Re: --execute option

2001-02-13 Thread Dave Dykstra
On Tue, Feb 13, 2001 at 12:45:34PM -0500, Wrieth, Henry wrote: > > In general I think the rsync daemon was designed to > > be a read-only server with a small amount of support > > for uploading, and if complex uploading and > > authentication is needed then there are other tools > > that can s

RE: --execute option

2001-02-13 Thread Wrieth, Henry
riginal Message- From: Dave Dykstra [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 13, 2001 12:37 PM To: Wrieth, Henry Cc: '[EMAIL PROTECTED]' Subject: Re: --execute option On Tue, Feb 13, 2001 at 12:11:17PM -0500, Wrieth, Henry wrote: > Dave, Thanks for your comments. Unfo

Re: --execute option

2001-02-13 Thread Dave Dykstra
On Tue, Feb 13, 2001 at 12:11:17PM -0500, Wrieth, Henry wrote: > Dave, Thanks for your comments. Unfortunately, rsh is not an option, thus > my desire for --execute. Rsh is not allowed through my firewalls into the > dmz's where many of my targets live. A dist daemon in the dmz, reachable by >

RE: --execute option

2001-02-13 Thread Wrieth, Henry
ng it in the rsync daemon. --Henry -Original Message- From: Dave Dykstra [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 13, 2001 10:38 AM To: Wrieth, Henry Cc: '[EMAIL PROTECTED]'; Menghani, Mahesh; Wieneke, Myron; Ayres, Matt Subject: Re: --execute option On Mon, Feb 12

Re: --execute option

2001-02-13 Thread Dave Dykstra
On Mon, Feb 12, 2001 at 02:37:44PM -0500, Wrieth, Henry wrote: > Regarding the secrets file: > All hosts I distribute to are either internal or in some DMZ. In most Wall > Street firms the internal network is deemed safe so, it is still ok to have > clear passwords on the wire. We telnet everywh

RE: --execute option

2001-02-12 Thread Noel L Yap
[EMAIL PROTECTED] on 2001.02.12 14:37:44 >Regarding ssh alternative to --execute: >Yes there are several reasons I would prefer --execute than ssh. First, >without going into any details ssh will not be permissioned through my >security infrastructure. second, even if ssh were an option I wo

RE: --execute option

2001-02-12 Thread Wrieth, Henry
why not use it. --Henry -Original Message- From: Dave Dykstra [mailto:[EMAIL PROTECTED]] Sent: Monday, February 12, 2001 1:22 PM To: Wrieth, Henry Cc: '[EMAIL PROTECTED]' Subject: Re: --execute option I'm not going to comment on your entire message, just pieces of it: On M

Re: --execute option

2001-02-12 Thread Pierre Abbat
On Mon, 12 Feb 2001, Dave Dykstra wrote: >The reason why the password is in the clear in the secrets file is not an >antique idea: it avoids having to send the passwords in the clear over the >network, which you cannot avoid with native OS usernames and passords >unless you use encryption like SSH

Re: --execute option

2001-02-12 Thread Dave Dykstra
enables using it as a key for a random number challenge- response which rsync does behind the scenes. > --execute > Once we have child daemons securely spawning as normal users we can have no > worries about adding an --execute option. I say this because we are not > granting any new

--execute option

2001-02-12 Thread Wrieth, Henry
Hello All, Last week I posted a question about a potential '--execute' option . Dave Dykstra replied and pointed me to a 2 year old thread on the topic. I would like to revive the discussion and add my own comments on the current rsync security model, user authentication a