[BACK]Return to mpd14.html CVS log [TXT] [DIR] Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc
File:  [ELWIX - Embedded LightWeight unIX -] / embedaddon / mpd / doc / mpd14.html
Revision 1.1.1.4 (vendor branch): download - view: text, annotated - select for diffs - revision graph
Wed Mar 17 00:39:23 2021 UTC (3 years, 3 months ago) by misho
Branches: mpd, MAIN
CVS tags: v5_9p16, v5_9, HEAD
mpd 5.9

    1: <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
    2: <HTML>
    3: <HEAD>
    4: <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    5: <TITLE>mpd.secret</TITLE>
    6: </HEAD>
    7: <BODY text="#000000" bgcolor="#ffffff">
    8: 
    9: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
   10:  <b>:</b> <A HREF="mpd9.html"><EM>Running Mpd</EM></A>
   11:  <b>:</b> <A HREF="mpd11.html"><EM>Configuration file format</EM></A>
   12:  <b>:</b> <EM><code>mpd.secret</code></EM><BR>
   13: <b>Previous:</b> <A HREF="mpd13.html"><EM><code>mpd.conf</code></EM></A><BR>
   14: <b>Next:</b> <A HREF="mpd15.html"><EM><code>mpd.script</code></EM></A>
   15: 
   16: 
   17: <HR NOSHADE>
   18:   <H2><A NAME="14"></A>3.2.3. <code>mpd.secret</code></H2>
   19: <p>This file contains login, password pairs, one entry per line.
   20: Each entry may have an optional third argument, which is
   21: an IP address with optional netmask width. This is used
   22: when negotiating IP addresses with the corresponding peer.
   23: We restrict the allowable IP addresses we'll assign to the
   24: peer to lie within the specified range.</p>
   25: <p>In the example below, we define two ISP accounts that we
   26: use to connect to the Internet. Also, we have three friends
   27: who are allowed to connect to us, and we want to restrict
   28: the IP addresses that we'll let them have. Finally, the last
   29: user's password is retrieved by an external program.
   30: <blockquote><code>
   31: <pre>
   32: #
   33: # mpd.secret configuration file
   34: #
   35: 
   36: # my two ISP accounts
   37: mylogin1    password1
   38: mylogin2    "Xka \r\n"
   39: 
   40: # my three friends
   41: bob         "akd\"ix23"   192.168.1.100
   42: jerry       "33dk88kz3"   192.168.1.101
   43: phil        "w*d9m&amp;_4X"   192.168.1.128/25
   44: 
   45: # An external password access program
   46: gregory     "!/usr/local/etc/mpd/get_passwd.sh"
   47: </pre>
   48: </code></blockquote>
   49: 
   50: Here <code>bob</code> and <code>jerry</code> must negotiate 
   51: <code>192.168.1.100</code> and <code>192.168.1.101</code>,
   52: respectively, while <code>phil</code> can ask for any
   53: address from <code>192.168.1.128</code> through <code>192.168.1.255</code>.</p>
   54: <p>The leading ``!'' means that the password for user <code>gregory</code> is not
   55: stored in the <code>mpd.secret</code> file directly.  Instead, the
   56: named program is run with the username being authenticated as an
   57: additional argument (so in this case the command line would be
   58: ``<code>/usr/local/etc/mpd/get_passwd.sh gregory</code>''). The command string
   59: may include initial, fixed arguments as well. This program
   60: should print the plaintext password for the named user as a
   61: single line to standard output, and then exit.  <code>Mpd</code> will block
   62: for this operation, so the program should respond and exit quickly.
   63: If there is an error, the command should print an empty line, or just not
   64: print anything.</p>
   65: <p>As a special case, if the username in the <code>mpd.secret</code> file
   66: is ``*'', then this line must be last as it matches any username.
   67: Then it is up to the external program to determine whether the
   68: username is valid. This wildcard matching only works for ``!'' lines.</p>
   69: <p>The total length of the executed command must be less than 128
   70: characters.  The program is run as the same user who runs
   71: <code>mpd</code>, which is usually <code>root</code>, so the usual
   72: care should be taken with scripts run as root, e.g., make sure the
   73: script is not world-readable or world-writable.  Standard input and
   74: standard error are inherited from the parent <code>mpd</code> process.
   75: Note that any additional arguments will be visible to users on the
   76: local machine running <code>ps(1)</code>.</p>
   77:  <HR NOSHADE>
   78: <A HREF="mpd.html"><EM>Mpd 5.9 User Manual</EM></A>
   79:  <b>:</b> <A HREF="mpd9.html"><EM>Running Mpd</EM></A>
   80:  <b>:</b> <A HREF="mpd11.html"><EM>Configuration file format</EM></A>
   81:  <b>:</b> <EM><code>mpd.secret</code></EM><BR>
   82: <b>Previous:</b> <A HREF="mpd13.html"><EM><code>mpd.conf</code></EM></A><BR>
   83: <b>Next:</b> <A HREF="mpd15.html"><EM><code>mpd.script</code></EM></A>
   84: 
   85: 
   86: 
   87: </BODY>
   88: </HTML>
FreeBSD-CVSweb <freebsd-cvsweb@FreeBSD.org>