|
|
| Line 1: |
Line 1: |
| {{XXX|Dustin|Needs some TLC, merging with other related articles}}
| | See {{man|7|amanda-auth}} for details. |
| Amanda (release 2.5.1) supports "bsd", "bsdudp", "bsdtcp", "ssh" and kerberos authentication between Amanda server (also called tape server) and the client. The authentication is used for backup process ({{man|8|amdump}}) as well as recovery process ({{man|8|amrecover}}).
| |
| | |
| ===bsd authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' file in the backup user's (for example: amandabackup) home directory. The protocol between Amanda server and client is UDP. The number of disk list entries (DLEs) - Number of Amanda clients, is limited by size of UDP packet size. This authentication protocol will use different port for each data stream.
| |
| | |
| ===bsdudp authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' files in the backup user's (for example: amandabackup) home directory. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by UDP packet size. It uses one TCP port to establish the connection and multipexes all data streams using one port on the server.
| |
| | |
| ===bsdtcp authentication===
| |
| | |
| The authentication is done using ''.amandahosts'' files in the backup user's (for example: amandabackup) home directory. It uses TCP protocol between Amanda server and client. On the client, two reserved ports are used. On the server, all data streams are multiplexed to one port.
| |
| | |
| ===Kerberos authentication===
| |
| | |
| Amanda support Kerberos 4 and 5 authentication between Amanda server and client. Kerberos 4 uses UDP protocol and the number of DLEs is limited by UDP packet size. Kerberos 5 uses TCP and the server uses only one TCP port and data streams are multiplexed to this port.
| |
| | |
| ===SSH authentication===
| |
| | |
| Amanda client sends data to the server using SSH. SSH keys have to be set up so that Amanda server can communicate with clients using SSH.
| |
| | |
| ===RSH authentication===
| |
| | |
| The Amanda server communicates using rsh protocol to the client. It communicates as backup user (for example: amandabackup).
| |
| | |
| Each Amanda client communicates with server using one TCP port and all data streams from the client are multiplexed over one port. The number of Amanda clients is limited by the number of reserved ports available for Amanda server. Some versions of rsh does not use reserved port and so, this restriction is not valid.
| |
| | |
| ==Build options==
| |
| | |
| If you are building from source RPMs or tar ball, you can configure the set of authentication methods.
| |
| | |
| {| border="1" style="background:white; color:black"
| |
| !Authentication!!Configure option
| |
| |-
| |
| |bsd||--with-bsd-security --with-amandahosts
| |
| |-
| |
| |bsdtcp||--with-bsdtcp-security --with-amandahosts
| |
| |-
| |
| |bsdudp||--with-bsdudp-security --with-amandahosts
| |
| |-
| |
| |krb4||--with-krb4-security
| |
| |-
| |
| |krb5||--with-krb5-security
| |
| |-
| |
| |rsh||--with-rsh-security
| |
| |-
| |
| |ssh||--with-ssh-security
| |
| |}
| |
| | |
| ==Configuration==
| |
| | |
| Authentication protocol to be used between Amanda server and client is configured using ''auth'' parameter in dumptype definition. See {{man|8|amanda.conf}} man page for more information on the field.
| |
| | |
| * [[Configuring bsd/bsdudp/bsdtcp authentication]]
| |
| * [[Configuring rsh authentication]]
| |
| * [[How To:Set up transport encryption with SSH]]
| |
| * [[Kerberos authentication]]
| |
| | |
| ==Ports used==
| |
| | |
| List of TCP/UDP ports used by each authentication method in Amanda server and client:
| |
| (Configure options are shown in the brackets)
| |
| | |
| {| border="1" style="background:white; color:black"
| |
| !Authentication!!Protocol!!Amanda server!!Amanda client
| |
| |-
| |
| |bsd||udp||one reserved port per amanda process (--with-udpportrange)||10080
| |
| |-
| |
| |||tcp||one unreserved port (--with-tcpportrange)||3 unreserved ports per DLE (--with-tcpportrange)
| |
| |-
| |
| |bsdudp||udp||one reserved port per amanda process (--with-udpportrange)||10080
| |
| |-
| |
| |||tcp||one unreserved port (-with-tcpportrange)|| 1 unreserved port per DLE (--with-tcpportrange)
| |
| |-
| |
| |bsdtcp||tcp||one reserved port per amanda process (--with-low-tcpportrange)||port 10080
| |
| |}
| |
| | |
| | |
| Amanda server also uses two ports (dumper process) to communicate with the chunker/taper processes. These ports are in the range set by --with-tcpportrange
| |