Will rsync adopt Kerberos integration?
Rob Straughan
email at robertstraughan.co.uk
Mon Mar 9 08:00:53 MDT 2015
Hi,
Will rsync adopt Kerberos/GSSAPI integration? It would be really good
if we could establish password-less connections that adhere to user
permissions.
I am aware there is a patched version of rsync for this purpose, but it
seems to run a few versions behind the main releases. Are there any
plans to incorporate the work done there into the main release? (see
http://jrds.fr/rsynck for patch)
At the moment, I am using the following script as a cron job:
--
#!/bin/bash
kinit -k -t /etc/rsync.keytab $1
rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -p $2 -T -c
arcfour -o Compression=no -x" $3 $1@$4
kdestroy
--
Where a command might look like:
sudo ./myscript <principal> <port> <source> <host at destination>
This works for the purposes of creating a Kerberized connection over
which the backup can take place, and will adhere to all user access
controls. The downsides are that the tunnel is encrypted and is slow
(terrabytes over gigabit ethernet takes a while), and also requires that
the principal's posixAccount have a valid homeDirectory and loginShell
to establish the ssh tunnel rather than being a non-interactive service
account.
It would be really good if we could use the rsync + rsyncd approach with
a connection that can pass user credentials through using an established
central security infrastructure.
Regards,
Rob.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20150309/ddb14ef6/attachment.html>
More information about the rsync
mailing list