i've only been playing with amanda for two days now, so maybe this question shows a lack of understanding of the system. also, i couldn't fine anything in the archives for this list or with google, but i'm not exactly sure how to search for this issue, so a pointer to a previous discussion would be fine.
using .amandahosts as the sole method of authentication seems like a bad idea for a network-listening daemon that will potentially have access to sensitive data on other machines on a given network. that is, if i can pretend to be "amandaserver.foo.com", i get access to a lot of things that i should probably not have access to. it looks like a shared secret can be used for talking to samba shares. can i use something like this for non-samba things? since the transfer is in plain text, this is only slightly better, but it means that i now have to impersonate "amandaserver.foo.com" && sniff network traffic to find the shared secret, which raises the bar a little more. a shared secret that went through, say, an ssh tunnel would be ideal. it looks like i could potentially get amanda to play with kerberos, but this seems a lot of overhead for what looks like basic security to me. i could also set up ipsec, which would be even more work than kerberos. i can think of various other hacks around this problem, but i'm wondering if there's something already built into amanda that i just haven't seen, or something really obvious that i've missed. please cc me on any replies, as i'm not subscribed to this list. thanks, tyler -- "This web page officially no longer exists." --top of http://www.stanford.edu/group/networking/NetConsult/Win95Net/
