Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
pure-certd(8)			   Pure-FTPd			 pure-certd(8)

NAME
       pure-certd - TLS	certificate agent for Pure-FTPd.

SYNTAX
       pure-certd   [-p	  </path/to/pidfile>]  [-u  uid]  [-g  gid]  [-B]  <-s
       /path/to/socket>	-r /program/to/run

DESCRIPTION
       pure-certd is a daemon that forks an authentication program, waits  for
       a certificate path as a reply, and returns it to	an application server.

       pure-certd  listens  to	a  local Unix socket. A	new connection to that
       socket should send pure-authd the following structure:

	      sni_name:xxx end

       These content is	passed to the authentication program, as  an  environ-
       ment variable:

	      CERTD_SNI_NAME

       The  authentication program should take appropriate actions to select a
       TLS certificate,	and reply to the standard output  with	the  following
       format:

	      action:strict			   cert_file:/path/to/cert.pem
	      key_file:/path/to/cert.pem end

       cert_file:xxx
	      Absolute path to the certificate in PEM format.

       key_file:xxx
	      This is optional,	as a certificate and its key can  be  concate-
	      nated in the same	file.

       action:xxx
	      If  action  is "deny", a certificate for that name was not found
	      and access is denied.  If	xxx is "default", the default certifi-
	      cate  will  be  used.  If	xxx is "strict", the certificate whose
	      path is indicated	in "cert_path" will be used. If	absent or  in-
	      valid,  access  will  be denied.	If xxx is "fallback", the cer-
	      tificate whose path is indicated in "cert_path" will be used. If
	      absent or	invalid, the default certificate will be used instead.

       uid:xxx
	      The system uid to	be assigned to that user. Must be > 0.

       gid:xxx
	      The primary system gid. Must be >	0.

       dir:xxx
	      The  absolute  path to the home directory. Can contain /./ for a
	      chroot jail.

       Only one	authentication program is forked at a  time.  It  must	return
       quickly.

OPTIONS
       -u <uid>
	      Have the daemon run with that uid.

       -g <gid>
	      Have the daemon run with that gid.

       -B     Fork in background (daemonization).

       -s </path/to/socket>
	      Set the full path	to the local Unix socket.

       -r </path/to/program>
	      Set the full path	to the authentication program.

       -h     Output help information and exit.

EXAMPLES
       To run this program the standard	way type:

       pure-certd -s /var/run/certd.sock -r /usr/bin/my-cert-program &

       pure-ftpd -lextauth:/var/run/certd.sock &

       /usr/bin/my-cert-program	can be as simple as:
	      #! /bin/sh

	      echo 'action:strict'

	      echo 'cert_file:/etc/ssl/private/pure-ftpd/cert.pem'

	      echo 'end'

AUTHORS
       Frank DENIS <j at pureftpd dot org>

SEE ALSO
       ftp(1),	 pure-ftpd(8)	pure-ftpwho(8)	pure-mrtginfo(8)  pure-upload-
       script(8) pure-statsdecode(8)  pure-pw(8)  pure-quotacheck(8)  pure-au-
       thd(8)

Frank Denis			    1.0.49			 pure-certd(8)

NAME | SYNTAX | DESCRIPTION | OPTIONS | EXAMPLES | AUTHORS | SEE ALSO

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=pure-certd&sektion=8&manpath=FreeBSD+13.0-RELEASE+and+Ports>

home | help