.PP
When Amanda is built, a username is specified with the
\fB\-\-with\-user\fR
-option\&. Most Amanda processes run under this user\*(Aqs identity, to minimize security risks\&. In binary distributions, this username is usually one of \*(Aqamanda\*(Aq, \*(Aqamandabackup\*(Aq, or \*(Aqbackup\*(Aq\&. The examples below use \*(Aqamandabackup\*(Aq since it is unambiguous\&. You may need to adjust accordingly for your system\&.
+option\&. Most Amanda processes run under this user\*(Aqs identity, to minimize security risks\&. In binary distributions, this username is usually one of \*(Aqamanda\*(Aq, \*(Aqbackup\*(Aq, or \*(Aqbackup\*(Aq\&. The examples below use \*(Aqbackup\*(Aq since it is unambiguous\&. You may need to adjust accordingly for your system\&.
.SS "Authenticated Peer Hostnames"
.PP
Amanda\*(Aqs authentication mechanisms provide an authenticated hostname of the system on the other end of the connection, which is used to restrict access to only particular hosts\&. The degree of "authentication" performed on this hostname varies with the authentication mechanism, and is discussed below\&.
(which is equivalent to
\fBamdump\fR)\&.
.PP
-Example of the \&.amandahosts file on an Amanda client, where \*(Aqamandabackup\*(Aq is the Amanda dumpuser\&.
+Example of the \&.amandahosts file on an Amanda client, where \*(Aqbackup\*(Aq is the Amanda dumpuser\&.
.sp
.nf
- \fBamandaserver\&.example\&.com amandabackup amdump\fR
+ \fBamandaserver\&.example\&.com backup amdump\fR
.fi
.PP
Example of the \&.amandahosts file on an Amanda server
The authentication is done using \&.amandahosts files in the Amanda user\*(Aqs home directory\&. It uses UDP protocol between Amanda server and client for data and hence the number of DLEs is limited by the UDP packet size\&. It uses one TCP port to establish the connection and multiplexes all data streams using one port on the server (see PORT USAGE below)\&.
.SS "bsdtcp communication and authentication"
.PP
-The authentication is done using \&.amandahosts files in the backup user\*(Aqs (for example: amandabackup) home directory\&. It uses TCP protocol between Amanda server and client\&. On the client, two reserved ports are used\&. On the server, all data streams are multiplexed to one port (see PORT USAGE below)\&.
+The authentication is done using \&.amandahosts files in the backup user\*(Aqs (for example: backup) home directory\&. It uses TCP protocol between Amanda server and client\&. On the client, two reserved ports are used\&. On the server, all data streams are multiplexed to one port (see PORT USAGE below)\&.
.SS "USING INETD SERVER"
.PP
Template for Amanda client inetd service entry
.PP
Client example of using
\fBbsd\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda dgram udp wait amandabackup /path/to/amandad amandad \-auth=bsd amdump\fR
+\fB amanda dgram udp wait backup /path/to/amandad amandad \-auth=bsd amdump\fR
.fi
.PP
The same could be used for
.PP
Client example of using
\fBbsdtcp\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda stream tcp nowait amandabackup /path/to/amandad amandad \-auth=bsdtcp amdump\fR
+\fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump\fR
.fi
.PP
\fBamindexd\fR
.PP
Server example of using
\fBbsdtcp\fR
-authorization for inetd server given Amanda user is "amandabackup":
+authorization for inetd server given Amanda user is "backup":
.sp
.nf
-\fB amanda stream tcp nowait amandabackup /path/to/amandad amandad \-auth=bsdtcp amdump amindexd amidxtaped\fR
+\fB amanda stream tcp nowait backup /path/to/amandad amandad \-auth=bsdtcp amdump amindexd amidxtaped\fR
.fi
.PP
For Amanda version 2\&.5\&.0 and earlier, remember that neither
Example of amindexd and amidxtaped Amanda daemon services configured as their own network services for a 2\&.5\&.0 or earlier server or a newer server having 2\&.5\&.0 or earlier clients
.sp
.nf
-\fB amandaidx stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amindexd amindexd\fR
-\fB amidxtape stream tcp nowait amandabackup /usr/local/libexec/amanda/current/amidxtaped amidxtaped\fR
+\fB amandaidx stream tcp nowait backup /usr/local/libexec/amanda/current/amindexd amindexd\fR
+\fB amidxtape stream tcp nowait backup /usr/local/libexec/amanda/current/amidxtaped amidxtaped\fR
.fi
.SS "USING XINETD SERVER"
.PP
.PP
Client example of using
\fBbsd\fR
-authorization for xinetd server and for Amanda user "amandabackup":
+authorization for xinetd server and for Amanda user "backup":
.sp
.nf
service amanda
socket_type = dgram
protocol = udp
wait = yes
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
.PP
Client example of using
\fBbsdtcp\fR
-authorization for xinetd server and for Amanda user "amandabackup":
+authorization for xinetd server and for Amanda user "backup":
.sp
.nf
service amanda
socket_type = stream
protocol = tcp
wait = no
- user = amandabackup
+ user = backup
group = disk
groups = yes
server = /path/to/amandad
define dumptype rsh_example {
\&.\&.\&.
auth "rsh"
- client\-username "amandabackup"
+ client\-username "backup"
amandad\-path "/usr/lib/exec/amandad"
\&.\&.\&.
}
Enable SSH authentication and set the \fBssh\-keys\fR option in all DLEs for that host by adding the following to the DLE itself or to the corresponding dumptype in amanda\&.conf:
auth "ssh"
- ssh\-keys "/home/amandabackup/\&.ssh/id_rsa_amdump"
+ ssh\-keys "/home/backup/\&.ssh/id_rsa_amdump"
\fBssh\-keys\fR is the path to the private key on the client\&. If the username to which Amanda should connect is different from the default, then you should also add