Will rsync adopt Kerberos integration?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Will rsync adopt Kerberos integration?

Rob Straughan

Will rsync adopt Kerberos/GSSAPI integration?  It would be really good if we could establish password-less connections that adhere to user permissions.

I am aware there is a patched version of rsync for this purpose, but it seems to run a few versions behind the main releases.  Are there any plans to incorporate the work done there into the main release? (see http://jrds.fr/rsynck for patch)

At the moment, I am using the following script as a cron job:


kinit -k -t /etc/rsync.keytab $1
rsync -aHAXxv --numeric-ids --delete --progress -e "ssh -p $2 -T -c arcfour -o Compression=no -x" $3 $1@$4

Where a command might look like:

sudo ./myscript <principal> <port> <source> <host@destination>

This works for the purposes of creating a Kerberized connection over which the backup can take place, and will adhere to all user access controls.  The downsides are that the tunnel is encrypted and is slow (terrabytes over gigabit ethernet takes a while), and also requires that the principal's posixAccount have a valid homeDirectory and loginShell to establish the ssh tunnel rather than being a non-interactive service account.

It would be really good if we could use the rsync + rsyncd approach with a connection that can pass user credentials through using an established central security infrastructure.


Please use reply-all for most replies to avoid omitting the mailing list.
To unsubscribe or change options: https://lists.samba.org/mailman/listinfo/rsync
Before posting, read: http://www.catb.org/~esr/faqs/smart-questions.html