Password Authentication

tim.conway at philips.com tim.conway at philips.com
Mon May 13 10:23:02 EST 2002 

rsync has already explained it to you, in the error message.
both the list of usernames and passwords for everybody, and your file 
containing the password you want to use, are world-readable.  The 
rsync.secrets file should be readable only by root, and the .rsyncpw file 
should be readable only by simpson.
This is all well documented:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
SunOS 5.7           Last change: 25 Jan 2002                   18

User Commands                                            rsync(1)


     --password-file
          This option allows you to provide a password in a  file
          for  accessing  a  remote  rsync server. Note that this
          option is only useful when  accessing  a  rsync  server
          using  the  built in transport, not when using a remote
          shell as the transport. The  file  must  not  be  world
          readable. It should contain just the password as a sin-
          gle line. 
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
   secrets file
          The "secrets file" option specifies the name of a  file
          that  contains  the  username:password  pairs  used for
          authenticating this module. This file is only consulted
          if  the  "auth  users" option is specified. The file is
          line  based  and   contains   username:password   pairs
          separated  by  a single colon. Any line starting with a
          hash (#) is considered a comment and  is  skipped.  The
          passwords can contain any characters but be warned that
          many operating systems limit the  length  of  passwords
          that  can  be  typed at the client end, so you may find
          that passwords longer than 8 characters don't work.

          There is no default for the "secrets file" option,  you
          must  choose a name (such as /etc/rsyncd.secrets).  The
          file must normally not  be  readable  by  "other";  see
          "strict modes".

SunOS 5.7           Last change: 12 Feb 1999                    6

Headers, Environments, and Macros                  rsyncd.conf(5)


     strict modes
          The "strict modes" option determines whether or not the
          permissions  on  the  secrets file will be checked.  If
          "strict modes" is true, then the secrets file must  not
          be  readable by any user id other than the one that the
          rsync daemon is running under.  If  "strict  modes"  is
          false,  the  check  is  not  performed.  The default is
          true.  This option was added to accommodate rsync  run-
          ning on the Windows operating system.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
chmod 600 /etc/rsyncd.secrets
chmod 600 .rsyncpw

Tim Conway
tim.conway at philips.com
303.682.4917
Philips Semiconductor - Longmont TC
1880 Industrial Circle, Suite D
Longmont, CO 80501
Available via SameTime Connect within Philips, n9hmg on AIM
perl -e 'print pack(nnnnnnnnnnnn, 
19061,29556,8289,28271,29800,25970,8304,25970,27680,26721,25451,25970), 
".\n" '
"There are some who call me.... Tim?"




Matthew Simpson <msimpson at market-research.com>
Sent by: rsync-admin at lists.samba.org
05/08/2002 05:38 PM

 
        To:     Tim Conway/LMT/SC/PHILIPS at AMEC
        cc:     rsync at lists.samba.org
        Subject:        Password Authentication
        Classification: 



Hi Tim,

I have setup rsync as you suggestion for password authentication but 
I get auth failed on module, see below.

$ rsync -vrtuz  --password-file=~.rsyncpw --delete 
projects at host.dyndns.org::projects /home/projects/

password file must not be other-accessible
continuing without password file
Password:
@ERROR: auth failed on module projects

/home/simpson/.rsyncpw
-rw-rw-r--    1 simpson simpson 8 Apr 29 22:51 .rsyncpw

On the server side:
/etc/rsyncd.conf
uid = matt
gid = matt
[projects]
auth users = projects
secrets file = /etc/rsyncd.secrets
path=/home/projects
read only=false

/etc/rsyncd.secrets
projects:abcd
-rw-r--r--    1 root     root           29 May  8 16:27 
/etc/rsyncd.secrets

Thanks for your help. Any clues?

Matt

>close on the rsyncd.conf:  secrets file is  module, not global, so you'll
>need to name the secrets file for each user.
>secrets file format is not user at domain:password.  It knows nor cares who
>it really is or where it comes from.
>apps:appspassword
>userforprojects:userforprojectspassword
>
>See rsyncd.conf:5 contains a wealth of just such information.  In my
>application, I don't use authentication.  In response to your question, I
>read the man page and found the answers.  It took remarkably little time.

-- 
To unsubscribe or change options: 
http://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.tuxedo.org/~esr/faqs/smart-questions.html

More information about the rsync mailing list