How To:Configure bsdtcp authentication: Difference between revisions
No edit summary |
(added inetd.conf example) |
||
Line 85: | Line 85: | ||
disable = no | disable = no | ||
} | } | ||
=inetd.conf example= | |||
When using ''inetd'', the ''only_from'' variable is controlled by your ''hosts.allow'' file on the local system. The example below assumes: user=amanda and auth=bsd. | |||
amanda dgram udp wait amanda /usr/local/libexec/amandad amandad -auth=bsd amdump amindexd amidxtaped | |||
amandaidx stream tcp nowait amanda /usr/local/libexec/amindexd amindexd -auth=bsd amdump amindexd amidxtaped | |||
amidxtape stream tcp nowait amanda /usr/local/libexec/amidxtaped amidxtaped -auth=bsd amdump amindexd amidxtaped | |||
=.amandahosts configuration file changes= | =.amandahosts configuration file changes= |
Revision as of 21:21, 6 November 2006
These configuration file are valid only Amanda 2.5.1 or later releases.
xinetd/inetd configuration file changes
Amandad (Amanda client process) must be configured correctly as xinetd or inetd server on each Amanda client. This configuration is necessary for backup process - amdump.
Template for /etc/xinet.d/amanda file
service amanda { only_from = <Amanda server> socket_type = dgram protocol = udp wait = yes user = <amanda backup user> group = <amanda backup user group id> groups = yes server = <absolute path to amandad> server_args = -auth=bsd amdump disable = no }
Example xinetd.d amanda client service file with backup user - amandabackup
service amanda { only_from = amandaserver.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump disable = no }
Amanda server (tape server) can be also configured to use "bsd" authentication for restore process - amrecover command. The server_args on the xinetd service entry on the server should include amindexd and amidxtaped. The only_from line should include all clients that can do recovery.
Example of xinetd server entry that used bsd and can do both backup as well as recovery
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsd amdump amindexd amidxtaped disable = no }
The bsdtcp authentication requires different xinetd/inetd service entries. The protocol will be tcp. An example bsdtcp authentication xinetd service entry for a machine that can do both backup and recovery (differences with bsd authentication entry is highlighted):
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = stream protocol = tcp wait = no user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdtcp amdump amindexd amidxtaped disable = no }
The bsdudp authentication requires minor modification to xinetd service entry. An example showing differences with bsd authentication entry:
service amanda { only_from = amandaserver.company.com amandaclient.company.com socket_type = dgram protocol = udp wait = yes user = amandabackup group = disk groups = yes server = /usr/lib/amanda/amandad server_args = -auth=bsdudp amdump amindexd amidxtaped disable = no }
inetd.conf example
When using inetd, the only_from variable is controlled by your hosts.allow file on the local system. The example below assumes: user=amanda and auth=bsd.
amanda dgram udp wait amanda /usr/local/libexec/amandad amandad -auth=bsd amdump amindexd amidxtaped amandaidx stream tcp nowait amanda /usr/local/libexec/amindexd amindexd -auth=bsd amdump amindexd amidxtaped amidxtape stream tcp nowait amanda /usr/local/libexec/amidxtaped amidxtaped -auth=bsd amdump amindexd amidxtaped
.amandahosts configuration file changes
The .amandahosts file is located in the home directory of the backup user (For example: /var/lib/amanda). This file should be readable and writable only by the backup user.
The format of .amandahosts is
<FQDN of the server> <backup user> <service(s)>
FQDN is fully qualified domain name. The server can contact the local machine as backup server to perform the service(s).
Example: The .amandahosts file on the Amanda client should have
amandaserver.company.com amandabackup amdump
The .amandahosts file on the Amanda server should have
amandaclient1.company.com root amindexd amidxtaped