+++ /dev/null
-
-Amanda 2.4.0 - KERBEROS v4 SUPPORT NOTES
-
-Note that kerberos 5 isn't supported. [yet]
-
-NOTE: encrypted dumps are rumored not to work in the 2.4.0b4 beta
- release of amanda. Hopefully they'll be fixed by the 2.4.0
- full release.
-
-0. GETTING THE SOURCE FILES
-
-The Kerberos-related Amanda source code is available in a separate,
-export restricted, package. US sites can follow the instructions in
-KERBEROS.HOW-TO-GET on ftp.amanda.org in the /pub/amanda directory.
-
-1. CONFIGURATION
-
-The configure script defaults to:
-
-# define SERVER_HOST_PRINCIPLE "amanda"
-# define SERVER_HOST_INSTANCE ""
-# define SERVER_HOST_KEY_FILE "/.amanda"
-
-# define CLIENT_HOST_PRINCIPLE "rcmd"
-# define CLIENT_HOST_INSTANCE HOSTNAME_INSTANCE
-# define CLIENT_HOST_KEY_FILE KEYFILE
-
-# define TICKET_LIFETIME 128
-
-you can override these with configure options if you so desire, with:
-
- --with-server-principal=ARG server host principal [amanda]
- --with-server-instance=ARG server host instance []
- --with-server-keyfile=ARG server host key file [/.amanda]
- --with-client-principal=ARG client host principal [rcmd]
- --with-client-instance=ARG client host instance [HOSTNAME_INSTANCE]
- --with-client-keyfile=ARG client host key file [KEYFILE]
- --with-ticket-lifetime=ARG ticket lifetime [128]
-
-The configure script will automatically include kerberos if you
-followed the directions in step 0. It'll search under /usr/kerberos/lib,
-/usr/cygnus/lib, /usr/lib, and /opt/kerberos/lib for libkrb.a.
-(in that order) for the kerberos bits. If it finds them, kerberos
-support will be added in, if it doesn't, it won't. If the kerberos
-bits are found under some other hierarchy, you can specify this
-via the --with-krb4=DIR, where DIR is where the kerberos bits live.
-It'll look under the 'lib' directory under this hierarchy for
-libkrb.a.
-
-2. INSTALLATION
-
-The kerberized Amanda service uses a different port on the client hosts.
-The /etc/services line is:
-
- kamanda 10081/udp
-
-And the /etc/inetd.conf line is:
-
- kamanda dgram udp wait root /usr/local/libexec/amanda/amandad amandad -krb4
-
-Note that you're running this as root, rather than as your dump user.
-Amanda will set it's uid down to the dump user at times it doesn't need
-to read the srvtab file, and give up root permissions entirely before
-it goes off and runs dump. Alternately you can change your srvtab files
-to be readable by user amanda.
-
-3. CONF FILE
-
-With KRB4_SECURITY defined, there are two new dumptype options:
-
- krb4-auth use krb4 auth for this host
- (you can mingle krb hosts & bsd .rhosts in one conf)
- kencrypt encrypt this filesystem over the net using the krb4
- session key. About 2x slower. Good for those root
- partitions containing your keyfiles. Don't want to
- give away the keys to an ethernet sniffer!