I have made some tests - ok it works - but I wonder why the key
autentication method is allowed only to root user
> -localauth
> All butc RPCs require superuser authentication.
> This option must be run as root, and server key material must be present.
Our backup scripts, which have been running on a dedicated server for
many years, run under a dedicated user with administrative powers.
Why the availability of a admin token is not sufficient to run butc in a
secure way?
Giovanni
On 13/09/2018 22:51, Mark Vitale wrote:
On Sep 13, 2018, at 2:37 PM, Jeffrey Altman <[email protected]> wrote:
<snip>
In the case of OPENAFS-SA-2018-001.txt, both 'butc' and 'backup' (or
'afsbackup' as it is installed on some systems) must be at least:
* AuriStorFS v0.175
* OpenAFS 1.8.2
* OpenAFS 1.6.23
<snip>
As of the releases above, the 'butc' service (by default) will not only
accept authenticated connections but will require that the authenticated
identity be a super-user as reported by the butc host's "bos listusers"
command.
A small correction: the OpenAFS 'butc' does not do this by default.
Instead, it forces the operator to specify one of the following options:
-localauth
All butc RPCs require superuser authentication.
This option must be run as root, and server key material must be present.
-allow_unauthenticated
All butc RPCs remain unauthenticated.
Regards,
--
Mark Vitale
[email protected]
--
Giovanni Bracco
phone +39 351 8804788
E-mail [email protected]
WWW http://www.afs.enea.it/bracco
_______________________________________________
OpenAFS-info mailing list
[email protected]
https://lists.openafs.org/mailman/listinfo/openafs-info
