Installation

Apply the patch

cd rsync-3.0.3
bunzip2 < rsync-3.0.3.diff.bz2 | patch -p1

configuration and compilation

./configure --with-gssapi
make
make install

change the rsyncd.conf

In every module you want to protect, add the line :

use gssapi = yes

and change the user to the full principal name. For example : 

[opensolaris]
    use gssapi = yes
    auth users = fbacchella@ASYD.NET

Usage with MIT Kerberos

The service for krsync is rsync, so you should create a principale and then save the keytab 

kadmin
add_principal -randkey rsync/devel.asyd.net
ktadd -k /etc/rsync/rsync.keytab  rsync/devel.asyd.net
quit
chmod 400 /etc/rsync/rsync.keytab
chown rsync:rsync /etc/rsync/rsync.keytab
and start rsyncd with the good keytab 
KRB5_KTNAME=/etc/rsync/rsync.keytab rsyncd

To use krsync as a user, don't forget to do a kinit to get your kerberos principal if it's not already done and enjoy the full power of kerberos SSO. You can check your principal with the command klist.

Version 21.1 last modified by Fabrice Bacchella on 01/09/2008 at 01:09

Comments 0

No comments for this document

Attachments 0

No attachments for this document
 
Quick Links
Projects
Creator: Fabrice Bacchella on 2008/08/31 13:04
This wiki is licensed under a Creative Commons license
1.4.1.10194