Feature Request: Authentication enhancement

Razvan Popovici popovici at rataprod.de
Wed May 5 22:46:19 GMT 2004

 Rsync works great, but for many network administrators it is difficult to
 manage a secondary user database to secure the rsync paths.
 The proposal is to develop an option for the rsync (daemon and client) so
 they can load some "security modules" developed as dynamic libraries. This
 approach would keep the rsync itself  platform independent, while the
 security modules can be very platform dependent, since they would be able
 manage Windows, Radix, ldap or unix password file authentication.
 Actual password-file security system can be re-written as a build-in
 authentication module, of course platform idependent.
 I think this is according to the philosophy of the product, since rsync
 handles with file synchronisation it doesn't need to be also an expert in

 Let's assume that the daemon and the client are running on windows
 It is desired to implement a windows security approach, therefore any user
 that is able to read/write the main directory of the module should be
 allowed to write/read it.
 Server would be started with the projected option
 '--security-module=windows' so it will search for the
 'rsyncwindowsserver.dll' on start.
 On the client side, with the same option, the 'rsyncwindowsclient.dll'
 be loaded. If no username and password is given, the actual security token
 would be sent to the server as authentication, else the user and password
 given in command line. The rsync daemon would call the 'authenticate'
 function from the server DLL and based on the aswer of the function it will
 allow or deny the client access and it would elaborate an welcome/error

 I would be pleased to receive comments, improvements ideas and critics from
 Since I am a programmer, I would be delighted to help writing this feature.


More information about the rsync mailing list