Le 22 août 08 à 19:24, Simo Sorce a écrit :
On Fri, 2008-08-22 at 17:57 +0200, Bacchella Fabrice wrote:I would like to use gssapi authentication in rsync. GSSAPI is the standard way to use kerberos.
Any help and advice is welcome.If you can use ssh then use ssh+GSSAPI auth and you will have to changenothing.But kerberizing the protocol itself is a *very* good idea, especially ifyou use also use singing and sealing using GSSAPI.I very much look forward any patch in this area, and I hope other rsyncdevelopers can help you to chape them down so that they can rapidly be accepted upstream. I'd be happy also to test patches when they are ready if you post them somewhere. Simo.
A first shoot.This patch only add gssapi authentication, I wanted it to be simple and fast to code.
I add the following command in the protocol :
GSS <host principal>
to use it juste add :
use gssapi = yes
in your conf
the auth users should be kerberos principal.
configure try to detect gssapi but it can be disabled by --without-
gssapi
This is a first draft. Comments are welcomeThere is an added file and a patch, as i'm not very fluent in git. I don't know how to generate a single diff.
gss-auth.tar.bz2
Description: application/bzip2
I tried it on a gentoo Linux and Solaris 10, it works fine. There is still a minor glitch in Mac OS 10.5 : it the ticket for the service (host/[EMAIL PROTECTED]) don't alreay exist, it's unable to get it. I don't know why.
-- Please use reply-all for most replies to avoid omitting the mailing list. To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html
