Can a rsync server use MySQL for authentication
Daniel Maher
dma+rsynclist at witbe.net
Thu Mar 13 13:51:57 GMT 2008
On Thu, 13 Mar 2008 04:23:15 -0800 Robert Fargher <fargher at gmail.com>
wrote:
> >
> >Sounds like a job for PAM.
> >
> >http://www.google.com/search?q=linux+PAM
> >
> >:)
>
> No, specifically not. We are already using MySQL to authenticate
> secure FTP, using ProFTPDd. What I'd like to do is to use the *same*
> MySQL database/tables to authenticate secure rsync. If rsync can't
> do it, that's fine, I just won't offer rsync as a service.
>
> PAM, as I understand it, requires a user account on the system.
> This is specifically what we don't want. All remote ftp/rsync user
> info is to be completely contained within the MySQL database
Actually, PAM /doesn't/ require user accounts on the system. From the
PAM docs :
Q1: What exactly is PAM?
Basically, it is a flexible mechanism for authenticating users.
...
PAM provides a way to develop programs that are independent of
authentication scheme.
In my environment, for example, when a user logs into a machine via
SSH, PAM sends the request off to our Kerberos server (which handles
the authentication challenge, of course), which if successful, then
queries an LDAP server for the users' profile information. There are
absolutely no user entries in /etc/passwd at all.
I suppose that you're using a ProFTPd-specific manner of interacting
with MySQL. This is, of course, completely valid - but you end up
locking yourself into a solution which is clearly not as extensible as
you'd like.
Instead, you may wish to consider housing your "generic" authentication
data in a MySQL backend which PAM challenges at a system level. In
this way, any application or service which wants to verify a user can
simply query the system and obtain a result - be it ProFTPd, Rsync, or
something else entirely. By abstracting the authentication mechanism,
you no longer have to worry about whether your particular application
"supports" your desired backend.
--
Daniel Maher <dma AT witbe.net>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.samba.org/archive/rsync/attachments/20080313/a4540749/signature.bin
More information about the rsync
mailing list