NaviServer Control Port

http://naviserver.sourceforge.net/ns_logobig.gif

MainSource Code Downloads API Documentation Mailing Lists Bugs Developers


Control Port

Realtime control for NaviServer

NaviServer allows you to connect to it via telnet/ssh during runtime. You decide whether to allow a connection only from the local system or also from an external address.

Once connected you are able to issue all kinds of NaviServer and TCL commands.

To enable:

  1. Define an address and port to listen on. For security reasons listening on any port other then 127.0.0.1 is not recommended. This is no disadvantage: You still can connect to a localport via ssh or port forwarding/tunneling.
  2. Decide whether or not you wish to enable features such as password echoing at login time, and command logging.
  3. Add a list of authorized users and passwords.
  4. Make sure the nscp.so module is loaded in the modules section.

The format for the authorized users list is:

   <user>:<encryptedPassword>:

You can use the ns_crypt Tcl command to generate an encrypted password. The ns_crypt command uses the same algorithm as the Unix crypt(3) command. You could also use passwords from the /etc/passwd file.

The first two characters of the password are the salt - they can be anything since the salt is used to simply introduce disorder into the encoding algorithm.

   ns_crypt <key> <salt>
   ns_crypt x t2

The configuration example below adds the user "nsadmin" with a password of "x".

Your config file options

   ns_section "ns/server/${servername}/module/nscp"
   ns_param address 127.0.0.1
   ns_param port 9999
   ns_param echopassword 1
   ns_param cpcmdlogging 1

   ns_section "ns/server/${servername}/module/nscp/users"
   ns_param user "nsadmin:t2GqvvaiIUbF2:"

   ns_section "ns/server/${servername}/modules"
   ns_param nscp ${bindir}/nscp.so