Server/Client authentication: Difference between revisions
No edit summary |
|||
| Line 52: | Line 52: | ||
* [[Configuring bsd/bsdudp/bsdtcp authentication]] | * [[Configuring bsd/bsdudp/bsdtcp authentication]] | ||
* [[Configuring rsh authentication]] | |||
* [[Configuring SSH authentication]] | * [[Configuring SSH authentication]] | ||
* [[Kerberos authentication]] | * [[Kerberos authentication]] | ||
==Ports used== | ==Ports used== | ||
Revision as of 00:40, 20 June 2006
Amanda (release 2.5.1) supports "bsd", "bsdudp", "bsdtcp", "ssh" and kerberos authentication between Amanda server (also called tape server) and the client. The authentication is used for backup process (amdump) as well as recovery process (amrecover).
bsd authentication
The authentication is done using .amandahosts file in the backup user's (for example: amandabackup) home directory. The protocol between Amanda server and client is UDP. The number of disk list entries (DLEs) - Number of Amanda clients, is limited by size of UDP packet size. This authentication protocol will use different port for each data stream.
bsdudp authentication
The authentication is done using .amandahosts files in the backup user's (for example: amandabackup) home directory. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by UDP packet size. It uses one TCP port to establish the connection and multipexes all data streams using one port on the server.
bsdtcp authentication
The authentication is done using .amandahosts files in the backup user's (for example: amandabackup) home directory. It uses TCP protocol between Amanda server and client. On the client, two reserved ports are used. On the server, all data streams are multiplexed to one port.
Kereberos authentication
Amanda support Kereberos 4 and 5 authentication between Amanda server and client. Kerberos 4 uses UDP protocol and the number of DLEs is limited by UDP packet size. Kerberos 5 uses TCP and the server uses only one TCP port and data streams are multiplexed to this port.
SSH authentication
Amanda client sends data to the server using SSH. SSH keys have to be set up so that Amanda server can communicate with clients using SSH.
RSH authentication
The Amanda server communicates using rsh protocol to the client. It communicates as backup user (for example: amandabackup).
Each Amanda client communicates with server using one TCP port and all data streams from the client are multiplexed over one port. The number of Amanda clients is limited by the number of reserved ports available for Amanda server. Some versions of rsh does not use reserved port and so, this restriction is not valid.
Build options
If you are building from source RPMs or tar ball, you can configure the set of authentication methods.
| Authentication | Configure option |
|---|---|
| bsd | --with-bsd-security --with-amandahosts |
| bsdtcp | --with-bsdtcp-security --with-amandahosts |
| bsdudp | --with-bsdudp-security --with-amandahosts |
| krb4 | --with-krb4-security |
| krb5 | --with-krb5-security |
| rsh | --with-rsh-security |
| ssh | --with-ssh-security |
Configuration
- Configuring bsd/bsdudp/bsdtcp authentication
- Configuring rsh authentication
- Configuring SSH authentication
- Kerberos authentication