On Tue, Feb 13, 2001 at 12:45:34PM -0500, Wrieth, Henry wrote:
> > In general I think the rsync daemon was designed to
> > be a read-only server with a small amount of support
> > for uploading, and if complex uploading and
> > authentication is needed then there are other tools
> > that can s
riginal Message-
From: Dave Dykstra [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 12:37 PM
To: Wrieth, Henry
Cc: '[EMAIL PROTECTED]'
Subject: Re: --execute option
On Tue, Feb 13, 2001 at 12:11:17PM -0500, Wrieth, Henry wrote:
> Dave, Thanks for your comments. Unfo
On Tue, Feb 13, 2001 at 12:11:17PM -0500, Wrieth, Henry wrote:
> Dave, Thanks for your comments. Unfortunately, rsh is not an option, thus
> my desire for --execute. Rsh is not allowed through my firewalls into the
> dmz's where many of my targets live. A dist daemon in the dmz, reachable by
>
ng it in the rsync daemon.
--Henry
-Original Message-
From: Dave Dykstra [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, February 13, 2001 10:38 AM
To: Wrieth, Henry
Cc: '[EMAIL PROTECTED]'; Menghani, Mahesh; Wieneke, Myron; Ayres,
Matt
Subject: Re: --execute option
On Mon, Feb 12
On Mon, Feb 12, 2001 at 02:37:44PM -0500, Wrieth, Henry wrote:
> Regarding the secrets file:
> All hosts I distribute to are either internal or in some DMZ. In most Wall
> Street firms the internal network is deemed safe so, it is still ok to have
> clear passwords on the wire. We telnet everywh
[EMAIL PROTECTED] on 2001.02.12 14:37:44
>Regarding ssh alternative to --execute:
>Yes there are several reasons I would prefer --execute than ssh. First,
>without going into any details ssh will not be permissioned through my
>security infrastructure. second, even if ssh were an option I wo
why not use it.
--Henry
-Original Message-
From: Dave Dykstra [mailto:[EMAIL PROTECTED]]
Sent: Monday, February 12, 2001 1:22 PM
To: Wrieth, Henry
Cc: '[EMAIL PROTECTED]'
Subject: Re: --execute option
I'm not going to comment on your entire message, just pieces of it:
On M
On Mon, 12 Feb 2001, Dave Dykstra wrote:
>The reason why the password is in the clear in the secrets file is not an
>antique idea: it avoids having to send the passwords in the clear over the
>network, which you cannot avoid with native OS usernames and passords
>unless you use encryption like SSH
enables using it as a key for a random number challenge-
response which rsync does behind the scenes.
> --execute
> Once we have child daemons securely spawning as normal users we can have no
> worries about adding an --execute option. I say this because we are not
> granting any new
Hello All,
Last week I posted a question about a potential '--execute' option . Dave
Dykstra replied and pointed me to a 2 year old thread on the topic. I would
like to revive the discussion and add my own comments on the current rsync
security model, user authentication a
10 matches
Mail list logo