Maintenance Commands SOCKD(1m) NAME sockd - Network SOCKS server SYNOPSIS sockd [-DLVdhnv] [-N number] [-f file] DESCRIPTION Dante implements the socks standard and can function as a firewall between networks. Dante relays TCP and UDP both from outside the network and in, and from inside and out. Dante server can be administered using the default SMF ser- vice. For dante server to start successfully, the server configuration file must be populated with atleast the neces- sary information (e.g. the network device with which dante server would operate). If the server configuration file is not updated, then the SMF service goes into maintainance mode when enabled. Dante SOCKS implementation is delivered as part of following 3 packages: SUNWlibsocks Dante Client libraries SUNWdanter Dante Server (Root) SUNWdanteu Dante Server (User) The SUNWdanter package also installs the following SMF files to facilitate service management (refer to smf(5) and the SMF section below): The options are as follows: -D Dante will detach from the controlling terminal and run in the background as a system daemon. The default SMF service uses this option to start the dante server. -L Displays the license Dante comes under. -Nnumber Dante will fork of number copies of itself when starting. Can be used for very busy servers. -V Verifies config file and exits. -d Enables debugging. -ffile Dante will read its configuration from file. -h Shows the currently valid options. -n Disables TCP keep-alive messages. Normally Dante enables TCP keep-alive messages so that connec- tions from machines that have crashed or for other reasons no longer can be reached time out. -v Displays Dante version. ENVIRONMENT TMPDIR Use TMPDIR for temporary files. Since Dante uses lock- files it is recommended that TMPDIR be set to a (local) filesystem with low latency. SOCKS_USERNAME The socks username used for authentication. SOCKS_PASSWORD Password used for authentication with SOCKS_USERNAME FILES /etc/sockd.conf Dante server configuration file. SECURITY sockd, or the dante SOCKS server, supports following user authentication mechanisms provided by Solaris, username, rfc, pam(3PAM) The server configuration file defines two variables as, user.privileged and user.notprivileged. These 2 variables can have a list of userids separated by comma. The server implementation calls seteuid function to switch between privileged and notprivileged users. Upon start, the server switches the effective id from the user who started the server to the specified user.notprivileged. Later, for all the privileged operations (e.g. PAM authentication), the server sets the effective user ID from user.notprivileged to specified user.privileged by calling seteuid function. For sockd user authentication type, pam; the required PAM servicename is sockd. The default PAM service stack to be defined in /etc/pam.conf is as below, sockd auth requisite pam_authtok_get.so.1 sockd auth required pam_dhkeys.so.1 sockd auth required pam_unix_cred.so.1 sockd auth required pam_unix_auth.so.1 AUTHORS For Inferno Nettverk A/S, Norway: Michael Shuldman : Design and implementa- tion. Karl-Andre' Skevik : Autoconf and porting. SEE ALSO sockd.conf(4), socksify(1), socks.conf(4) Information about new releases and other related issues can be found on the Dante WWW home page at http://www.inet.no/dante. BUGS See the accompanying BUGS file. New ones should be reported to dante-bugs@inet.no. SunOS 5.10 Last change: Nov 28, 2008 3