Section: Pure-FTPd (8)
pure-certd - TLS certificate agent for Pure-FTPd.
pure-certd [-p </path/to/pidfile>] [-u uid] [-g gid] [-B] <-s /path/to/socket> -r /program/to/run
pure-certd is a daemon that forks an authentication program, waits for a certificate path as a reply, and returns it to an application server.
pure-certd listens to a local Unix socket. A new connection to that socket should send pure-authd the following structure:
These content is passed to the authentication program, as an environment variable:
The authentication program should take appropriate actions to select a TLS certificate, and reply to the standard output with the following format:
Absolute path to the certificate in PEM format.
This is optional, as a certificate and its key can be concatenated in the same file.
If action is "deny", a certificate for that name was not found and access is denied.
If xxx is "default", the default certificate will be used.
If xxx is "strict", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, access will be denied.
If xxx is "fallback", the certificate whose path is indicated in "cert_path" will be used. If absent or invalid, the default certificate will be used instead.
The system uid to be assigned to that user. Must be > 0.
The primary system gid. Must be > 0.
The absolute path to the home directory. Can contain /./ for a chroot jail.
Only one authentication program is forked at a time. It must return quickly.
- -u <uid>
Have the daemon run with that uid.
- -g <gid>
Have the daemon run with that gid.
Fork in background (daemonization).
- -s </path/to/socket>
Set the full path to the local Unix socket.
- -r </path/to/program>
Set the full path to the authentication program.
Output help information and exit.
To run this program the standard way type:
pure-certd -s /var/run/certd.sock -r /usr/bin/my-cert-program &
pure-ftpd -lextauth:/var/run/certd.sock &
- /usr/bin/my-cert-program can be as simple as:
Frank DENIS <j at pureftpd dot org>