SYNOPSIS

       radmind  [  -dBrUV  ]  [ -a bind-address ] [ -b backlog ] [ -D path ] [
       -F syslog-facility ] [  -L syslog-level  ]  [  -m max-connections  ]  [
       -P ca-directory  ]  [ -p port ] [ -u umask ] [ -w auth-level ] [ -x ca-
       pem-file ] [ -y cert-pem-file ] [ -z private-key-file ]  [  -Z max-com-
       pression-level ]


DESCRIPTION

       Radmind  uses  the  radmind access protocol to communicate with radmind
       clients.

       On startup, radmind changes directory to  _RADMIND_PATH,  creates  com-
       mand,  file,  special,  tmp,  tmp/file, tmp/transcript and transcript (
       with permissions 0750 ) if they do not exist, and begins  listening  on
       the  radmind  port  ( by default 6662 ) for incoming connections.  With
       the -D option, radmind will use path as its working directory.  Radmind
       forks a child for each connection.

       The  file  config  contains a list of known clients that can connect to
       radmind, one per line.  Each line contains the CN, domain  name  or  IP
       address of the client and the client's command file.  The server checks
       each line of the config file, first checking to see if  the  connecting
       client's  CN,  domain name, and finally IP address match in that order.
       CNs and domain names are case insensitive.  If the optional third field
       begins with a '#', it is ignored and treated as an in-line comment.

       Lines  that  are blank or begin with '#' are ignored. There are several
       supported wildcard patterns similar to shell globbing. '*'  will  match
       any  string.   A  number range can be given by "<min-max>" where min is
       the lower bound and max is the upper  bound.  '?'  matches  any  single
       character.  The square bracket character list, "[abcd]", will match any
       single character within the brackets. Comma-separated values  contained
       in  curly  braces,  "{riverrun,past,Eve}"  will  match  the first whole
       string found. '\' can be used to escape any character.

       A client is only given access to command files and  transcripts  listed
       in their base command file as determined by the config file.


DIRECTORY STRUCTURE

       command            Stores command files.

       transcripts        Stores transcripts.

       file               All  files served from the radmind server are stored
                          in the file directory.  All files for a given  tran-
                          script  are stored in file/<transcript> where <tran-
                          script> is the name of the transcript.   A  file  is
                          stored  in  file/<transcript>/<path> where <path> is
                          the file's path as listed in the transcript.

       special            All special files are stored in special.   The  spe-
                          cial  files  for  a  given  host  are stored in spe-

       tmp/transcript     All transcripts stored on the server using the  STOR
                          command are saved in tmp/transcript.


RADMIND ACCESS PROTOCOL

       Radmind  currently supports the following Radmind Access Protocol ( RAP
       ) requests:

       QUIT      terminate session

       NOOP      do nothing

       HELP      display helpful message

       STAT      stat a transcript, command or special file.  When statting  a
                 command  file or transcript, the mode, UID and GID default to
                 0444, 0, and 0 respectively.  If no command  file  is  speci-
                 fied, the server returns information on the base command file
                 as indicated in the config file.

                 Status of a special file is determined by a single transcript
                 line  listed  in a file named special/<special-file-path>.T ,
                 where <special-file-path> is the full  path  to  the  special
                 file.   If that does not exist, a listing for the file in the
                 transcript/special.T transcript in the  transcript  directory
                 will  be  used.   If neither of those exist, the defaults are
                 returned.

       RETR      retrieve a file, transcript command or special file.   If  no
                 command  file  is specified, the server returns the base com-
                 mand file as indicated in the config file.

       STOR      store a  file  or  transcript.   If  user  authentication  is
                 enabled,  this command is only valid after the client sends a
                 successful LOGI.

       STAR      Start TLS.  If the server is run with an authorization  level
                 of  2,  this command must be given before a client can send a
                 STAT, RETR, or STOR.

       LOGI      Login user.  This command is only valid after  TLS  has  been
                 started.

       COMP      start compression

       REPO      report  a  client status message. The daemon logs the message
                 in the following format:

                 report HOSTNAME IP CN - EVENT MESSAGE...

                 First the string "report", followed by the client's  hostname
                 and  IP  address.   If the client authenticates to the server
                 with a certificate, its common name will be listed next.   If
                          listen(2), by default five.

       -D path            specifies  the radmind working directory, by default
                          _RADMIND_PATH

       -d                 debug mode. Does not disassociate  from  controlling
                          tty.

       -F syslog-facility specifies  to which syslog facility to log messages.

       -f                 run in foreground

       -L syslog-level    specifies at which syslog level to log messages.

       -m max-connections specifies the maximum number of simultaneous connec-
                          tions,  by  default  _RADMIND_MAXCONNECTIONS.  Value
                          must be greater than or equal to 0 with 0 indicating
                          no limit.

       -p port            specifies the port of the radmind server, by default
                          6662.

       -P ca-directory    specifies a directory that contains certificates  to
                          be  used when verifying a client.  Certificates must
                          be in PEM format and the directory  must  have  been
                          processed with the openssl c_rehash utility.

       -r                 use  random  seed file $RANDFILE if that environment
                          variable  is   set,   $HOME/.rnd   otherwise.    See
                          RAND_load_file(3o).

       -u umask           specifies  the  umask the server uses to write files
                          to the disk, defaulting to the user's umask.

       -U                 Turn on PAM  user  authentication.   Requires  auth-
                          level  >  0.  radmind uses the PAM service name rad-
                          mind.

       -V                 displays the version of radmind and exits.

       -w auth-level      TLS authorization level, by  default  _RADMIND_AUTH-
                          LEVEL.   0  =  no  TLS, 1 = server verification, 2 =
                          server and client verification.

       -x ca-pem-file     Certificate  authority's  public   certificate,   by
                          default  _RADMIND_TLS_CA.   The  default is not used
                          when -P is specified.

       -y cert-pem-file   Server's  public  certificate,  by   default   _RAD-
                          MIND_TLS_CERT.

       -z private-key-file
       clients, each using one of three different command  files.   Also,  any
       client  that  ends  with  ".lab.umich.edu" will get lab.K as its config
       file and clients in the IP  range  212.12.243.1  through  212.12.243.50
       will  get  solaris8.K  as  their config file.  Note that numeric ranges
       ignore leading zeros.  Therefore the last line will match clients  with
       hostnames of mac1.umich.edu, mac01.umich.edu, mac001.umich,edu, etc.

              #
              # Client               command file     optional-comment
              #
              amber.umich.edu        apple.K          # mail server
              josh.umich.edu         apple.K
              ben.umich.edu          apple-test.K
              oreo.umich.edu         solaris8.K
              *.lab.umich.edu        lab.K
              212.12.243.<1-50>      solaris8.K
              mac<1-15>.umich.edu    apple.K



FILES

       _RADMIND_PATH/config


SEE ALSO

       fsdiff(1),  ktcheck(1),  lapply(1),  lcreate(1),  lcksum(1), lfdiff(1),
       lmerge(1),     lsort(1),     repo(1),      twhich(1),      pam.conf(4),
       RAND_load_file(3o).

       Also  see the three Linux-PAM Guides, for System administrators, module
       developers, and application developers.



RSUG                             July 31, 2007                      radmind(8)

Man(1) output converted with man2html