I noticed amanda supports Kerberos authentication I suspect that you noticed that amanda says it supports Kerberos authentication. The kerberos support is significantly broken in the released bits. When fixed, it supports encrypting the backup streams between the client and server; cleartext bits go onto the tape.
Using TLS is not as straightforward as it might seem, because it is still necessary to authenticate the backup request from the server to the client, and to authenticate the server to the client so that the bits are sent only to the correct server. That said, using TLS with no authentication can be helpful against passive eavesdropping. There is another notion, which is quite separate, of encrypting the backup files themselves. They are then transferred over the network (with encryption or not) and placed, still encrypted, on the tapes. This has benefits of keeping plaintext off the tapes, but makes restoring harder. With such a scheme, you may not feel the need to encrypt the client-server connection. See http://security.uchicago.edu/tools/gpg-amanda/ for information about this option. Still, one probably wishes to ensure that only the authorized backup server can request dumps, or at least that all dumps be processed by gpg. Otherwise, a malicious host claiming to be the server could request a dump without gpg treatment (e.g. by not using the client-compress option, omitting the call to the special gzip script which calls gpg). Greg Troxel <[EMAIL PROTECTED]>
