I juste posted my patch against the last release, with a mini HOWTO
here :
http://devel.asyd.net/xwiki/bin/view/krsync/
Le 31 août 08 à 15:46, Simo Sorce a écrit :
On Sat, 2008-08-30 at 17:09 +0200, Bacchella Fabrice wrote:
Yes, I do totally agree. But the keytab is a pure kerberos thing
... they all use their own service principal.
Simo.
On Sat, 2008-08-30 at 05:29 +0200, Bacchella Fabrice wrote:
Indeed. Thanks for the type about git.
The diffs against 3.0.3 git :
Le 30 août 08 à 01:02, Matt McCutchen a écrit :
On Fri, 2008-08-29 at 18:50 +0200, Bacchella Fabrice wrote:
Still
Le 30 août 08 à 16:33, Simo Sorce a écrit :
If the permissions on the file is strict and allow access only to the
respective http and ftp user it means that compromise of one service
does not allow to get access to the keytab of another service.
Ok, that's me point I missed about that the
Still working on my gss patch.
Here a more polished patch against rsync-3.0.3. It should work out of
the box.
I tested it on Solaris 10 x86 (64 bits compilation), Mac OS 10.5 (32
but not 64 bits), Linux (Gentoo with MIT Kerberos 64 bits).
To use it :
add this to your module configuration
Indeed. Thanks for the type about git.
The diffs against 3.0.3 git :
rsync-3.0.3.diff.bz2
Description: application/bzip2
rsync-git.diff.bz2
Description: application/bzip2
Le 30 août 08 à 01:02, Matt McCutchen a écrit :
On Fri, 2008-08-29 at 18:50 +0200, Bacchella Fabrice wrote
Le 26 août 08 à 04:03, Wayne Davison a écrit :
On Mon, Aug 25, 2008 at 06:58:38PM +0200, Bacchella Fabrice wrote:
This patch only add gssapi authentication, I wanted it to be simple
and
fast to code.
Thanks! I've saved it off and will give it a look soon.
Please fell free to send back
Le 22 août 08 à 19:24, Simo Sorce a écrit :
On Fri, 2008-08-22 at 17:57 +0200, Bacchella Fabrice wrote:
I would like to use gssapi authentication in rsync. GSSAPI is the
standard way to use kerberos.
Any help and advice is welcome.
If you can use ssh then use ssh+GSSAPI auth and you
I would like to use gssapi authentication in rsync. GSSAPI is the
standard way to use kerberos.
My idea is not too have a full pam implementation, juste a different
way to authenticate users than the secret file and md4 challenge.
I made a little experiment and it worked well.
What I've
Le 22 août 08 à 19:24, Simo Sorce a écrit :
If you can use ssh then use ssh+GSSAPI auth and you will have to
change
nothing.
I'm already using that solution. But the cost in performance is very
high, more than just the CPU needed to encrypt and decrypt.--
Please use reply-all for most