rsync and kerberos

Bacchella Fabrice fabrice.bacchella at
Fri Aug 22 15:57:51 GMT 2008

I would like to use gssapi authentication in rsync. GSSAPI is the  
standard way to use kerberos.

My idea is not too have a full pam implementation, juste a different  
way to authenticate users than the secret file and md4 challenge.

I made a little experiment and it worked well.

What I've done is changing the challenge command. Instead of sending  
@RSYNCD: AUTHREQD <challenge>, it just send "@RSYNCD: GSSAPI. Then  
gssapi bytes are exchanged and the user principal is returned instead  
of the rsync login. So the changes are small.

Before submiting a full patch, I seek advice, do you think it's a good  
way to do that ? Some configuration files needes to be changed, the  
protocol must be changed, is there some best practice about that ?

Any help and advice is welcome.

More information about the rsync mailing list