[prev in list] [next in list] [prev in thread] [next in thread] 

List:       amanda-hackers
Subject:    Re: Security API/SSH
From:       Alexandre Oliva <oliva () dcc ! unicamp ! br>
Date:       1999-01-11 16:58:55
[Download RAW message or body]

On Jan  4, 1999, "Jeroen Ruigrok van der Werven" <ruigrjer@start.nl> wrote:

> in conffile.c there are two dumptype_defaults which implement
> BSD-AUTH and KRB4-AUTH, is this the place where I should add
> SSH-AUTH? Or are we going to abstract the AUTHs away from the
> dumptypes?

It might be a good idea to define hosts, with some properties, and
then disks, with other properties.  All disks from the same host
should use the same authentication mechanism, but some disks might use 
encryption, others not.  But this would require a major overhaul in
disklist handling.

> Also, the old snapshot tries to include krb4 authentication, and
> krb5 is included (well at least the source file), and krb4
> isn't... Oversight I'm sure ; )

I think the `4' in `krb4' stands for `>=4', for historical reasons.

> Also security.c can't be a wrapper for Kerberos security anymore as
> it will include multiple authentication models, so I'd suggest to
> change the line under $Id$ to something more descriptive.

Go ahead!

> Btw, krb4 is available as Athena outside the US of A, so support for
> that might be needed as well...

But the current implementation of krb security for Amanda isn't,
unless you start a clean-room implementation.  The existing one can't
be exported from the U.S. :-(

-- 
Alexandre Oliva  http://www.dcc.unicamp.br/~oliva  aoliva@{acm.org}
oliva@{dcc.unicamp.br,gnu.org,egcs.cygnus.com,samba.org}
Universidade Estadual de Campinas, SP, Brasil

[prev in list] [next in list] [prev in thread] [next in thread]