rsyncd users/passwords in a database (mysql, postgresql)?
Wayne Davison
wayned at samba.org
Sat May 29 12:34:56 MDT 2010
On Sat, May 29, 2010 at 10:49 AM, Tomasz Chmielewski <mangoo at wpkg.org>wrote:
> Still, if I understand correctly, I would need plain text passwords in the
> database?
>
> I.e. I wouldn't be able to use a md5 / sha password from some other user
> auth system without changing rsync protocol?
Right. It should be possible to isolate the password onto the db box (i.e.
never send the pass to the server running the rsync daemon) if you replaced
the function-pair get_secret() and generate_hash() in rsync with a db query
that used a sql function on the db server to run those steps (it would
receive a module, a user, and a challenge string, and would return a hash).
If your db could be configured to never return the password secret via
select while still allowing the auth function to access it, that would at
least isolate the password onto a more secure box. But, of course, the
password would still have to be there.
If you want to actually not have the password anywhere on any server, we'd
need to change the auth method (as you suspected). It would be nice to add
something like that as an option to rsync that a daemon could be configured
to use. If anyone has a suggested auth method, let me know.
..wayne..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20100529/f5792c60/attachment.html>
More information about the rsync
mailing list