2 Chapter 17. How to use different auth with Amanda
3 Prev Part III. HOWTOs Next
5 -------------------------------------------------------------------------------
7 Chapter 17. How to use different auth with Amanda
12 Original text;XML-conversion;Updates
14 <martinea@iro.umontreal.ca>
43 Refer to http://www.amanda.org/docs/howto-auth.html for the current version of
45 This document covers the use of the auth in Amanda 2.5.1 and higher.
52 You must configure amanda with --with-bsd-security and --with-amandahosts.
53 The xinetd.d/amanda file on the client:
64 server = /path/to/amandad
65 server_args = -auth=bsd amdump
69 The only_from line should list your tape server ip address.
70 The ~amanda/.amandahosts file on the client:
72 tapeserver.fqdn amanda amdump
74 If you want to also enable amindexd and amidxtaped, you must change the
75 server_args line in the xinetd.d/amanda file on the tape server:
77 server_args = -auth=bsd amdump amindexd amidxtaped
79 The only_from line should list all machine that can use amdump/amrecover. It's
80 the .amandahosts that will limit which client can use amdump/amindexd/
82 The ~amanda/.amandahosts file on the tape server must have a line for each
85 clientmachine1 amanda amindexd amidxtaped
86 clientmachine2 amanda amindexd amidxtaped
91 Like bsd but you must configure amanda with --with-bsdtcp-security and --with-
92 amandahosts and do 4 changes in the xinetd.d/amanda file:
97 server_args = -auth=bsdtcp amdump
102 Like bsd but you must configure amanda with --with-bsdudp-security and --with-
103 amandahosts and do 1 change in the xinetd.d/amanda file:
105 server_args = -auth=bsdudp amdump
110 You must configure amanda with --with-krb4-security.
114 You must configure amanda with --with-krb5-security.
118 You must configure amanda with --with-rsh-security.
119 It's your system that should allow your server user to rsh to your client user.
120 If your server username and client username are different, you must add the
121 client_username option in all DLE for that host.
123 client_username "client_username"
125 If your server amandad path and client amandad path are different, you must set
126 the amandad_path option in all DLE for that hosts.
128 amandad_path "client/amandad/path"
133 You must configure amanda with --with-ssh-security.
137 You must create an ssh key for your server. In this example, the key is put in
138 the id_rsa_amdump file:
141 Enter file in which to save the key (/home/amanda/.ssh/id_rsa)? /home/
142 amanda/.ssh/id_rsa_amdump
144 You must set the ssh_keys option in all DLE for that host:
146 ssh_keys "/home/amanda/.ssh/id_rsa_amdump"
148 You mush append the /home/amanda/.ssh/id_rsa_amdump.pub file to the .ssh/
149 authorized_keys file of all client host.
150 For security reason, you must prepend the line with the following:
152 from="tape_server_fqdn_name",no-port-forwarding,no-X11-forwarding,no-agent-
153 forwarding,command="/path/to/amandad -auth=ssh amdump"
155 That will limit that key to connect only from your server and only be able to
157 Like rsh if your server username and client username are different, you must
158 add the client_username option in all DLE for that host:
160 client_username "client_username"
162 Like rsh, if your server amandad path and client amandad path are different,
163 you must set the amandad_path option in all DLE for that hosts:
165 amandad_path "client/amandad/path"
170 You must create an ssh key for root on all clients that can use amrecover. In
171 this example, the key is put in the /root/.ssh/id_ rsa_amrecover file:
175 Enter file in which to save the key (/root/.ssh/id_rsa)? /root/.ssh/
178 You must set the ssh_keys option in the amanda_client.conf file
180 ssh_keys "/root/.ssh/id_rsa_amrecover"
182 You mush append all client /home/root/.ssh/id_rsa_amrecover.pub file to the /
183 home/amanda/.ssh/authorized_keys of the server.
184 For security reason, you must prefix all lines with the following:
186 from="aclient_fqdn_name",no-port-forwarding,no-X11-forwarding,no-agent-
187 forwarding,command="/path/to/amandad -auth=ssh amindexd amidxtaped"
189 That will limit every client key to connect from the client and only be able to
191 -------------------------------------------------------------------------------
194 Chapter 16. How to do Amanda-server-side Home Part IV. Various Information
195 gpg-encrypted backups.