|
|
| (5 intermediate revisions by 3 users not shown) |
| Line 1: |
Line 1: |
| Amanda (release 2.5.1) supports "bsd", "bsdudp", "bsdtcp", "ssh" and kerberos authentication between Amanda server (also called tape server) and the client. The authentication is used for backup process ([[amdump]]) as well as recovery process ([[amrecover]]).
| | See {{man|7|amanda-auth}} for details. |
| | |
| ===bsd authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' file in the backup user's (for example: amandabackup) home directory. The protocol between Amanda server and client is UDP. The number of disk list entries (DLEs) - Number of Amanda clients, is limited by size of UDP packet size. This authentication protocol will use different port for each data stream.
| |
| | |
| ===bsdudp authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' files in the backup user's (for example: amandabackup) home directory. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by UDP packet size. It uses one TCP port to establish the connection and multipexes all data streams using one port on the server.
| |
| | |
| ===bsdtcp authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' files in the backup user's (for example: amandabackup) home directory. It uses TCP protocol between Amanda server and client. On the client, two reserved ports are used. On the server, all data streams are multiplexed to one port.
| |
| | |
| ===Kereberos authentication===
| |
| | |
| Amanda support Kereberos 4 and 5 authentication between Amanda server and client. Kerberos 4 uses UDP protocol and the number of DLEs is limited by UDP packet size. Kerberos 5 uses TCP and the server uses only one TCP port and data streams are multiplexed to this port.
| |
| | |
| ===SSH authentication===
| |
| | |
| Amanda client sends data to the server using SSH. SSH keys have to be set up so that Amanda server can communicate with clients using SSH.
| |
| | |
| ===RSH authentication===
| |
| | |
| The Amanda server communicates using rsh protocol to the client. It communicates as backup user (for example: amandabackup).
| |
| | |
| Each Amanda client communicates with server using one TCP port and all data streams from the client are multiplexed over one port. The number of Amanda clients is limited by the number of reserved ports available for Amanda server. Some versions of rsh does not use reserved port and so, this restriction is not valid.
| |
| | |
| ==Build options==
| |
| | |
| If you are building from source RPMs or tar ball, you can configure the set of authentication methods.
| |
| | |
| {| border="1" style="background:white; color:black" | |
| !Authentication!!Configure option
| |
| |- | |
| |bsd||--with-bsd-security --with-amandahosts
| |
| |-
| |
| |bsdtcp||--with-bsdtcp-security --with-amandahosts
| |
| |-
| |
| |bsdudp||--with-bsdudp-security --with-amandahosts
| |
| |-
| |
| |krb4||--with-krb4-security
| |
| |-
| |
| |krb5||--with-krb5-security
| |
| |-
| |
| |rsh||--with-rsh-security
| |
| |-
| |
| |ssh||--with-ssh-security
| |
| |}
| |
| | |
| ==Configuration==
| |
| | |
| Authentication protocol to be used between Amanda server and client is configured using ''auth'' parameter in dumptype definition. See [[amanda.conf]](5) man page for more information on the field.
| |
| | |
| * [[Configuring bsd/bsdudp/bsdtcp authentication]]
| |
| * [[Configuring rsh authentication]]
| |
| * [[Configuring SSH authentication]]
| |
| * [[Kerberos authentication]]
| |
| | |
| ==Ports used==
| |
| | |
| {| border="1" style="background:white; color:black"
| |
| !Authentication!!Protocol!!Amanda server!!Amanda client
| |
| |-
| |
| |bsd||udp||one reserved port per amanda process (--with-udpportrange)||10080
| |
| |-
| |
| |||tcp||one unreserved port (--with-tcpportrange)||3 unreserved ports per DLE (--with-tcpportrange)
| |
| |-
| |
| |bsdudp||udp||one reserved port per amanda process (--with-udpportrange)||10080
| |
| |-
| |
| |||tcp||one unreserved port (-with-tcpportrange)|| 1 unreserved port per DLE (--with-tcpportrange)
| |
| |-
| |
| |bsdtcp||tcp||one reserved port per amanda process (--with-low-tcpportrange)||port 10080
| |
| |}
| |