Will rsync adopt Kerberos integration?

Rob Straughan email at robertstraughan.co.uk
Mon Mar 9 08:00:53 MDT 2015


Will rsync adopt Kerberos/GSSAPI integration?  It would be really good 
if we could establish password-less connections that adhere to user 

I am aware there is a patched version of rsync for this purpose, but it 
seems to run a few versions behind the main releases.  Are there any 
plans to incorporate the work done there into the main release? (see 
http://jrds.fr/rsynck for patch)

At the moment, I am using the following script as a cron job:


kinit -k -t /etc/rsync.keytab $1
rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -p $2 -T -c 
arcfour -o Compression=no -x" $3 $1@$4

Where a command might look like:

sudo ./myscript <principal> <port> <source> <host at destination>

This works for the purposes of creating a Kerberized connection over 
which the backup can take place, and will adhere to all user access 
controls.  The downsides are that the tunnel is encrypted and is slow 
(terrabytes over gigabit ethernet takes a while), and also requires that 
the principal's posixAccount have a valid homeDirectory and loginShell 
to establish the ssh tunnel rather than being a non-interactive service 

It would be really good if we could use the rsync + rsyncd approach with 
a connection that can pass user credentials through using an established 
central security infrastructure.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.samba.org/pipermail/rsync/attachments/20150309/ddb14ef6/attachment.html>

More information about the rsync mailing list