads>]
       [-d <debug level>]
	   [-groupdepth	<# of nested groups>]
	   [-default_access <user access mask> <group access mask>]
	   [-restricted] [-enable_peer_stats]
	   [-enable_process_stats] [-allow-dotted-principals]
	   [-rxbind] [-auditlog	<file path>]
	   [-audit-interface (file | sysvmq)]
	   [-syslog[=<FACILITY>]] [-rxmaxmtu <bytes>]

       The ptserver command initializes	the Protection Server, which must run
       on every	database server	machine. In the	conventional configuration,
       its binary file is located in the /usr/local/libexec/openafs directory
       on a file server	machine.

       The ptserver command is not normally issued at the command shell
       prompt, but rather placed into a	database server	machine's
       /usr/local/etc/openafs/BosConfig	file with the bos create command. If
       it is ever issued at the	command	shell prompt, the issuer must be
       logged onto a file server machine as the	local superuser	"root".

       The Protection Server performs the following tasks:

       o   Maintains the Protection Database, which contains entries for every
	   user	and group in the cell. Use the pts commands to administer the

       o   Allocates AFS IDs for new user, machine and group entries and maps
	   each	ID to the corresponding	name.

       o   Generates a current protection subgroup (CPS) at the	File Server's
	   request. The	CPS lists all groups to	which a	user or	machine

       When using Kerberos 5, cross-realm authentication is possible. If the
       special pts group system:authuser@FOREIGN.REALM exists and its group
       quota is	greater	than zero, aklog will automatically create an entry
       for the foreign user in the local PTS database and add the foreign user
       to the system:authuser@FOREIGN.REALM PTS	group.	Each time a foreign
       user is created in the local PTS	database, the group quota for the
       system:authuser@FOREIGN.REALM PTS group is decremented by one.

       This command does not use the syntax conventions	of the AFS command
       suites. Provide the command name	and all	option names in	full.

       -d <debug level>
	   Sets	the detail level for the debugging trace written to the
	   /var/openafs/logs/PtLog file. Provide one of	the following values,
	   each	of which produces an increasingly detailed trace: 0, 1,	5, 25,
	   and 125.

       -database <db path>, -db	<db path>
	   Specifies the pathname of an	alternate directory in which the
	   Protection Database files reside. Provide the complete pathname,
	   ending in the base filename to which	the ".DB0" and ".DBSYS1"
	   extensions are appended. For	example, the appropriate value for the
	   default database files is /var/openafs/db/prdb.

       -p <number of threads>
	   Sets	the number of server lightweight processes (LWPs or pthreads)
	   to run.  Provide a positive integer from the	range 3	to 16. The
	   default value is 3.

       -groupdepth <# of nested	groups>, -depth	<# of nested groups>
	   Specifies the group depth for nested	groups when ptserver is
	   compiled with the SUPERGROUPS option	enabled.  The default depth
	   for nested groups is	5.  This option	may be shortened to -depth.

       -default_access <user access> <group access>
	   Specifies the default user and group	privacy	flags to apply to each
	   entry. Provide a string of five characters, one for each of the
	   permissions.	See pts_examine(1) or pts_setfields(1) for more
	   information on the flags.

	   Run the PT Server in	restricted mode. While in restricted mode,
	   only	members	of the system:administrators PTS group may make	any
	   PTS changes.

	   Activates the collection of Rx statistics and allocates memory for
	   their storage. For each connection with a specific UDP port on
	   another machine, a separate record is kept for each type of RPC
	   (FetchFile, GetStatus, and so on) sent or received. To display or
	   otherwise access the	records, use the Rx Monitoring API.

	   Activates the collection of Rx statistics and allocates memory for
	   their storage. A separate record is kept for	each type of RPC
	   (FetchFile, GetStatus, and so on) sent or received, aggregated over
	   all connections to other machines. To display or otherwise access
	   the records,	use the	Rx Monitoring API.

	   By default, the RXKAD security layer	will disallow access by
	   Kerberos principals with a dot in the first component of their
	   name. This is to avoid the confusion	where principals user/admin
	   and user.admin are both mapped to the user.admin PTS	entry. Sites
	   whose Kerberos realms don't have these collisions between principal
	   names may disable this check	by starting the	server with this

	   Bind	the Rx socket to the primary interface only.  (If not
	   specified, the Rx socket will listen	on all interfaces.)

       -syslog[=<syslog	facility>]
	   Specifies that logging output should	go to syslog instead of	the
	   normal log file.  -syslog=FACILITY can be used to specify to	which
	   facility the	log message should be sent.  Logging message sent to
	   syslog are tagged with the string "ptserver".

       -auditlog <log path>
	   Turns on audit logging, and sets the	path for the audit log.	 The
	   audit log records information about RPC calls, including the	name
	   of the RPC call, the	host that submitted the	call, the
	   authenticated entity	(user) that issued the call, the parameters
	   for the call, and if	the call succeeded or failed.

       -audit-interface	(file |	sysvmq)
	   Specifies what audit	interface to use. Defaults to "file". See
	   fileserver(8) for an	explanation of each interface.

       -rxmaxmtu <bytes>
	   Sets	the maximum transmission unit for the RX protocol.

	   Prints the online help for this command. All	other valid options
	   are ignored.

       The following bos create	command	creates	a "ptserver" process on	the
       machine "". The command appears here on multiple lines only
       for legibility.

	  % bos	create -server -instance ptserver \
		       -type simple -cmd /usr/local/libexec/openafs/ptserver

       The issuer must be logged in as the superuser "root" on a file server
       machine to issue	the command at a command shell prompt. It is
       conventional instead to create and start	the process by issuing the bos
       create command.

       BosConfig(5), prdb.DB0(5), bos_create(8), bos_getlog(8),	pts(1)

       IBM Corporation 2000. <> All Rights Reserved.

       This documentation is covered by	the IBM	Public License Version 1.0.
       It was converted	from HTML to POD by software written by	Chas Williams
       and Russ	Allbery, based on work by Alf Wachsmann	and Elizabeth Cassell.

OpenAFS				  2016-12-14			   PTSERVER(8)


Want to link to this manual page? Use this URL:

home | help