Dynamic address problem
tim.conway at philips.com
tim.conway at philips.com
Mon Apr 29 09:13:02 EST 2002
Not every module as such, but every rsyncd user (these are independent of
unix UID) has a seperately defined password, and furthermore, each module
can specify its own list of authorized rsyncd users, as well as its own
secrets file, so you can effectively accomplish what you want. To make it
easier to keep track, i'd suggest one big secrets file, containing module
names and passwords, and for each module, make auth users = module name,
so you users will then use
modulename at server::modulename and either --password-file= or set
RSYNC_PASSWORD appropriately. Of course, it would probably be easier for
all concerned to use a single secrets file with entries for each user you
want to let in, then control each modules access by the auth users list.
Tim Conway
tim.conway at philips.com
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
".\n" '
"There are some who call me.... Tim?"
Matthew Simpson <msimpson at market-research.com>
Sent by: rsync-admin at lists.samba.org
04/28/2002 05:05 AM
To: Tim Conway/LMT/SC/PHILIPS at AMEC
cc: rsync at lists.samba.org
Subject: Re: Dynamic address problem
Classification:
Hi Tim
Sounds good, What would the best way to do this be? Can each module
in the rsync.conf file have a different password? I noticed the
--password-file directive for the client side, but how do I set the
client side to ask for a password?
Matt
>How about switching to password authentication? Makes you spoof-proof.
>Anybody who can sniff your network to get the plaintext can probably
spoof
>your IP anyway, so you lose no security(probably gain a bit), and this
>doesn't have to wait for dns registration to propogate.
>
>Tim Conway
>tim.conway at philips.com
>303.682.4917
>Philips Semiconductor - Longmont TC
>1880 Industrial Circle, Suite D
>Longmont, CO 80501
>Available via SameTime Connect within Philips, n9hmg on AIM
>perl -e 'print pack(nnnnnnnnnnnn,
>19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970),
>".\n" '
>"There are some who call me.... Tim?"
>
>
>
>
>Michael Zimmermann <zim at vegaa.de>
>Sent by: rsync-admin at lists.samba.org
>04/24/2002 02:13 AM
>
>
> To: Matthew Simpson <msimpson at market-research.com>
>rsync at lists.samba.org
> cc: (bcc: Tim Conway/LMT/SC/PHILIPS)
> Subject: Re: Dynamic address problem
> Classification:
>
>
>
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>At Wednesday 24 April 2002 08:19 Matthew Simpson wrote:
>> We have clients which dynamic IPs which we have setup with
>> <host>.dyndns.org addresses. We have added these to the rsync.conf
>> 'hosts allow=" but they are being denied access..
>
>
>I assume that this could be DNS-update (resp. -actuality) Problem.
>Are you sure, that at the moment rsync is called, the server's
>DNS-resolver delivers the correct IP?
>
>
>Greetings
>- --
>Michael Zimmermann (Vegaa Safety and Security for Internet Services)
><zim at vegaa.de> phone +49 89 6283 7632 hotline +49 163 823 1195
>Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
>-----BEGIN PGP SIGNATURE-----
>Version: GnuPG v1.0.6 (GNU/Linux)
>Comment: For info see http://www.gnupg.org
>
>iD8DBQE8xmku72vu22ltWBERAs8nAJ9e/d6YKhN2C6dS9gEUb3vTf0Qy+ACfScnQ
>oFtr/HHD33pKfl1pp6LtvDY=
>=CP1w
>-----END PGP SIGNATURE-----
>
>
>
>
>--
>To unsubscribe or change options:
>http://lists.samba.org/mailman/listinfo/rsync
>Before posting, read:
http://www.tuxedo.org/~esr/faqs/smart-questions.html
--
To unsubscribe or change options:
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
More information about the rsync
mailing list