Will rsync adopt Kerberos integration?

[Rob Straughan]

Hi,

Will rsync adopt Kerberos/GSSAPI integration?  It would be really good 
if we could establish password-less connections that adhere to user 
permissions.

I am aware there is a patched version of rsync for this purpose, but it 
seems to run a few versions behind the main releases.  Are there any 
plans to incorporate the work done there into the main release? (see 
http://jrds.fr/rsynck for patch)

At the moment, I am using the following script as a cron job:

-- 
#!/bin/bash

kinit -k -t /etc/rsync.keytab $1
rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -p $2 -T -c 
arcfour -o Compression=no -x" $3 $1@$4
kdestroy
-- 

Where a command might look like:

sudo ./myscript <principal> <port> <source> <host at destination>

This works for the purposes of creating a Kerberized connection over 
which the backup can take place, and will adhere to all user access 
controls.  The downsides are that the tunnel is encrypted and is slow 
(terrabytes over gigabit ethernet takes a while), and also requires that 
the principal's posixAccount have a valid homeDirectory and loginShell 
to establish the ssh tunnel rather than being a non-interactive service 
account.

It would be really good if we could use the rsync + rsyncd approach with 
a connection that can pass user credentials through using an established 
central security infrastructure.

Regards,
Rob.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20150309/ddb14ef6/attachment.html>