2 Amanda 2.4.0 - KERBEROS v4 SUPPORT NOTES
4 Note that kerberos 5 isn't supported. [yet]
6 NOTE: encrypted dumps are rumored not to work in the 2.4.0b4 beta
7 release of amanda. Hopefully they'll be fixed by the 2.4.0
10 0. GETTING THE SOURCE FILES
12 The Kerberos-related Amanda source code is available in a separate,
13 export restricted, package. US sites can follow the instructions in
14 KERBEROS.HOW-TO-GET on ftp.amanda.org in the /pub/amanda directory.
18 The configure script defaults to:
20 # define SERVER_HOST_PRINCIPLE "amanda"
21 # define SERVER_HOST_INSTANCE ""
22 # define SERVER_HOST_KEY_FILE "/.amanda"
24 # define CLIENT_HOST_PRINCIPLE "rcmd"
25 # define CLIENT_HOST_INSTANCE HOSTNAME_INSTANCE
26 # define CLIENT_HOST_KEY_FILE KEYFILE
28 # define TICKET_LIFETIME 128
30 you can override these with configure options if you so desire, with:
32 --with-server-principal=ARG server host principal [amanda]
33 --with-server-instance=ARG server host instance []
34 --with-server-keyfile=ARG server host key file [/.amanda]
35 --with-client-principal=ARG client host principal [rcmd]
36 --with-client-instance=ARG client host instance [HOSTNAME_INSTANCE]
37 --with-client-keyfile=ARG client host key file [KEYFILE]
38 --with-ticket-lifetime=ARG ticket lifetime [128]
40 The configure script will automatically include kerberos if you
41 followed the directions in step 0. It'll search under /usr/kerberos/lib,
42 /usr/cygnus/lib, /usr/lib, and /opt/kerberos/lib for libkrb.a.
43 (in that order) for the kerberos bits. If it finds them, kerberos
44 support will be added in, if it doesn't, it won't. If the kerberos
45 bits are found under some other hierarchy, you can specify this
46 via the --with-krb4=DIR, where DIR is where the kerberos bits live.
47 It'll look under the 'lib' directory under this hierarchy for
52 The kerberized Amanda service uses a different port on the client hosts.
53 The /etc/services line is:
57 And the /etc/inetd.conf line is:
59 kamanda dgram udp wait root /usr/local/libexec/amanda/amandad amandad -krb4
61 Note that you're running this as root, rather than as your dump user.
62 Amanda will set it's uid down to the dump user at times it doesn't need
63 to read the srvtab file, and give up root permissions entirely before
64 it goes off and runs dump. Alternately you can change your srvtab files
65 to be readable by user amanda.
69 With KRB4_SECURITY defined, there are two new dumptype options:
71 krb4-auth use krb4 auth for this host
72 (you can mingle krb hosts & bsd .rhosts in one conf)
73 kencrypt encrypt this filesystem over the net using the krb4
74 session key. About 2x slower. Good for those root
75 partitions containing your keyfiles. Don't want to
76 give away the keys to an ethernet sniffer!