Annotation of embedaddon/mpd/doc/mpd14.html, revision 1.1.1.2

1.1       misho       1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
                      2: <HTML>
                      3: <HEAD>
                      4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
                      5: <TITLE>mpd.secret</TITLE>
                      6: </HEAD>
                      7: <BODY text="#000000" bgcolor="#ffffff">
                      8: 
1.1.1.2 ! misho       9: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1       misho      10:  <b>:</b> <A HREF="mpd9.html"><EM>Running Mpd</EM></A>
                     11:  <b>:</b> <A HREF="mpd11.html"><EM>Configuration file format</EM></A>
                     12:  <b>:</b> <EM><code>mpd.secret</code></EM><BR>
                     13: <b>Previous:</b> <A HREF="mpd13.html"><EM><code>mpd.conf</code></EM></A><BR>
                     14: <b>Next:</b> <A HREF="mpd15.html"><EM><code>mpd.script</code></EM></A>
                     15: 
                     16: 
                     17: <HR NOSHADE>
                     18:   <H2><A NAME="14"></A>3.2.3. <code>mpd.secret</code></H2>
                     19: <p>This file contains login, password pairs, one entry per line.
                     20: Each entry may have an optional third argument, which is
                     21: an IP address with optional netmask width. This is used
                     22: when netgotiating IP addresses with the corresponding peer.
                     23: We restrict the allowable IP addresses we'll assign to the
                     24: peer to lie within the specified range.</p>
                     25: <p>In the example below, we define two ISP accounts that we
                     26: use to connect to the Internet. Also, we have three friends
                     27: who are allowed to connect to us, and we want to restrict
                     28: the IP addresses that we'll let them have. Finally, the last
                     29: user's password is retrieved by an external program.
                     30: <blockquote><code>
                     31: <pre>
                     32: #
                     33: # mpd.secret configuration file
                     34: #
                     35: 
                     36: # my two ISP accounts
                     37: mylogin1    password1
                     38: mylogin2    "Xka \r\n"
                     39: 
                     40: # my three friends
                     41: bob         "akd\"ix23"   192.168.1.100
                     42: jerry       "33dk88kz3"   192.168.1.101
                     43: phil        "w*d9m&amp;_4X"   192.168.1.128/25
                     44: 
                     45: # An external password access program
                     46: gregory     "!/usr/local/etc/mpd/get_passwd.sh"
                     47: </pre>
                     48: </code></blockquote>
                     49: 
                     50: Here <code>bob</code> and <code>jerry</code> must negotiate 
                     51: <code>192.168.1.100</code> and <code>192.168.1.101</code>,
                     52: respectively, while <code>phil</code> can ask for any
                     53: address from <code>192.168.1.128</code> through <code>192.168.1.255</code>.</p>
                     54: <p>The leading ``!'' means that the password for user <code>gregory</code> is not
                     55: stored in the <code>mpd.secret</code> file directly.  Instead, the
                     56: named program is run with the username being authenticated as an
                     57: additional argument (so in this case the command line would be
                     58: ``<code>/usr/local/etc/mpd/get_passwd.sh gregory</code>''). The command string
                     59: may include initial, fixed arguments as well. This program
                     60: should print the plaintext password for the named user as a
                     61: single line to standard output, and then exit.  <code>Mpd</code> will block
                     62: for this operation, so the program should respond and exit quickly.
                     63: If there is an error, the command should print an empty line, or just not
                     64: print anything.</p>
                     65: <p>As a special case, if the username in the <code>mpd.secret</code> file
                     66: is ``*'', then this line must be last as it matches any username.
                     67: Then it is up to the external program to determine whether the
                     68: username is valid. This wildcard matching only works for ``!'' lines.</p>
                     69: <p>The total length of the executed command must be less than 128
                     70: characters.  The program is run as the same user who runs
                     71: <code>mpd</code>, which is usually <code>root</code>, so the usual
                     72: care should be taken with scripts run as root, e.g., make sure the
                     73: script is not world-readable or world-writable.  Standard input and
                     74: standard error are inherited from the parent <code>mpd</code> process.
                     75: Note that any additional arguments will be visible to users on the
                     76: local machine running <code>ps(1)</code>.</p>
                     77:  <HR NOSHADE>
1.1.1.2 ! misho      78: <A HREF="mpd.html"><EM>Mpd 5.7 User Manual</EM></A>
1.1       misho      79:  <b>:</b> <A HREF="mpd9.html"><EM>Running Mpd</EM></A>
                     80:  <b>:</b> <A HREF="mpd11.html"><EM>Configuration file format</EM></A>
                     81:  <b>:</b> <EM><code>mpd.secret</code></EM><BR>
                     82: <b>Previous:</b> <A HREF="mpd13.html"><EM><code>mpd.conf</code></EM></A><BR>
                     83: <b>Next:</b> <A HREF="mpd15.html"><EM><code>mpd.script</code></EM></A>
                     84: 
                     85: 
                     86: 
                     87: </BODY>
                     88: </HTML>

FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>