rsync and kerberos
Bacchella Fabrice
fabrice.bacchella at exalead.com
Mon Aug 25 16:58:38 GMT 2008
Le 22 août 08 à 19:24, Simo Sorce a écrit :
> On Fri, 2008-08-22 at 17:57 +0200, Bacchella Fabrice wrote:
>> I would like to use gssapi authentication in rsync. GSSAPI is the
>> standard way to use kerberos.
>>
>>
>> Any help and advice is welcome.
>
> If you can use ssh then use ssh+GSSAPI auth and you will have to
> change
> nothing.
>
> But kerberizing the protocol itself is a *very* good idea,
> especially if
> you use also use singing and sealing using GSSAPI.
>
> I very much look forward any patch in this area, and I hope other
> rsync
> developers can help you to chape them down so that they can rapidly be
> accepted upstream.
> I'd be happy also to test patches when they are ready if you post them
> somewhere.
>
> Simo.
A first shoot.
This patch only add gssapi authentication, I wanted it to be simple
and fast to code.
I add the following command in the protocol :
GSS <host principal>
to use it juste add :
use gssapi = yes
in your conf
the auth users should be kerberos principal.
configure try to detect gssapi but it can be disabled by --without-
gssapi
This is a first draft. Comments are welcome
There is an added file and a patch, as i'm not very fluent in git. I
don't know how to generate a single diff.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: gss-auth.tar.bz2
Type: application/bzip2
Size: 4944 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20080825/4c9d266a/gss-auth.tar.bin
-------------- next part --------------
I tried it on a gentoo Linux and Solaris 10, it works fine. There is
still a minor glitch in Mac OS 10.5 : it the ticket for the service
(host/fqdn at DOMAIN) don't alreay exist, it's unable to get it. I don't
know why.
More information about the rsync
mailing list