I juste posted my patch against the last release, with a mini HOWTO
here :
http://devel.asyd.net/xwiki/bin/view/krsync/
Le 31 août 08 à 15:46, Simo Sorce a écrit :
On Sat, 2008-08-30 at 17:09 +0200, Bacchella Fabrice wrote:
Yes, I do totally agree. But the keytab is a pure kerberos thing,
On Sat, 2008-08-30 at 17:09 +0200, Bacchella Fabrice wrote:
> Yes, I do totally agree. But the keytab is a pure kerberos thing, so
> how can it be specified using gssapi ? MIT-Kerberos use environnement
> variable for example. How do others ?
Usually setting the environment variable is the u
Le 30 août 08 à 16:33, Simo Sorce a écrit :
If the permissions on the file is strict and allow access only to the
respective http and ftp user it means that compromise of one service
does not allow to get access to the keytab of another service.
Ok, that's me point I missed about that the pr
They are used to identify a specific service on a machine.
using a different prefix you end up with a different principal name.
For example: HTTP/[EMAIL PROTECTED] and
FTP/[EMAIL PROTECTED]
Different principal names means different kerberos secrets, and the
possibility to use different kerberos ke
Ok, that's really a question for which I have no answer. Do you have
any links that explain the purpose of host/ nfs/ and all ? I don't see
exactly what are there for.
Le 30 août 08 à 07:00, Simo Sorce a écrit :
Reading your patch, one quick comment.
It seem to me you define host/ in RSYN
Reading your patch, one quick comment.
It seem to me you define host/ in RSYNC_GSS_SERVICE, wouldn't it be
better to have an rsync specific service principal like:
rsync/[EMAIL PROTECTED] ?
The host principal should not be abused and it is good practice to have
your own service (and therefore a s
Indeed. Thanks for the type about git.
The diffs against 3.0.3 & git :
rsync-3.0.3.diff.bz2
Description: application/bzip2
rsync-git.diff.bz2
Description: application/bzip2
Le 30 août 08 à 01:02, Matt McCutchen a écrit :
On Fri, 2008-08-29 at 18:50 +0200, Bacchella Fabrice wrote:
S
On Fri, 2008-08-29 at 18:50 +0200, Bacchella Fabrice wrote:
> Still working on my gss patch.
Please remember to attach the updated patch!
To generate a single diff, you can "git add" the files you added/changed
and then run "git diff HEAD". You could also look into maintaining a
git repository c
Still working on my gss patch.
Here a more polished patch against rsync-3.0.3. It should work out of
the box.
I tested it on Solaris 10 x86 (64 bits compilation), Mac OS 10.5 (32
but not 64 bits), Linux (Gentoo with MIT Kerberos 64 bits).
To use it :
add this to your module configuration
Le 26 août 08 à 04:03, Wayne Davison a écrit :
On Mon, Aug 25, 2008 at 06:58:38PM +0200, Bacchella Fabrice wrote:
This patch only add gssapi authentication, I wanted it to be simple
and
fast to code.
Thanks! I've saved it off and will give it a look soon.
Please fell free to send back a
On Mon, Aug 25, 2008 at 06:58:38PM +0200, Bacchella Fabrice wrote:
> This patch only add gssapi authentication, I wanted it to be simple and
> fast to code.
Thanks! I've saved it off and will give it a look soon.
..wayne..
--
Please use reply-all for most replies to avoid omitting the mailing
Le 22 août 08 à 19:24, Simo Sorce a écrit :
On Fri, 2008-08-22 at 17:57 +0200, Bacchella Fabrice wrote:
I would like to use gssapi authentication in rsync. GSSAPI is the
standard way to use kerberos.
Any help and advice is welcome.
If you can use ssh then use ssh+GSSAPI auth and you wil
On Fri, 2008-08-22 at 17:57 +0200, Bacchella Fabrice wrote:
> I would like to use gssapi authentication in rsync. GSSAPI is the
> standard way to use kerberos.
>
> My idea is not too have a full pam implementation, juste a different
> way to authenticate users than the secret file and md4 chal
Le 22 août 08 à 19:24, Simo Sorce a écrit :
If you can use ssh then use ssh+GSSAPI auth and you will have to
change
nothing.
I'm already using that solution. But the cost in performance is very
high, more than just the CPU needed to encrypt and decrypt.--
Please use reply-all for most r
I would like to use gssapi authentication in rsync. GSSAPI is the
standard way to use kerberos.
My idea is not too have a full pam implementation, juste a different
way to authenticate users than the secret file and md4 challenge.
I made a little experiment and it worked well.
What I've do
15 matches
Mail list logo
