The amanda24 branch (but not yet in any release) now has working support for Kerberos 4 authentication of dump requests and encryption of dump streams.
Note that in addition to encrypting the data stream, it is important to ensure that only authorized dump servers can cause clients to send backup data. I have thought about setting up IPsec, and I think if one fixed the ports used by amanda that would be fairly easy to do in the SPD. NetBSD and racoon didn't support (at the time) dynamic SA generation from per-socket policy, which is how I first thought of doing this. -- Greg Troxel <[EMAIL PROTECTED]>