2 Chapter 17. How to use different auth with Amanda
3 Prev Part III. HOWTOs Next
5 -------------------------------------------------------------------------------
7 Chapter 17. How to use different auth with Amanda
12 Original text;XML-conversion;Updates
14 <martinea@iro.umontreal.ca>
40 This document covers the use of the auth in Amanda 2.5.1 and higher.
47 You must configure amanda with --with-bsd-security and --with-amandahosts.
48 The xinetd.d/amanda file on the client:
59 server = /path/to/amandad
60 server_args = -auth=bsd amdump
64 The only_from line should list your tape server ip address.
65 The ~amanda/.amandahosts file on the client:
67 tapeserver.fqdn amanda amdump
69 If you want to also enable amindexd and amidxtaped, you must change the
70 server_args line in the xinetd.d/amanda file on the tape server:
72 server_args = -auth=bsd amdump amindexd amidxtaped
74 The only_from line should list all machine that can use amdump/amrecover. It's
75 the .amandahosts that will limit which client can use amdump/amindexd/
77 The ~amanda/.amandahosts file on the tape server must have a line for each
80 clientmachine1 amanda amindexd amidxtaped
81 clientmachine2 amanda amindexd amidxtaped
86 Like bsd but you must configure amanda with --with-bsdtcp-security and --with-
87 amandahosts and do 4 changes in the xinetd.d/amanda file:
92 server_args = -auth=bsdtcp amdump
97 Like bsd but you must configure amanda with --with-bsdudp-security and --with-
98 amandahosts and do 1 change in the xinetd.d/amanda file:
100 server_args = -auth=bsdudp amdump
105 You must configure amanda with --with-krb4-security.
109 You must configure amanda with --with-krb5-security.
113 You must configure amanda with --with-rsh-security.
114 It's your system that should allow your server user to rsh to your client user.
115 If your server username and client username are different, you must add the
116 client_username option in all DLE for that host.
118 client_username "client_username"
120 If your server amandad path and client amandad path are different, you must set
121 the amandad_path option in all DLE for that hosts.
123 amandad_path "client/amandad/path"
128 You must configure amanda with --with-ssh-security.
132 You must create an ssh key for your server. In this example, the key is put in
133 the id_rsa_amdump file:
136 Enter file in which to save the key (/home/amanda/.ssh/id_rsa)? /home/
137 amanda/.ssh/id_rsa_amdump
139 You must set the ssh_keys option in all DLE for that host:
141 ssh_keys "/home/amanda/.ssh/id_rsa_amdump"
143 You mush append the /home/amanda/.ssh/id_rsa_amdump.pub file to the .ssh/
144 authorized_keys file of all client host.
145 For security reason, you must prepend the line with the following:
147 from="tape_server_fqdn_name",no-port-forwarding,no-X11-forwarding,no-agent-
148 forwarding,command="/path/to/amandad -auth=ssh amdump"
150 That will limit that key to connect only from your server and only be able to
152 Like rsh if your server username and client username are different, you must
153 add the client_username option in all DLE for that host:
155 client_username "client_username"
157 Like rsh, if your server amandad path and client amandad path are different,
158 you must set the amandad_path option in all DLE for that hosts:
160 amandad_path "client/amandad/path"
165 You must create an ssh key for root on all clients that can use amrecover. In
166 this example, the key is put in the /root/.ssh/id_ rsa_amrecover file:
170 Enter file in which to save the key (/root/.ssh/id_rsa)? /root/.ssh/
173 You must set the ssh_keys option in the amanda_client.conf file
175 ssh_keys "/root/.ssh/id_rsa_amrecover"
177 You mush append all client /home/root/.ssh/id_rsa_amrecover.pub file to the /
178 home/amanda/.ssh/authorized_keys of the server.
179 For security reason, you must prefix all lines with the following:
181 from="aclient_fqdn_name",no-port-forwarding,no-X11-forwarding,no-agent-
182 forwarding,command="/path/to/amandad -auth=ssh amindexd amidxtaped"
184 That will limit every client key to connect from the client and only be able to
189 Refer to http://www.amanda.org/docs/howto-auth.html for the current version of
191 -------------------------------------------------------------------------------
194 Chapter 16. How to do Amanda-server-side Home Part IV. Various Information
195 gpg-encrypted backups.