Dynamic address problem
tim.conway at philips.com
tim.conway at philips.com
Thu May 2 09:09:01 EST 2002
close on the rsyncd.conf: secrets file is module, not global, so you'll
need to name the secrets file for each user.
secrets file format is not user at domain:password. It knows nor cares who
it really is or where it comes from.
See rsyncd.conf:5 contains a wealth of just such information. In my
application, I don't use authentication. In response to your question, I
read the man page and found the answers. It took remarkably little time.
Tim Conway
tim.conway at philips.com
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn,
".\n" '
"There are some who call me.... Tim?"
Matthew Simpson <msimpson at market-research.com>
Sent by: rsync-admin at lists.samba.org
04/30/2002 09:26 PM
cc: rsync at lists.samba.org
Subject: Re: Dynamic address problem
Hi Tim,
Just so I get this right....
In the /etc/rsyncd.conf on the server end I'll put:
uid = matt
gid = matt
#auth users = yes
secrets file = /etc/rsyncd.secrets
auth users = apps
read only=false
auth users = projects
read only=true
Format of /etc/rsyncd.secrets:
triton at host.dyndns.org:abcd
triton at host.dyndns.org:abcd
chmod 600 /etc/rsyncd.secrets
On the client side:
Under unix uid: simpson
rsync -options --password-file=~.rsyncpw apps at host.dyndns.org::apps
rsync -options --password-file=~.rsyncpw
projects at host.dyndns.org::projects /home/projects
or in ~simpson/.bash_profile: export RSYNC_PASSWORD=abcd
Will this work?
>Not every module as such, but every rsyncd user (these are independent of
>unix UID) has a seperately defined password, and furthermore, each module
>can specify its own list of authorized rsyncd users, as well as its own
>secrets file, so you can effectively accomplish what you want. To make
>easier to keep track, i'd suggest one big secrets file, containing module
>names and passwords, and for each module, make auth users = module name,
>so you users will then use
>modulename at server::modulename and either --password-file= or set
>RSYNC_PASSWORD appropriately. Of course, it would probably be easier for
>all concerned to use a single secrets file with entries for each user you
>want to let in, then control each modules access by the auth users list.
>Tim Conway
>tim.conway at philips.com
>Philips Semiconductor - Longmont TC
>1880 Industrial Circle, Suite D
>Longmont, CO 80501
>Available via SameTime Connect within Philips, n9hmg on AIM
>perl -e 'print pack(nnnnnnnnnnnn,
>".\n" '
>"There are some who call me.... Tim?"
>Matthew Simpson <msimpson at market-research.com>
>Sent by: rsync-admin at lists.samba.org
>04/28/2002 05:05 AM
> To: Tim Conway/LMT/SC/PHILIPS at AMEC
> cc: rsync at lists.samba.org
> Subject: Re: Dynamic address problem
> Classification:
>Hi Tim
>Sounds good, What would the best way to do this be? Can each module
>in the rsync.conf file have a different password? I noticed the
>--password-file directive for the client side, but how do I set the
>client side to ask for a password?
>>How about switching to password authentication? Makes you spoof-proof.
>>Anybody who can sniff your network to get the plaintext can probably
>>your IP anyway, so you lose no security(probably gain a bit), and this
>>doesn't have to wait for dns registration to propogate.
>>Tim Conway
>>tim.conway at philips.com
>>Philips Semiconductor - Longmont TC
>>1880 Industrial Circle, Suite D
>>Longmont, CO 80501
>>Available via SameTime Connect within Philips, n9hmg on AIM
>>perl -e 'print pack(nnnnnnnnnnnn,
>>".\n" '
>>"There are some who call me.... Tim?"
>>Michael Zimmermann <zim at vegaa.de>
>>Sent by: rsync-admin at lists.samba.org
>>04/24/2002 02:13 AM
>> To: Matthew Simpson <msimpson at market-research.com>
>>rsync at lists.samba.org
>> cc: (bcc: Tim Conway/LMT/SC/PHILIPS)
>> Subject: Re: Dynamic address problem
>> Classification:
>>Hash: SHA1
>>At Wednesday 24 April 2002 08:19 Matthew Simpson wrote:
>>> We have clients which dynamic IPs which we have setup with
>>> <host>.dyndns.org addresses. We have added these to the rsync.conf
>>> 'hosts allow=" but they are being denied access..
>>I assume that this could be DNS-update (resp. -actuality) Problem.
>>Are you sure, that at the moment rsync is called, the server's
>>DNS-resolver delivers the correct IP?
>>- --
>>Michael Zimmermann (Vegaa Safety and Security for Internet Services)
> ><zim at vegaa.de> phone +49 89 6283 7632 hotline +49 163 823 1195
>>Key fingerprint = 1E47 7B99 A9D3 698D 7E35 9BB5 EF6B EEDB 696D 5811
>>Version: GnuPG v1.0.6 (GNU/Linux)
>>Comment: For info see http://www.gnupg.org
>>To unsubscribe or change options:
>>Before posting, read:
>To unsubscribe or change options:
>Before posting, read:
>To unsubscribe or change options:
>Before posting, read:
To unsubscribe or change options:
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html
More information about the rsync
mailing list