radmind
By: Richard Glaser - Revised: 2006-05-27 richardManual Page
radmind(8) System Manager's Manual radmind(8)
NAME
radmind - Remote administration daemon
SYNOPSIS
radmind [ -dRrUV ] [ -a bind-address ] [ -b backlog ] [ -D path ] [
-F syslog-facility ] [ -L syslog-level ] [ -m max-connections ] [
-p port ] [ -u umask ] [ -w auth-level ] [ -x ca-pem-file ] [ -y cert-
pem-file ] [ -z private-key-file ] [ -Z max-compression-level ]
DESCRIPTION
Radmind uses the radmind access protocol to communicate with radmind
clients.
On startup, radmind changes directory to /var/radmind, creates command,
file, special, tmp, tmp/file, tmp/transcript and transcript ( with per-
missions 0750 ) if they do not exist, and begins listening on the rad-
mind port ( by default 6662 ) for incoming connections. With the -D
option, radmind will use path as its working directory. Radmind forks
a child for each connection.
The file config contains a list of known clients that can connect to
radmind, one per line. Each line contains the CN, domain name or IP
address of the client and the client's command file. The server checks
each line of the config file, first checking to see if the connecting
client's CN, domain name, and finally IP address match in that order.
CNs and domain names are case insensitive. If the optional third field
begins with a '#', it is ignored and treated as an in-line comment.
Lines that are blank or begin with '#' are ignored. '*' is a wildcard
and will match any string. A number range can be given by "<min-max>"
where min is the lower bound and max is the upper bound. '\' can be
used to escape any character.
A client is only given access to command files and transcripts listed
in their base command file as determined by the config file.
DIRECTORY STRUCTURE
command Stores command files.
transcripts Stores transcripts.
file All files served from the radmind server are stored
in the file directory. All files for a given tran-
script are stored in file/<transcript> where <tran-
script> is the name of the transcript. A file is
stored in file/<transcript>/<path> where <path> is
the file's path as listed in the transcript.
special All special files are stored in special. The spe-
cial files for a given host are stored in spe-
cial/<key> where <key> is the client's CN, fully
qualified domain name or IP address as matched in
the config file. Individual special files are
stored in special/<host>/<path> where <path> is the
path of the special file as listed in the client's
command file.
tmp/file All files stored on the server using the STOR com-
mand are saved in tmp/file. Files for a given tran-
script are stored in tmp/transcript/<transcript>
/<path> where <transcript> is the name of the tran-
script and <path> is the file's path as given in the
STOR command.
tmp/transcript All transcripts stored on the server using the STOR
command are saved in tmp/transcript.
RADMIND ACCESS PROTOCOL
Radmind currently supports the following Radmind Access Protocol ( RAP
) requests:
QUIT terminate session
NOOP do nothing
HELP display helpful message
STAT stat a transcript, command or special file. When statting a
command file or transcript, the mode, UID and GID default to
0444, 0, and 0 respectively. If no command file is speci-
fied, the server returns information on the base command file
as indicated in the config file.
Status of a special file is determined by a single transcript
line listed in a file named special/<special-file-path>.T,
where <special-file-path> is the full path to the special
file. If that does not exist, a listing for the file in the
transcript/special.T transcript in the transcript directory
will be used. If neither of those exist, the defaults are
returned.
RETR retrieve a file, transcript command or special file. If no
command file is specified, the server returns the base com-
mand file as indicated in the config file.
STOR store a file or transcript. If user authentication been
turned on, this command is only valid after the client sends
a successful LOGI.
STAR Start TLS. If the server is run with an authorization level
of 2, this command must be given before a client can send a
STAT, RETR, or STOR.
LOGI Login user. This command is only valid after TLS has been
started.
COMP start compression
OPTIONS
-a bind-address specifies the address on which the server should
listen, e.g. 127.0.0.1. By default the server lis-
tens on all available interfaces (wildcard address).
-b backlog Defines the maximum queue of pending connections to
listen(2), by default five.
-D path specifies the radmind working directory, by default
/var/radmind
-d debug mode. Does not disassociate from controlling
tty.
-F syslog-facility specifies to which syslog facility to log messages.
-L syslog-level specifies at which syslog level to log messages.
-m max-connections specifies the maximum number of simultaneous connec-
tions, by default 0. Value must be greater than or
equal to 0 with 0 indicating no limit.
-p port specifies the port of the radmind server, by default
6662.
-R registers daemon as a Rendezvous service (Mac OS X
only).
-r use random seed file $RANDFILE if that environment
variable is set, $HOME/.rnd otherwise. See
RAND_load_file(3o).
-u umask specifies the umask the server uses to write files
to the disk, defaulting to the user's umask.
-U Turn on PAM user authentication. Requires auth-
level > 0. radmind uses the PAM service name rad-
mind.
-V displays the version of radmind and exits.
-w auth-level TLS authorization level, by default 0. 0 = no TLS,
1 = server verification, 2 = server and client veri-
fication.
-x ca-pem-file Certificate authority's public certificate, by
default /var/radmind/cert/ca.pem.
-y cert-pem-file Server's public certificate, by default /var/rad-
mind/cert/cert.pem.
-z private-key-file
Server's private key, by default /var/rad-
mind/cert/cert.pem.
-Z max-compression-level
Offer compression to clients. If client requests
compression, the server will compresses all outbound
data using using the lower value of max_compres-
sion_level or compression level set by client. max-
compression-level can be between 0 and 9: 1 gives
best speed, 9 gives best compression, 0 gives no
compression at all (the input data is simply copied
a block at a time).
EXAMPLES
The following example of /var/radmind/config defines four known
clients, each using one of three different command files. Also, any
client that ends with ".lab.umich.edu" will get lab.K as its config
file and clients in the IP range 212.12.243.1 through 212.12.243.50
will get solaris8.K as their config file. Note that numeric ranges
ignore leading zeros. Therefore the last line will match clients with
hostnames of mac1.umich.edu, mac01.umich.edu, mac001.umich,edu, etc.
#
# Client command file optional-comment
#
amber.umich.edu apple.K # mail server
josh.umich.edu apple.K
ben.umich.edu apple-test.K
oreo.umich.edu solaris8.K
*.lab.umich.edu lab.K
212.12.243.<1-50> solaris8.K
mac<1-15>.umich.edu apple.K
FILES
/var/radmind/config
SEE ALSO
fsdiff(1), ktcheck(1), lapply(1), lcreate(1), lcksum(1), lfdiff(1),
lmerge(1), lsort(1), twhich(1), pam.conf(4), RAND_load_file(3o).
Also see the three Linux-PAM Guides, for System administrators, module
developers, and application developers.
RSUG March 23, 2006 radmind(8)