rsync and kerberos
fabrice.bacchella at exalead.com
Fri Aug 22 15:57:51 GMT 2008
I would like to use gssapi authentication in rsync. GSSAPI is the
standard way to use kerberos.
My idea is not too have a full pam implementation, juste a different
way to authenticate users than the secret file and md4 challenge.
I made a little experiment and it worked well.
What I've done is changing the challenge command. Instead of sending
@RSYNCD: AUTHREQD <challenge>, it just send "@RSYNCD: GSSAPI. Then
gssapi bytes are exchanged and the user principal is returned instead
of the rsync login. So the changes are small.
Before submiting a full patch, I seek advice, do you think it's a good
way to do that ? Some configuration files needes to be changed, the
protocol must be changed, is there some best practice about that ?
Any help and advice is welcome.
More information about the rsync